Doubt regarding the https protocol

Question

Doubt regarding the https protocol

Asked 7 years, 1 month ago

Viewed 52 times

5

I am setting up an Apache server in Debian.

When accessing https://.../index.php by Chrome , I have the following result:

So my doubts are:

To appear :

I necessarily need a paid certificate, or is there another way?

Not to appear the browser alert, a path would redirect the https to the http, this is possible in Apache?

1

I don’t understand the subject, but I don’t think it necessarily needs to be a paid certificate. It just needs to be a certificate that Chrome recognizes as reliable.

– Jéf Bueno

2017/08/03 at 16:19
As far as I know, free certificates can be obtained through https://letsencrypt.org.

– Murillo Goulart

2017/08/03 at 16:20
@LINQ is not enough to have a certificate, it has to be a certificate given by an authority recognized by Google for the case of Chrome.

– Oralista de Sistemas

2017/08/03 at 16:28
That’s what I meant, @Renan.

– Jéf Bueno

2017/08/03 at 16:35
1

Press F12 and have a look at the Console, it may be lack of certificate as well as it may be some HTTP Resource and not HTTPS inserted in the body of the page.

– Guilherme Nascimento

2017/08/03 at 16:44

2 answers

Browser other questions tagged apache htaccess http https

You are not signed in. Login or sign up in order to post.

by Oralista de Sistemas • **23,115** points · Answer 1 · 2017-08-03T16:26:38+00:00

Each different browser has a list of the certificates it trusts. In general, all paid certificates are considered reliable by the major browsers. For free certificates, you will have variations.

The best known of the free certifiers should be Let’s Encrypt. They have a page listing which browsers rely on your certificate.

Note that most browsers and other software rely on them. Only a few large players in the market lack confidence (such as Windows Live Mail).

To change the access protocol to your page, it is possible to do it in a very simple way. I am not an expert in Apache but with . htaccess or similar you can do a server-side redirect, that’s enough. Just note that, without https, all traffic to your site can be read by intermediaries.

by Edvaldo Silva • **541** points · Answer 2 · 2017-08-03T16:23:50+00:00

You can put a free certificate, know: Let’s Encrypt is a free, Automated, and open Certificate Authority

Install Install Let’s Encrypt to Create SSL Certificates

Setting up for Apache SSL Certificates with Apache on Debian & Ubuntu

HTTPS redirect to HTTP (.htaccess) RewriteEngine On RewriteCond %{HTTPS} on RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}