Security Certificate Question (on Drupal site)

Discussion in 'Web Design and Development' started by gavroche, May 30, 2014.

  1. gavroche macrumors 6502a

    gavroche

    Joined:
    Oct 25, 2007
    Location:
    Left Coast
    #1
    So i'm having a problem with my site. It stopped working (found out that the security certificate did not renew/setup properly). Sometimes the site would not load at all, others it would give an error message, and often clicking on pages caused it to give the warning box that the browser could not verify the authenticity of the site.
    So after talking to my domain hoster GoDaddy... i opted to cancel the security certificate (i'd like to have someone change my payment method from the Authorize.net Gateway link, to just a simpler Paypal module). The tech guy at GoDaddy cancelled it... and said that it should take a couple hours for the change to propagate through their servers and my site should come back up.
    It has come back up... however, clicking on some of the page links, or trying to proceed with placing an order, results in a page load error. Says that "Safari can't open the page "https://www.fleetfootcourier.com/......"
    So it's still trying to load the secure page. Is this something that should be fixed on the server side... or do I have to get a web developer to go into the site and fix links/references in the site itself?
    Help appreciated... i currently have no web page guy, the one that build my site disappeared.... :(
     
  2. ocabj macrumors 6502a

    ocabj

    Joined:
    Jul 2, 2009
    #2
    Just because you 'cancelled' (revoked) and SSL certificate, it doesn't mean your web server isn't going to stop listening on port 443. Turn off the SSL virtualhost stanzas so your webserver is only listening on port 80.

    As far as why your original SSL certificate wasn't coming up verified, it's most likely because you didn't include the GoDaddy SSL certificate chain on your webserver's configuration.
     
  3. gavroche thread starter macrumors 6502a

    gavroche

    Joined:
    Oct 25, 2007
    Location:
    Left Coast
    #3
    So as a complete website novice, is it possible for me to figure out how to.... turn off the SSL virtual host stanzas on my own?

    And yes, when the certificate auto-renewed for another year... I didn't do anything... I assumed it would just update and work on its own. I have not had anyone doing maintenance on the site for a while. Not for lack of trying... I've emailed over a dozen website companies that advertise in my area (San Diego)... outlining what I need done on my site. Haven't gotten a single response. I finally dropped by a local place in person, and talked to someone.... just have to come up with the money he wanted for the work I need done (install paypal module, install auto-fill address suggestions in my address fields).
     
  4. gavroche thread starter macrumors 6502a

    gavroche

    Joined:
    Oct 25, 2007
    Location:
    Left Coast
    #4
    So when I log in as admin, under the "Configuration" and "System" Tabs... I see the following page.

    Has a option for "enabled" and "disabled" for secured pages. It is currently set to "enabled." However, it does not let me select "disabled." Is this the right area for me to turn off references to secure pages... and if so how do i get it to let me disable it?
     

    Attached Files:

  5. ocabj macrumors 6502a

    ocabj

    Joined:
    Jul 2, 2009
    #5
    I've never used Drupal, but I'm guessing that controls whether or not it references https vs http links within the CMS, so I would assume you would use that interface to disable "secured pages". As far as why I won't let you disable in that context, you'll probably need to check the support documentation.

    And that warning in the header about a security update should probably be addressed.
     
  6. gavroche thread starter macrumors 6502a

    gavroche

    Joined:
    Oct 25, 2007
    Location:
    Left Coast
    #6
    I cant figure out a way to let me switch it to disable secure pages. However, further down in the controls is a box where you can specifically list which pages to make secure, and I removed those listed. Works ok now.

    As for the message about the security updates.... ugh. Seems like they release updates to the modules every week. Those alerts are neverending!
     

Share This Page