Forcing your Website's visitors to use the shared SSL
Occasionally our technical support is asked how to direct your website visitor’s to view your website over HTTPS. Let’s look an example:
If a visitor goes to your website using http://mydomain.com, you can force them so they will always use the shared SSL certificate. Shared SSL's are included on all Shared Hosting plans. If you’re not familiar with SSL certificates, please view our article. If you have a dedicated SSL and want to force all of your website traffic to use your dedicated SSL we have a great tutorial on that as well.
Forcing your visitors to use the Shared SSL
To force your visitors to use the shared SSL certificate that InMotion Hosting provides:
- Log into cPanel
- Go to the “Redirects” section
- Set the “type” to “Permanent (301)”
- Next to “http://(www.)” choose the domain name you want to do this for
- Enter your websites URL using the Shared SSL next to the “redirects to” field
- We recommend using the “Redirect with or without WWW” selected so that any visitor will be forced to use the SSL whether they use mydomain.com or www.mydomain.com
- Ensure “Wild Card Redirect” is checked
- Click “Add”
During this example, we used the inmotiontesting.com domain and redirected it to the secure108.inmotionhosting.com/~inmoti6
If you need further assistance please feel free to ask a question on our support center website.
We value your feedback!
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
new! - Enter your name and email address above and we will post your feedback in the comments on this page!
2013-04-07 8:08 pm
I'm curious how, or if this is different from using .htaccess as described in the 'Force a dedicated SSL' support page. Just to be clear, the end user is directed to "securexx..." from "mydomain.com" without any links in the webpage needing to be rewritten? Thanks!
2014-10-31 4:41 pm
I'm curious about the impact of this solution on the website visitor's experience.
I would like to implement "Google has said it wants all ?website owners to switch from HTTP to HTTPS to keep everyone safe on the web".
I'm trying to decide whether to go with this "free" way to implement that for the time being, or whether I need to go to the expense of getting my own SSL certificate(s) and dedicated IP address(es) - I have a few dozen domain names, with a lot of aliasing among them (e.g., mydomain.com, -.net, -.org, etc. are "parked" domains). I am not doing e-commerce yet, so I don't need PCI compliance at this time.It appears that the URLs that visitors will see in their browser's address bar wil show that long prefix (e.g. secure108.inmotionhosting.com/~inmoti6) for every web page. Is that correct?Does this method slow the visitor's response time by requiring extra data exchanges for following the redirects on every page access?
Is there anything else I need to know in order to make an intelligent choice between shared and dedicated SSL when I'm on a shared server?
2014-10-31 5:06 pm
Thank you for contacting us. These are good questions. Yes it is true, the URL visitors will see is the the Shared SSL address. For example: secure108.inmotionhosting.com/~inmoti6.
It will not slow the response times, since it is just accessing the files directly from your server address. It should not require redirects since you will essentially change the URL of your CMS.
If your visitors don't mind seeing the Shared SSL address in their browser, it may not be a big deal. This really depends on the nature of your websites.
If you have any further questions, feel free to post them below.
2014-12-30 11:44 pm
Thanks for the tutorial but still have a question with the line redirects to
Do I write exactely like the example? https://secure108.mydomainname.com/ ?????
What do I write after mydomaine.com/........
2014-12-31 7:00 am
Thanks for the question. The redirects to field is for the URL of the website where you want your website visitors to be directed to.
If you look at your account's technical details in the Account Management Panel (AMP), you will see YOUR secure shared server path. This path is the alternate path to get to your website without having to use your primary domain's URL. So for example:
If your domain's name is domain_name.com and the technical details show that your secure server path is https://secure101.inmotionhosting.com/~acctusername, then you would enter the https://secure101.inmotionhosting.com/~acctusername if you were trying to use the shared server's secure path. The example used in the article above is only an example, it's not the actual path you should be using. Go to the technical details of your account (if you're an InMotion customer) and use the shared secure server path in place of the example provided above.
NOTE: If you are using a software that requires your primary URL to be used for the SSL, then you cannot use this type of re-direct. Some ecommerce programs create the website paths for other pages within the site. Using the temporary URL would not be an option in those cases unless the application allows you to make configuration changes that would permit the re-direct. Also, although the article provides this solution for using the shared server SSL, please remember that if you are trying to maintain your search engine search results based on your domain name, then you will want to invest in purchasing an SSL certificate for your domain. A 301 re-direct is basically telling search engines that the website is no longer going to be at the initial domain name that you provided. InMotion does provide an option for purchasing SSL certificates from AMP.
Finally, if your website was setup in a sub-directory UNDER the primary domain name, then you would add the directory name AFTER your shared server's URL. So for example: https://secure101.inmotion/~acctusername/subfolder_directoryname.
I hope that clarifies the issue for you! If you have any further questions or comments, please let us know.