• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.5 have ssl cert, question on procedure for running entire board ssl?

sross

Active member
#1
Hi,

My host will install the cert for me on my dedicated server. I will instruct them to set all traffic to my domain to ssl. Then I was going to update my forum board url to https -however, if host sets all to https, can i get into my admincp to make the required edit? Not sure of steps here. Thanks for any info!
 

Mike

XenForo developer
Staff member
#2
The URL isn't forced within XenForo, so you shouldn't have an issue getting into your site if it's all done properly.

You may need to add web server-level rules to ensure that anyone accessing your site via HTTP will be redirected to HTTPS. It sounds like your host should be doing this though (based on your instructions).
 

andybond

Active member
#3
If you are using CPanel you can normally do a redirect from the http to https
You can then change the respective parts in Xenforo.

Be aware that some of the pages will have served images in HTTP format so you will need to change to suit in the templates etc.
 

sross

Active member
#4
If you are using CPanel you can normally do a redirect from the http to https
You can then change the respective parts in Xenforo.

Be aware that some of the pages will have served images in HTTP format so you will need to change to suit in the templates etc.
Good to know, I have been going through and removing traces. However, I do run my own ad server on an outside VPS, that serves ads on my site. The adserver is not ssl, so am I to assume the ads will fail to show on my site?

I'm thinking an easy way out of this would be to run my ad server ssl, a slight hassle but better than an ad disruption! Thanks
 

Mike

XenForo developer
Staff member
#5
The adserver is not ssl, so am I to assume the ads will fail to show on my site?
Correct -- well somewhat. Any resources brought into the page (JS, images, etc) will need to be served over SSL. In some cases, they may still appear, though the secure icon indication will stop; in other cases/browsers, they won't be served. Much better to shift it to SSL.