SSL woes

[mikethechap]

Recently had to get a new SSL and having problems. I can't change the files in the secure directory, and I get three redirects saying that the browser is leaving the site for unsecure items.

History
Moved from Aletia whenever the exodus took place. Had the SSL setup for secure.domainname.com and it pointed (how this happened, I don't know) to /public_html/ssl/ . After being moved over things were fine until got a new cert through the Jaguar folks (who have tried working on this, to some degree of success). With the installation of the SSL sert, I installed a new diectory, "secure" , path = /public_html/secure/ and, thinking that I was supposed to, set up a sub-domain, secure. I thought that anytime you have secure.domainname.com, the secure part had to be a subdomain. Yes, no, maybe?

Apparently, there is some kind of redirect in place, though, or some kind of cache. I have tried to make changes in this page THIS PAGE, loading the new pages into /public_html/secure/ but the changes do not show up.

Also, I still get the insecure site errors? I have even deleted the above referred file but the page still loads.

ANy ideas, clarifications that will help the concepts sink in? When you set up an SSL, where do the files go. IN my case, I thought, since the domain name is "secure" then they go in a directoty named secure, which I make into a subdomain.

I hope this makes some sense. I tried (and I DID do research using the search button!).

Thanks in advance!

[jason]

I had no problems accessing your example page. Since your certificate was issued to "secure.elderhope.com," you are right in assuming that all of your files have to be in public_html/secure. You could still access your site with https://www.elderhope.com/secure/, but doing so would cause a warning message to appear because the domain name is different than the one the cert was issued for ("www" instead of "secure").

What browser version/device are you using to access your site? The new certificate is a Comodo chained cert. Chained certificates are relitively new and only work in the newest browsers. The concept is as follows: in order for a browser to "trust" a certificate, it has to know the issuer. There used to be only a few companies that the browsers knew about and therefore only their certificates were trusted (and as a result, those comapnies charged top dollar for them). With chained certificates a new certificate authority can obtain a certificate from one of the authorities that the browser trusts and use that to issue you a certificate that the browser will trust intrinsically (creating a chain "trusted root->issuing authority->your cert"). While 90-99% (depending on who you ask) of the browsers in use right now will truest these certs, many other devices do not. These include some cell phones, WebTV boxes, and of course older browsers. If you are using an older browser or WebTV, that may be your problem.

--Jason