CODEWITHSUNDEEP
phpfacebooksslhttp-redirecthttps
Atif
Atif

Reputation: 10880

How to redirect https to http without any SSL Certificate

Is difficult to explain what I am seekig here.

I have a website that doesn't have SSL Certificates and I am using a page as a landing page for a Facebook Application.

My Problem is when someone is on a secure connection on facebook (https://) the iframe src is pointed to the same https URL of my landing page. this returns an error like this.

SSL connection error

Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.

Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.

How do I may users redirect to http or any workaround without installing SSL Certificates?

Upvotes: 18

Views: 50567

Answers (4)

Femi
Femi

Reputation: 64700

There is really no way to do that: HTTPS relies on the SSL certificate being present and the SSL negotiation ocurring BEFORE any data is sent to the server. Therefore if there is no SSL cert then it won't even get to the point where you can send a redirect (as you are observing).

I'd suggest just buying the cheapest cert you can: GoDaddy has specials for $12.99 that I've used quite effectively for just this purpose (Facebook app SSL pages) and that you can have bought and ready in 15 minutes.

EDIT: Just use Lets Encrypt, as @xbakesx states in his comment. Completely free, no delay, accepted pretty much everywhere.

Upvotes: 33

Daniel Dudas
Daniel Dudas

Reputation: 3002

I found a nice solution today to have pages with HTTPS without having a certificate.

You can use cloudflare SSL: Flexible. This way the SSL will be between client and cloudflare server, and between cloudflare and your server will not be secure.

This option is only if you don't have sensitive data because the connection betweeen server and cloudflare is not encrypted

This is how it looks:

enter image description here

Check here more: https://support.cloudflare.com/hc/en-us/articles/200170416-What-do-the-SSL-options-mean-

Upvotes: 4

geekuality
geekuality

Reputation: 350

As an addition to Femi's comment, all Facebook Apps and Pages must support SSL from October 1st so one must prepare for it anyways.

Re: https://developers.facebook.com/blog/post/499/

Upvotes: 3

Peter Rowell
Peter Rowell

Reputation: 17713

If you can't prevent the initial connect from happening with HTTPS, then you (and your server) are never part of the conversation. The only two options are 1) get an SSL certificate (they are cheap), or 2) somehow get the connection to happen over HTTP.

Upvotes: 2

Related Questions