locked
installed SSL but how to use it? RRS feed

  • Question

  • User1361142914 posted

    Hi,

    We have SSL installed on subdomain. We have a payment page and ths page need actually SSL. I have compied this page to subdomain and keep the original one. I can access original one (the one not in subdomain) by https://secure.domainname.com/Payment.aspx and can access to payment page in subdomain using http://secure.domainname.com/Payment.aspx.

    I think I should use the first url which starts with https.

    Could you please inform me ?

    Thursday, February 17, 2011 4:56 PM

Answers

  • User-801004448 posted

    https://www.mydomain.com and https://secure.mydomain.com are 2 different ssl sites with different ssl certificates.

    The red cross you receive could be mismatch ssl certificate when you attempt to access https://www.mydomain.com

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, February 21, 2011 1:07 AM
  • User1361142914 posted
    After configuring domain parameter of <forms/> tag in web.config I could keep same user session when navigating to "https://secure.domain.com" site from http://www.domain.com.
    <authentication mode="Forms"> <forms slidingExpiration="true" path="/" name=".domain" timeout="99999999" domain="domain.com"/> </authentication>

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, February 21, 2011 12:01 PM

All replies

  • User-2010311731 posted

    Yes, you are correct that you should use https whenever you want to use SSL.  In fact, I would recommend forcing it from the code-behind.  Here is some sample code for this...

    protected void Page_Load(object sender, EventArgs e) 
    { 
        if (HttpContext.Current.Request.IsSecureConnection == false) 
        { 
            RedirectViaHTTPS("", true); 
        } 
    } 
    public void RedirectViaHTTPS(string SomeURL, bool ReRedirectViaHTTPS) 
    { 
        string NewURL; 
        if (SomeURL == "") 
        { 
            SomeURL = Request.Url.AbsoluteUri; 
        } 
        if (ReRedirectViaHTTPS) 
        { 
            NewURL = SomeURL.Replace("http:", "https:"); 
        } 
        else 
        { 
            NewURL = SomeURL.Replace("https:", "http:"); 
        } 
        if (NewURL != SomeURL) 
        { 
            Response.Redirect(NewURL, true); 
        } 
    }

    Matt

    Thursday, February 17, 2011 5:16 PM
  • User1361142914 posted

    When I open url, https://www.mydomain.com/Payment.aspx it displays the page correctly by keeping current user session. However, firstly it asks for approve when I approve, it redirects to page and shows a red crossover on https:// So, I think client browser could not validate it.

    However, If I open https://secure.mydomain.com/Payment.aspx the current user session is lost. And all other links on the page is shown like https:/secure..... not https://www.mydomain.....But https:// word is shown in green-color and not crossed over. So I think it is validated.

    Am I correct for my inferences? Can I use https://www.mydomain.com/Payment.aspx? What should I do?

    Friday, February 18, 2011 2:38 AM
  • User-801004448 posted

    https://www.mydomain.com and https://secure.mydomain.com are 2 different ssl sites with different ssl certificates.

    The red cross you receive could be mismatch ssl certificate when you attempt to access https://www.mydomain.com

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, February 21, 2011 1:07 AM
  • User1361142914 posted
    After configuring domain parameter of <forms/> tag in web.config I could keep same user session when navigating to "https://secure.domain.com" site from http://www.domain.com.
    <authentication mode="Forms"> <forms slidingExpiration="true" path="/" name=".domain" timeout="99999999" domain="domain.com"/> </authentication>

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, February 21, 2011 12:01 PM