SSL http to https redirection using drupal

1
votes

I have recently setup a SSL certificate to my domain. Installation was successful. Post installation when i opened https it showed a Internal Server error'The server encountered an internal error or misconfiguration and was unable to complete your request.' at the same time when i opened http it worked fine.

Then i have made a change in my htaccess file adding 

<IfModule mod_rewrite.c> 
RewriteEngine On 
RewriteCond %{HTTPS} off 
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} 
</ifModule>

to it. Now http is redirected to https but still am getting same Internal server error.

I checked my error log i found error
[warn] RSA server certificate CommonName (CN) `www.dimain.com' does NOT match server name!?

Please help me how to solve this.

Thanks.

3
apache.htaccessdrupalsslhttps
Internal Server Error is generic. Check error.log for more information - Raptor
I have checked my error log there are two errors 1.Premature end of script headers: index.php 2.SoftException in Application.cpp:422: Mismatch between target UID (99) and UID (501) of file "/home/user/public_html/mydimain/index.php. I am not sure how much these are related to this issue. Now my domain is working fine on http but issue with https is same as above - chaithanya

3 Answers

2
votes

May I suggest also using HTTP Strict Transport Security (HSTS) in addition to the other suggestions... :-)

http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

0
votes

From https://drupal.org/https-information:

Drupal configuration

  • If you want to support mixed-mode HTTPS and HTTP sessions open up sites/default/settings.php and add $conf['https'] = TRUE;. This enables you use the same session over HTTP and HTTPS both -- but with two cookies where the HTTPS cookie is sent over HTTPS only. You will need to use contributed modules like securepages to do anything useful with this mode, like submitting forms over HTTPS and so on. While your HTTP cookie is still vulnerable to all usual attacks, a hijacked insecure session cookie can only be used to gain authenticated access to the HTTP site. It will not be valid on the HTTPS site. Whether this is a problem or not depends on the needs of your site and the various module configurations. For example, if all forms are set to go through HTTPS and your visitors can see the same information as logged in users then this is not a problem.

  • For even better security, leave $conf['https'] at the default value (FALSE) and send all authenticated traffic through HTTPS and use HTTP for anonymous sessions. Once again contributed modules like 443 Session or Secure Login can help you here. Drupal 7 automatically enables the session.cookie_secure PHP configuration on HTTPS sites, which causes SSL-only secure session cookies to be issued to the browser.

  • For best-possible security, setup your site to only use HTTPS, not even responding to HTTP with a redirect. HTTPS is vulnerable to man-in-the-middle attacks if the connection starts out as a HTTP connection before being redirected to HTTPS. $conf['https'] can be left at its default value (FALSE) on pure-HTTPS sites. You can run the HTTP site from a different server and simply deliver a plain text message telling your users to use HTTPS.
    • 0
    votes

    It's a problem with your certificate not with your redirection or drupal.

    Perhaps your certificate it's for yourdomaine.com and you try to access www.yourdomaine.com . If you want to access both you will need a wildcard certificate.