I am unsure where I should install an SSL certificate.
The client wants to put separate donation pages for events in a secure folder.
I could make a subdomain and install it there or make the whole site secure by installing it on the xyz.com/secure
I cannot seem to find a definitive advantage to one over the other. I worry about outside link problems (page errors/warnings) as well as how google crawls a secure site when only calling one secure page on a main domain or subdomain.
I notice big players seem to secure the whole domain but only let you access https pages on checking out but not under the main site domain.
What would you do and why? Is there a preferred or more accepted way?
Is there anything wrong with setting up the domain with the SSL certificate but only calling on the htttps pages when required to donate. other wise they remain on http?
Would google crawl and index the site differently?
I am a little worried about browser warning flags with going full https.
I am a little worried about browser warning flags with going full https.
What do you mean?
Is there anything wrong with setting up the domain with the SSL certificate but only calling on the htttps pages when required to donate. other wise they remain on http?
Would google crawl and index the site differently?
Yeah, kind of. I’m not sure what you hope to accomplish with this method, but your stats/analytics/gwt will be off, if you use those. Also, depending on the application you’re using, if any (CMS, etc) it may be hard to send some to one and some to another. If you’re manually doing your own htaccess I suppose you could do that, but I’m just not really sure why you’d bother?
I worry I may be opening a can of worms. The client updates the site and puts in his own content. If he links incorrectly with a social widget, mage, etc that he may cause a “this page may ccntain unsecure items…” flag.
I guess since I am new to using SSL I am a little worried. We did another site with a ssl subdomain but that causes you to duplicate all images,css, etc to that site from the main site - a real pain!
Yeah, kind of. I’m not sure what you hope to accomplish with this
method, but your stats/analytics/gwt will be off, if you use those.
Also, depending on the application you’re using, if any (CMS, etc) it
may be hard to send some to one and some to another. If you’re manually
doing your own htaccess I suppose you could do that, but I’m just not
really sure why you’d bother?
With this method I can keep utilize the relative links within the pages whether secure or not. Yet at the same time the client cannot screw it up causing any security flags in the future if I keep it http.
I looked at other albeit much larger sites like amazon.ca and they seem to keep you on http untill checkout even though you can change the address to https at any time - and I do not understand why? Also a lot of large sites seem to refrain from https until registration or checkout. Do you know why these big players do this?
Unless you’re building an app that’s in the same playing field as Amazon, I think you don’t need to worry about what they do. They do a lot of things that don’t make sense for smaller businesses or applications. The project I’m currently working on is social in nature, but I don’t base what we do off of what Facebook does - that would be a bit silly
I guess I’ve never experienced any of the problems that you have with SSL.
Anyway, that all said, if you want certain pages, just get the certificate for the domain as per norm, but then force https only on certain pages (again, with htaccess redirects). That’ll allow people to opt to browse https all over, but you can just keep using http for everything with links and such, until you hit the ecommerce page that forces https.
