Hey wheedle,
You’ll have to be a lot more descriptive than that. What issues are you having?
Thanks,
Mike
Hey Mike, it’s me again.
wheedle is both right and wrong. Here’s what I’ve noticed on all browsers.
(1) If the ssl certificate is issued by a certified CA authority (you know there are many like Comodo, Go Daddy, Verisign, Thwate etc), then WordPress HTTPS plugin successfully redirects according to the settings in the options page. This because the browser doesn’t have any issues with the SSL certificate of the website.
(2) Some people (like me) use a self-signed SSL as we only need SSL to access WP-ADMIN and not for public use. In this case, the browser doesn’t trust our SSL certificate, and the user will have to manually add our certificate to the trusted list maintained by the browser. (easier in firefox, but tougher in Chrome). Only after doing so, does the browser allow redirection from HTTPS to HTTP.
But this fails the purpose of the plugin for us. We do not want the users to see an error message that our website is not safe/trusted (like this – http://bit.ly/ncGsSE – looks awefully frightening for newbies in Chrome, and they’ll probably close the tab in no time) when they visit via HTTPS link, but that is what is happening despite using this plugin.
So, I see only three solutions here:
– plugin should enable server-side redirection. This issue is probably because the plugin uses wordpress redirection.
– or we pay a few hundred bucks a year to get an SSL certificate from a highly qualified CA authority.
– or maybe there’s another way that you might know.
I could be wrong though. But this is how I believe it is.
thanks.
Hey Aahan,
Sadly, that’s not possible. You can not use a self-signed certificate and stop that error from showing up; otherwise, ever hacker would do that. Don’t you think? The certificate check is built-in to browsers (for good reason) and can not be prevented.
Also, the redirects are server-side. That would be really silly if they weren’t.
You can use a PositiveSSL Certificate from Comodo for $49 a year, which is the one I use on my server to test the plugin with. http://www.positivessl.com/
Thanks,
Mike
Okay, thanks for your suggestion Mike. I am looking at both Comodo and Godaddy at the moment.
cheers.
I purchased my SSL certificate from Bluehost, my hosting site. Is this not a qualified authority for these?
@wheedle : Bluehost probably resells SSL certs (if I am not wrong). Anyway, it should be okay with that.
Just confirm one thing. Are you using the development version of wordpress HTTPS? (I think I had similar problems with redirection. Developmental version fixes it.)
You can download it here: http://downloads.wordpress.org/plugin/wordpress-https.zip
He still hasn’t told us what he’s having problems with. He wouldn’t be having redirection problems in only one browser.
@mike: Right.
@wheedle: You’d better explain what’s actually not working. Did you even read Mike’s reply to your question?
You'll have to be a lot more descriptive than that. What issues are you having?
just so it’s clear, I really appreciate your help… sorry if I’m coming across short. Just have a lot on my plate and not really understanding why I can’t completely get the site to be secure.
@mike I guess what I meant to say was… Is Bluehost not a certified CA authority? I bought my SSL certificate from them, because they are my hosting site, and one of the larger ones as far as I knew. And if possible I’d like to not have to purchase another certificate from someone else.
@aahan: thanks for the link to the development version. I tried to install it and my site wouldn’t load up after that… saying something about relooping? So for now I switched back to the first version I was using.
So right now I’m still at the point where all browsers I have checked on besides Google chrome give me https. Google seems to be the only that doesn’t give me the secure https
I hope this is a little mroe clear.. I am quite new to this, so if not please forgive my ignorance, I’m learning.
Hey wheedle,
If you paid for your certificate, it should be valid.
What exactly is happening when you hit your site over HTTPS? From what you’re saying, it sounds like you’re running into partially encrypted errors. If so, follow my instructions on the FAQ for identifying what’s causing the error. It should be possible to fix or remove whatever is causing issues.
Thanks,
Mike
Check what Mike suggested first…
And then, it would also be a good try to disable all plugins. If it works as it should, then enable each plugin, one by one, to find out the culprit.
@mike @aahan thanks for being patient with me and all the help… I’ll try that and let you know how it goes.
Sorry I just realized I didn’t answer your question… When i check out my site on google chrome it crosses our the https in red
@wheedle hehe! It’s nothing to worry about actually. It’s just that some of the files are being loaded via HTTP.
Check these options in WordPress HTTPS (SSL) plugin that you are already using and it should be fixed.
1. Internal HTTPS Elements – – should be checked (tick the box)
2. External HTTPS Elements – – should be checked
3. Bypass External Check – – should be UNchecked
4. Disable Automatic HTTPS – – should be UNchecked
5. Force SSL Exclusively – – should be UNchecked as well
Do that will enable HTTPS (SSL) encryption for your entire website, and should remove that crossed HTTPS mark in the browser address bar.
@mike correct me if I am wrong.
@aahan: tried that and still showing the https crossed out in red
