In order for your website to load up with the green padlock, you will need to ensure that the website loads up with ‘https://’ at the start of the URL in the address bar. You might have two domain names and want to redirect one to the other. When it comes to SSL certs and redirects, there are a couple of slightly different redirects you could set up. Let’s take two domains – ‘domain1.ie’ and ‘domain2.ie’.
If you want to redirect ‘http://domain1.ie’ to ‘http://domain2.ie’, no SSL cert is needed.
If you want to redirect ‘http://domain1.ie’ to ‘https://domain2.ie’, one SSL cert is needed on ‘domain2.ie’
If you want to redirect ‘https://domain1.ie’ to ‘https://domain2.ie’, two SSL certs are needed – one for ‘domain1.ie’ and another for ‘domain2.ie’
You might think why would you need an SSL cert on ‘domain1.ie’ when it is simply redirecting on to ‘domain2.ie’. The reason for this is that when you enter ‘https://domain1.ie’ into your browser, the SSL check on the server is done before the redirect takes place.
If you try to load up a website with ‘https://’ but you do not have an SSL cert installed for that domain specifically, you will get a ‘not secure’ or ‘unsafe to continue’ warning load instead.
Requirement of SSL certificate for URL redirect
Here is why do we require an SSL certificate for URL Redirect?
Let's assume you are moving a site from www.olddomain.com to www.newdomain.com
In order to respond to a request for https://www.olddomain.com/ without causing scary warnings you need a certificate that covers https://www.olddomain.com/. This applies regardless of whether the response you want to send is a redirect or not. On the other hand, a request for http://www.olddomain.com/ can be responded to without needing any certificates.
Users who just type your site name will likely end up making a request for http://www.olddomain.com/ (unless you are using HSTS) but if your old site previously redirected everyone to HTTPS then it is likely that bookmarks and incoming links will use the HTTPS URL. If your old site used HSTS then nearly all incoming requests are likely to be on HTTPS.
In order to bind SSL in below steps are involved
Binding a certificate to a website in IIS means that you are activating the installed digital certificate and associating it with a particular website, port, and/or IP Address. Binding in IIS can be performed by following these simple steps. (These instructions assume that you have already installed your certificate in IIS.)
- Start IIS Manager - Start IIS Manager. One quick way to do this is by opening the Run command, then typing inetmgr and clicking the OK button.
- Select a website - In the Connections pane on the left side of the window, navigate to the Server and Site you wish to bind the certificate to.
- Open bindings - In the Actions pane on the right, click Bindings.
- Click Add - Click the Add button.
- Select a binding type - The Add Site Binding window will open. For Type, select https.
- Select IP address - For IP address, select All Unassigned, or the site’s IP address.
- Enter port - For Port, enter 443.
- Select certificate - Select the desired certificate from the SSL certificate drop-down menu.
- View certificate details - You can use the View… button to get details about the selected certificate.
- Require Server Name Indication (SNI) if necessary - If you are serving more than one domain name from the same IP address, enter it in the Host name field and check the Require Server Name Indication box. If not, you can safely leave these blank.
- Close the “Add Site Binding” window - Click the OK button to close the window.
- Close “Site Bindings” window - Verify that the binding has been added, then close the Site Bindings window by clicking the Close button.
- Edit existing binding (if necessary) - You may also edit an existing binding. To do this, simply select the item and click Edit. You can change the port, the IP Address, the host name, and the certificate to use.
- Next steps - Now that you have found the certificate to your website, you should redirect incoming HTTP traffic to HTTPS.
Note - In the case of Cloudflare URL Redirection SSL will not require in IIS. This article from Cloudflare will provide steps for URL Redirect.
To redirect a site from HTTP to HTTPS, you require the URL Rewrite module. If not installed already, install it from this link.
- Redirect site from HTTP to HTTPS
- Users can use IIS to configure the redirect rule or directly can update the web.config file for the respective application. (By using IIS, it will update the respective web.config file.)
- In case of Cloudflare URL Redirection SSL will not require in IIS : This article from Cloudflare will provide steps for URL Redirect
- Redirect site from old URL to new URL
To redirect a site from an old URL to a new URL, modify the web.config of old URL application as mentioned in the picture below, and that application should be in a running state.
Note - In case, the old URL-hosted application is stopped/ not available then domain-level URL redirection needs to be done.
For domain provider-level URL redirection, you can refer to this (for domains provided by namecheap specifically). If you are using other domain hosting providers, refer to their knowledge base and documents.