How to turn off Server Website (SSL) in OS X Server

Discussion in 'Mac OS X Server, Xserve, and Networking' started by superjeng, Jun 18, 2015.

  1. superjeng macrumors newbie

    Joined:
    Jun 18, 2015
    #1
    Serverr.jpg
    The delete button is gray when I choose SSL, How can I close the SSL because I don't have SSL certificate. Thanks.


    Mac mini, OS X Yosemite (10.10.3), With OS X Server App
     
  2. Geeky Chimp macrumors member

    Joined:
    Jun 3, 2015
    #2
    You could remove the HTTP to HTTPS redirect on the Server Website to use the non HTTPS (HTTP) site.
    Then just don't forward HTTPS from the Internet on the router to your server?
     
  3. arozel macrumors newbie

    Joined:
    Jul 19, 2017
    #3
    Hello,
    Thanks for this answer, I the same problem here. Could you tell us how to not redirect from http to https? I do not find anything on mac server app, I am pretty much ready to hack the apache server by hand if necessary... I just do not want this secured website and there is no way to remove the 443 port access from the GUI of mac server.
    Thanks,
    A.
     
  4. kiwipeso1 Suspended

    kiwipeso1

    Joined:
    Sep 17, 2001
    Location:
    Wellington, New Zealand
    #4
    You use Let's Encrypt for a free SSL certificate, and get to keep having people visit your website.
    --- Post Merged, Jul 20, 2017 ---
    This is dumb advice. If you remove HTTPS, then google chrome and safari are both going to complain about your website being dangerous to visit to anyone who navigates to your website, and then it will advise your visitors to navigate away.
     
  5. Geeky Chimp macrumors member

    Joined:
    Jun 3, 2015
    #5
    Inside Server.app go to Websites , open "Default Website", under "Redirects" click "Edit" and remove the redirect rule to HTTPS.
    --- Post Merged, Jul 20, 2017 ---

    1. Lots of websites don't use SSL, even very large corporations. (I've just visited http://www.bbc.co.uk and didn't get any security warnings from Safari or Chrome)

    2. The OP asked how to host on HTTP rather HTTPS not where to get free SSL Certificates.
     
  6. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #6
    Using HTTPS whenever possible is indeed a good idea. However, browsers do not warn when accessing a plain HTTP site unless the user tries to enter data on that page.
     
  7. kiwipeso1 Suspended

    kiwipeso1

    Joined:
    Sep 17, 2001
    Location:
    Wellington, New Zealand
    #7
    Please continue to offer bad advice based on your opinion then, cheeky gimp.
    Obviously, the OP isn't the BBC, or are you suggesting that he is on the whitelist of well known websites ?
     
  8. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #8
    There is no whitelist of "well known websites" that don't use HTTPS. HTTP is still perfectly acceptable to any browser.
     
  9. Geeky Chimp macrumors member

    Joined:
    Jun 3, 2015
    #9
    As chrfr stated HTTP is perfectly acceptable for websites. A majority of sites still use HTTP rather than HTTPS.

    Your opinion may be that publishing on HTTP is bad advice but other people don't agree.

    Again the OP wanted HTTP not HTTPS.
     
  10. kiwipeso1 Suspended

    kiwipeso1

    Joined:
    Sep 17, 2001
    Location:
    Wellington, New Zealand
    #10
    For how many more weeks ?
    If you want to be accessed by anyone in future, you will need HTTPS to be trusted.
    --- Post Merged, Jul 28, 2017 ---
    It is not my opinion, it is the advice of the main browser companies.
    But hey, if you don't want visitors who use chrome, or safari to visit your website, continue using HTTP.
    But don't kid yourself that you are correct about what the future of the browsers will require.
     
  11. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #11
    Weeks? You're spewing misinformation. Globally requiring HTTPS is not something that will happen without plenty of advance notice.
     
  12. Geeky Chimp macrumors member

    Joined:
    Jun 3, 2015
    #12
    Both Chrome and Safari allow you to visit HTTP sites without displaying warnings.
     
  13. Mikael H macrumors 6502

    Joined:
    Sep 3, 2014
    #13
    The advance notice has been out there for almost a year by now: https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html

    Not switching to HTTPS when setting up services today is a bad thing - especially as you can get valid and automatically renewing certificates at literally no cost at all through the Let's Encrypt initiative.
    While nothing will break - yet - for static HTTP-only sites with no forms, the writing is on the wall for plain HTTP. Naturally you're right in that it's not a matter of a few weeks from the original statement of intent, but I don't think there's any way around that we're heading toward a situation where HTTP-only sites will at least look scary to casual users, or possibly even become unusable with modern browsers.
     

Share This Page