Want https//: not http://

GolfnutGolfnut Registered Users Posts: 131 Major grins
edited December 17, 2015 in SmugMug Pro Sales Support
Want to have an https:// site rather than a http:// site. I don't know how to do that. Can anyone help?
thanks,
Charles Pfeil
www.SanDiegoBestPhotos.com

Comments

  • GolfnutGolfnut Registered Users Posts: 131 Major grins
    edited December 16, 2015
    I have to ask....why?

    When I asked two people to check out my new website, they each got this message.
    Thanks,
    Charles
  • Hikin' MikeHikin' Mike Registered Users Posts: 5,467 Major grins
    edited December 16, 2015
  • Hikin' MikeHikin' Mike Registered Users Posts: 5,467 Major grins
    edited December 16, 2015
    I'm pretty sure when a customer purchases a print, they are connected to a https (secure) site.
  • AllenAllen Registered Users Posts: 10,013 Major grins
    edited December 16, 2015
    I thought I read that all new sites were https:// and old ones would be changed also.
    Or maybe it was just this.
    http://www.dgrin.com/showthread.php?t=255424
    Al - Just a volunteer here having fun
    My Website index | My Blog
  • GolfnutGolfnut Registered Users Posts: 131 Major grins
    edited December 16, 2015
    Mike,
    Why? Because when some people try to access my website they get that error message and cannot access my website. They probably have some kind of security software that prohibits them from accessing http sites. I want all people even those with overprotective security software to be able to access my site. :-)
  • GolfnutGolfnut Registered Users Posts: 131 Major grins
    edited December 16, 2015
    Agree, but...
    Allen wrote: »
    I thought I read that all new sites were https:// and old ones would be changed also.
    Or maybe it was just this.
    http://www.dgrin.com/showthread.php?t=255424

    I thought that was the case but apparently not - since I created the site last week. Apparently we must do what that link says, but problem is, I don't have a clue how to make my site secured with SSL/TLS.
    Charles
  • leftquarkleftquark Registered Users, Retired Mod Posts: 3,784 Many Grins
    edited December 16, 2015
    Switching everything to SSL would be done on SmugMug's end. All *.smugmug.com URL's now use the https protocol, however, getting custom domains on there is something we're still working on (it's much more complex due to the way the certificates work).
    dGrin Afficionado
    Former SmugMug Product Team
    aaron AT aaronmphotography DOT com
    Website: http://www.aaronmphotography.com
    My SmugMug CSS Customizations website: http://www.aaronmphotography.com/Customizations
  • GolfnutGolfnut Registered Users Posts: 131 Major grins
    edited December 16, 2015
    leftquark wrote: »
    Switching everything to SSL would be done on SmugMug's end. All *.smugmug.com URL's now use the https protocol, however, getting custom domains on there is something we're still working on (it's much more complex due to the way the certificates work).

    Leftquark,
    So what should I do about this? I have another SmugMug website www.arrowphotos.com that doesn't have this problem. Is there something else that could be causing this problem on my www.sandiegobestphotos.com website?

    Thanks,
    Charles
  • denisegoldbergdenisegoldberg Administrators Posts: 14,383 moderator
    edited December 16, 2015
    Golfnut wrote: »
    Leftquark,
    So what should I do about this? I have another SmugMug website www.arrowphotos.com that doesn't have this problem. Is there something else that could be causing this problem on my www.sandiegobestphotos.com website?
    I see the same error on both of your sites using https.

    leftquark's comment above indicates that https support is not yet available for custom domains, only for <user>.smugmug.com.

    --- Denise
  • photoclickphotoclick Registered Users Posts: 278 Major grins
    edited December 16, 2015
    Let me be straight forward here - you don't have a site problem. You have a user problem:)

    Ask yourself a question - why would anyone try to navigate specifically to [url]httpS://www.sandiegobestphotos.com[/url] ? No one in their right mid would do it purposely unless you have a reason for it:) And there is no reason to visit your website on a secured layer. Here is WHY it is happening to your visitors or to you. A visitor goes to Google.com and types the following: "sandiegobestphots". The third from the top result is your website. It shows as "sandiegobestphotos.com" Hover your mouse over it and see the actual web address that shows either in toolbar or tooltips (based on the browser you use). The actual address is [url]httpS://www.sandiegobestphotos.com[/url]. Here is the issue - the Google search result lists your website with the httpS. A visitor at his point simply clicks on the result, the browser follows the httpS link.,.. and cannot go there as there is no SSL on your domain (Smugmug never promised you one, just for the record).

    So, the question is why GOOGLE has your website indexed as [url]httpS://www.sandiegobestphotos.com[/url] ???? Perhaps you have Webmaster tools account and need to adjust things there? What domain registrer do you have your custom domain name with? Perhaps you should check things with them?
  • GolfnutGolfnut Registered Users Posts: 131 Major grins
    edited December 16, 2015
    A little more research on my part...

    The user types www.sandiegobestphotos.com into the domain name field (without http or https) and Goggle as well as Firefox automatically changes it to https://www.sandiegobestphotos.com and the error message appears.

    If the user types http://www.sandiegobestphotos.com, then the error does not appear.

    I had never seen that before. Do you know the reason why this is happening? Is the solution to make the site https?
    Thanks,
    Charles
  • GolfnutGolfnut Registered Users Posts: 131 Major grins
    edited December 16, 2015
    I think I figured it out. On GoDaddy, the Forwarding was to https, so I changed to http. I will need to wait until it updates, but I think this is the source of the problem.
  • photoclickphotoclick Registered Users Posts: 278 Major grins
    edited December 16, 2015
    Yes, it is the problem. Glad you found it:) You also will need to wait ( don't know how long ) for Google to re-index your page, unfortunately. As it stands now, based on my observation, the google search results will return httpS until it knows otherwise.
  • FergusonFerguson Registered Users Posts: 1,345 Major grins
    edited December 17, 2015
    leftquark wrote: »
    Switching everything to SSL would be done on SmugMug's end. All *.smugmug.com URL's now use the https protocol, however, getting custom domains on there is something we're still working on (it's much more complex due to the way the certificates work).

    Sounds like the original problem was solved, but...

    Leftquark, are you suggesting that Smugmug may some day be able to provide https for arbitrary custom domains?

    Can I assume that would involve the customer obtaining a certificate themselves, that is the cooperatively used with Smugmug?
  • photoclickphotoclick Registered Users Posts: 278 Major grins
    edited December 17, 2015
    May I assume that it will be an optional thing? I really do not want to pay for something that I do not need :)
  • leftquarkleftquark Registered Users, Retired Mod Posts: 3,784 Many Grins
    edited December 17, 2015
    Ferguson wrote: »
    Leftquark, are you suggesting that Smugmug may some day be able to provide https for arbitrary custom domains?

    Can I assume that would involve the customer obtaining a certificate themselves, that is the cooperatively used with Smugmug?

    SSL for custom domains won't work until we support it; supporting them is a bit of a challenge because we do not own the domains, and there's lots of them on SmugMug. The goal would be to provide https for custom domains, though I'm unfamiliar with what's involved. I'll check with the team and see if I can answer with a little more info.
    photoclick wrote: »
    May I assume that it will be an optional thing? I really do not want to pay for something that I do not need :)
    It's possible we'll be able to just enable it for everyone, for free. Keeping your photos safe is of utmost importance and I don't expect we'd require you to pay extra for this.
    dGrin Afficionado
    Former SmugMug Product Team
    aaron AT aaronmphotography DOT com
    Website: http://www.aaronmphotography.com
    My SmugMug CSS Customizations website: http://www.aaronmphotography.com/Customizations
  • FergusonFerguson Registered Users Posts: 1,345 Major grins
    edited December 17, 2015
    leftquark wrote: »
    Yep - that'd be the goal. I'm unfamiliar with what's involved but I'll check with the team and see if I can answer with a little more info, though it looks like it might be some form of SNI

    I hope you'll understand when I say I hope this cannot be done.

    The idea that a 3rd party could present itself as a trusted certificate for my domain, without me actually providing the certificate (and without a certificate authority determining that I am who I saw I am), is really kind of terrifying.

    Now that said, I applaud Smugmug having this as a goal. And I am not suggesting you avoid doing it because of this concern -- it's not your fault if you succeed (gee, that sounds funny).

    But it's kind of like you saying you'll run an errand on my behalf and fake a US Passport as identification while doing it. Kind of you to offer to run the errand, frightening if you can fake the passport.

    PS. SNI, I thought, still required an SSL certificate for the target name. Emphasis on "I thought".
  • leftquarkleftquark Registered Users, Retired Mod Posts: 3,784 Many Grins
    edited December 17, 2015
    I'm completely unfamiliar with what's involved, so I don't want to jump to any conclusions and I must apologize if I triggered a fear based on my lack of knowledge on this.
    dGrin Afficionado
    Former SmugMug Product Team
    aaron AT aaronmphotography DOT com
    Website: http://www.aaronmphotography.com
    My SmugMug CSS Customizations website: http://www.aaronmphotography.com/Customizations
  • FergusonFerguson Registered Users Posts: 1,345 Major grins
    edited December 17, 2015
    leftquark wrote: »
    I'm completely unfamiliar with what's involved, so I don't want to jump to any conclusions and I must apologize if I triggered a fear based on my lack of knowledge on this.

    No worries, it's nice to hear of the plans even without the details. Spurs thought.

    And if there is a scary aspect to it, the head's up gives time for research.
Sign In or Register to comment.