CMS Made Simple Forums

Established website with around 20 pages. Want to make it secure with https:// ... URLs.

I have bought and installed a certificate.

I have changed root_url in config.php to https:// ...

I have modified a few items in the templates which specified http:// to read https://

The site now works and shows the padlock when going direct to https:// so that's good.

Questions:

1. What modifications to the standard CMSMS .htaccess do I need to make so that requests for the http:// site are redirected to https:// ?

2. What does Content > Content Manager > [Page edit] > Options tab > "Use HTTPS for this page" tick box do? None of my pages are ticked and site appears to work OK.

3. What else should you do to convert to https:// fully?

Thanks

----------------------------------------------
Cms Version: 2.2.2
Installed Modules:
AdminSearch: 1.0.4
CGExtensions: 1.56.2
CGSimpleSmarty: 2.1.6
CMSContentManager: 1.1.5
CMSMailer: 6.2.14
CmsJobManager: 0.1
DesignManager: 1.1.3
FileManager: 1.6.3
FilePicker: 1.0
FormBuilder: 0.8.1.6
JQueryTools: 1.4.0.3
MenuManager: 1.50.3
MicroTiny: 2.2
ModuleManager: 2.1.1
Navigator: 1.0.7
News: 2.51.2
Products: 2.26.9
Quotes2: 1.1.0
Search: 1.51.2
Showtime: 3.4
Showtime2: 3.5.4
SimpleSiteInfo: 3.3
SimpleSiteMgr: 3.3
ThemeManager: 1.1.8
UsersGuide: 2.0

Config Information:
php_memory_limit:
max_upload_size: 2000000
url_rewriting: mod_rewrite
page_extension:
query_var: page
auto_alias_content: true
locale:
set_names: true
timezone: Europe/London
permissive_smarty: false

Php Information:
phpversion: 5.6.31
md5_function: On (True)
json_function: On (True)
gd_version: 2
tempnam_function: On (True)
magic_quotes_runtime: Off (False)
E_ALL: 32767
E_STRICT: 2048
E_DEPRECATED: 8192
test_file_timedifference: No time difference found
test_db_timedifference: No time difference found
create_dir_and_file: 1
memory_limit: 128M
max_execution_time: 30
register_globals: Off (False)
output_buffering: 4096
disable_functions:
open_basedir:
test_remote_url: Success
file_uploads: On (True)
post_max_size: 8M
upload_max_filesize: 2M
session_save_path: /tmp (0700)
session_use_cookies: On (True)
xml_function: On (True)
xmlreader_class: On (True)
check_ini_set: On (True)
curl: On

Performance Information:
allow_browser_cache: Off (False)
browser_cache_expiry: 60
php_opcache: On (True)
smarty_cache: Off (False)
smarty_compilecheck: Off (False)
auto_clear_cache_age: Off (False)
Server Information:
Server Software: Apache
Server Api: cgi-fcgi
Server Os: Linux 3.10.0-427.36.1.lve1.4.47.el7.x86_64 On x86_64
Server Db Type: MySQL (mysqli)
Server Db Version: 10.1.24
Server Db Grants: Found a "GRANT ALL" statement that appears to be suitable

Permission Information:
tmp: /home/ctw/public_html/tmp (0755)
tmp_cache: /home/ctw/public_html/tmp/cache (0755)
templates_c: /home/ctw/public_html/tmp/templates_c (0755)
modules: /home/ctw/public_html/modules (0755)
uploads: /home/ctw/public_html/uploads (0755)
File Creation Mask (umask): /home/ctw/public_html/tmp/cache (0755)
config_file: 0444
----------------------------------------------

Thanks Rolf, that .htaccess additional code worked for me.

Any ideas about what that tick box does? (My question 2).

2. What does Content > Content Manager > [Page edit] > Options tab > "Use HTTPS for this page" tick box do? None of my pages are ticked and site appears to work OK.

That tickbox was useful back in the days of shared certificates (when browsers could not deal with multiple certificates for the same IP address). When SSL based sites were not the norm, and multiple sites had to share certificates. It allowed you to specify that some pages were to use the shared certificate and others were not.

When your entire site is SSL based this tickbox has no purpose.

Since SSL is 'the new normal' and certificates are free and/or cheap we will be removing that tickbox in CMSMS 2.3.

Thanks Rolf and Calguy.