Just moved my site to Network Solutions (new host) and having trouble with their SSL certificate. The SSL certificate is installed on the server and I've updated the web.config file to read "<add key="UseSSL" value="true" />".
I now get the following error: "This webpage has a redirect loop" and the page(s) never load. This occurs when clicking Login, Register, and Shopping Cart.
According to the Network Solutions expert, I need to add some javascript code to my web.config file.
This doesn't make sense to me since I did not have this problem with my last host company.
Thoughts?
SSL and Network Solutions
- 14
- 70
- 24.06.2010
- United States
Here is the solutions provided by Network Solutions:
Our proxy SSL doesn't allow server-side variables to detect HTTPS (secure). All server-side coding will always detect HTTP (non-secure), and for programs that attempt to redirect non-secure connections (http://) to a secure connection (https://) will result in an infinite loop and server error after 30 seconds.
The only ways around this is to
1. assume the connection is secure by making all the links to the sensitive pages https, or
2. use a client-side program (like javascript) to detect if it's secure and redirect if it's not. The coding below will do just that. Just modify it to redirect to the correct secure domain and add it into the HTML of any sensitive pages.
<script language="javascript">
if (document.location.protocol != "https:")
{
document.location.href = "https://secure.domain.com" + document.location.pathname;
};
</script>
Yikes...thoughts anyone???
Our proxy SSL doesn't allow server-side variables to detect HTTPS (secure). All server-side coding will always detect HTTP (non-secure), and for programs that attempt to redirect non-secure connections (http://) to a secure connection (https://) will result in an infinite loop and server error after 30 seconds.
The only ways around this is to
1. assume the connection is secure by making all the links to the sensitive pages https, or
2. use a client-side program (like javascript) to detect if it's secure and redirect if it's not. The coding below will do just that. Just modify it to redirect to the correct secure domain and add it into the HTML of any sensitive pages.
<script language="javascript">
if (document.location.protocol != "https:")
{
document.location.href = "https://secure.domain.com" + document.location.pathname;
};
</script>
Yikes...thoughts anyone???
- 14
- 70
- 24.06.2010
- United States
@PremiumReseller.com,
Yes, that's exactly what it does and I've added the code to header.ascx. Not being a techie, this was the easiest place to put the code. I'd rather put the code on the most important pages only but not sure where and how to find them: register, my account, login, shopping cart/checkout. Any directions?
The problem I have now, is that the code requires all objects be https, such as pictures, and when an object is not https, Internet Explorer throws a warning "security" message while Google Chrome and Mozilla Firefox both mark the browser with indications that some objects may not be secure. Incredibly, if a user clicks on an item's details (from the "Details" button), the picture of the item from the details page is stored in nopC as http, which I think will confuse if not cause concern to buyers. I'm not sure if there's a way to make the pics https.
Here's my sight if you want to take a look and make suggestions - http:www.letstakethecountryback.org
Thanks for the feedback!
Yes, that's exactly what it does and I've added the code to header.ascx. Not being a techie, this was the easiest place to put the code. I'd rather put the code on the most important pages only but not sure where and how to find them: register, my account, login, shopping cart/checkout. Any directions?
The problem I have now, is that the code requires all objects be https, such as pictures, and when an object is not https, Internet Explorer throws a warning "security" message while Google Chrome and Mozilla Firefox both mark the browser with indications that some objects may not be secure. Incredibly, if a user clicks on an item's details (from the "Details" button), the picture of the item from the details page is stored in nopC as http, which I think will confuse if not cause concern to buyers. I'm not sure if there's a way to make the pics https.
Here's my sight if you want to take a look and make suggestions - http:www.letstakethecountryback.org
Thanks for the feedback!