HTTPS connection displays mixed-mode notice

Overview Accessing a website, protected by SSL, yields a “mixed-mode” notice or the SSL indicator displays different than normal. Cause SSL is designed to protect data transfer from third-party snooping through encryption. By accessing a resource over a non-encrypted stream (e.g. including an image on a site as <img src=”http://mysite.com/img.jpg” />), this protection is circumvented. The request is made…

Let’s Encrypt Certificates

Overview v5+ and above platforms support Let’s Encrypt certificates within the control panel. Let’s Encrypt is a free certificate authority that provides free trusted certificates accepted by all modern browsers. Let’s Encrypt certificates may be issued within the control panel under Web > SSL Certificates. Let’s Encrypt has a few limitations: Only 100 hostnames may be bundled into a…

Are multi-domain (SNI) certificates supported?

Yes, hosting platforms v4.5+ and beyond support multi-domain certificates through SNI (server name indication). In order to use a multi-domain certificate, you will need to purchase a corresponding multi-domain/”UCC” certificate from the accredited SSL authority. What is SNI? With SNI, multiple domains co-exist on a single certificate making it suitable to protect multiple websites on…

Forcing HTTP redirect to SSL

Overview Converting HTTP to HTTPS resources can be accomplished in several ways. It goes without saying that you should setup and test your SSL certificate before performing any of the following methods. Strict Transport Security Modern browsers support a security standard called “HTTP Strict Transport Security“, or HSTS for short. HSTS sends a header with…