use of https only for certain pages does not work - ssl

I tried to follow the following stackoverflow answer with no luck
Use HTTPS only for certain pages in servlet based webapp
Here is what i did, created a self signed cert, installed it in tomcat, my entire website works on https. Then i followed the link above to make my login alone https. When i click on login page, the url takes to https://mywebsite.com:8443/signin.htm. I have started my SSL Connector on 443, why is it trying to connect to 8443?

The issue was the redirects in the Connector tag. In server.xml, i had 2 connector, for http(80) and https(443). But the redirect attribute in those connector was set to 8443. I think this means, when the page is on http(80), and according to web.xml we are asking it to goto secure page for example for login then it looks at redirect attribute of http(80) connector. I changed this to 443 and it worked fine.

Related

How to use SSL-certificates to call https://localhost with apache2 on Raspberry Pi

So I am currently working on a project where I use the Instagram API to get some user Data onto my Localhost webpage on the Raspberry. The API however needs secure redirect uri (https). But when the API wants do redirect to https://localhost/instagram it says
"404 Not Found The requested URL /instagram was not found on this server. Apache/2.4.25 (Raspbian) Server at localhost Port 443"
In the url-bar it says "Not secure", the https part is marked red and is crossed out. When I test my stuff on another computer which has Xampp and Apache running everything works fine and even if I type https://localhost it redirects straight to localhost.
I found out that I might need a SSL certificate in order to make use of https links even if I'm running on localhost. But I don't really know how I should do this on my raspberryPi. There are already some SSL modules enabled inside the Apache2 folder.

How to handle "non-https" (http) sites in https TYPO3 backend

We run a TYPO3 multidomain system and added https support to our TYPO3 domain [typo3domain]. All other domains still run without https support (http only).
https works perfect for [typo3domain].
Redirect of all non https request to TYPO3 backend (lockSSL) works perfect as well. [typo3domain]/typo3 redirects automatically to https://[typo3domain]/typo3
Now our problem:
If a editor [domain1] edits some content on https://[typo3domain]/typo3 and goes to page -> view page then https://[domain1] is called, but this does not work (invalid certificate), because [domain1] is a non ssl domain.
How can i fix this?
You can set the preview domain in the root page TSconfig of the non-https sites, including the protocol:
TCEMAIN.previewDomain = http://domain1
More on this option can be found here: https://docs.typo3.org/typo3cms/TSconfigReference/PageTsconfig/TceMain.html#previewdomain

SSL certificate and "www" vs non "www"

I'm being asked to redirect a website to https once an SSL certificate is installed. It's a wordpress site and this should be very easy, you simply go to settings and change the http to https, and/or install a plugin to manage everything for you and change all of the "http" in your files for "https".
The certifiate came with problems that the host fixed gradually (it wouldn't pass any test on qualys SSL Labs). However for some reason they sent me an e-mail stating that the certificate is made for the "www version of the site". this site didn't have "www" in it's address.
The non "www" version now redirects to the "www" version but I just cannot get a green padlock. Oddly enough, I did get one refreshing the page a few times and when I did it was all messed up. If I check the page source some stylesheet links for example look for the https:// no www version of the page and this is probably the problem right?
Should I just change manually all of the links in the page or ask the host not to create a certificate for a www version of this website when it didn't have that in the first place?
/* EDIT */
I get this in the console before an error for every single url in the page for images and stylesheets, etc.
Redirecting navigation because the server presented a certificate valid for www... but not for "non www version" To disable such redirects launch Chrome with the following flag: ...

ssl + nginx + apache + php: links are still displayed as http, not https

I am using VBulletin Suite 4.1.4., which is written using PHP and nginx+apache setup (nginx as the front end server and Apache as the back-end server). This is a pretty standard "nginx+apache" configuration with nginx working on port 80 and apache on port 8080. I tried to enable https support and ran into the following problem.
As I read on the web, when one uses "nginx+apache" and wants to have https, he should configure ssl only for nginx server. So, I added required lines into nginx vhost configuration
listen 443;
server_name myserver.org;
ssl on;
ssl_certificate /tmp/myserver.crt;
ssl_certificate_key /tmp/myserver.key;
When I type https://.... the vBulletin forum opens in secure connection and the lock in the right bottom corner of the browser confirms it, so it looks like my settings work. At least to some extent.
But when I bring the mouse over links on the page, these links are showed as http links, not https. So, if I want to stay in secure connection, I can of course add the letter "s" manually each time I open a new page, but normally when you open forum as https://... all displayed links should automatically change to https.
Any ideas why this does not happen?
Even the answer where the problem lies - (a) in nginx configuration, or (b) in apache configuration or (c) in vbulletin configuration would help.
Thanks in advance!
The problem is that vBulletin running on apache detects the HTTP protocol, not HTTPS. But, you can change vbulletin settings in the admin panel in the following way:
Forum URL to 'https://your-site.name'
Always use Forum URL as Base Path to 'yes'

Joomla ssl problem

I have a site on joomla and I want to make some specific pages works by secure connection ,
other by simple http connection. Is there some step-by-step manual how to setup apache and joomla for such needs.
You must create a two Apache configuration for this site. One for port 80 (http), and the other for 443 (https). In the settings menu in the admin panel to specify "ssl enabled" to the desired value.
There's a Joomla Plugin called SSL Redirect plugin by Yireo software that might simplify the setup if some parts of the site are SSL and some not.
http://joomlawebhosting.ca/joomla-15-tips/63-joomla-ssl-https-setup.html
http://www.joomlahackers.net/joomla-tutorials/how-to-setup-ssl-in-a-joomla-site.html
http://www.joomlahackers.net/virtuemart-tutorials/how-to-setup-ssl-in-virtuemart-in-a-joomla-site.html