Newest KB Articles in SSL

SSL Certificate Flow Chart - Quick Flow

Thu, 23 Apr 2026 00:10:42 GMT

Ordering an SSL Certificate on Winhost — Quick Flow

Winhost > SSL

The short version: getting an SSL on your site is now just two choices - order an SSL Cert from us, or upload a PFX you already own. Either way, the certificate should be issued within 10 minutes. No CSR to generate, no files to copy, no back-and-forth.

The flow at a glance

Green = automatic / YES Yellow = you do it Red = NO / stop & read Blue = decision

START: I need an SSL

Go to SSL Manager. Pick one:

These are the only two options. Choose whichever fits.

A — Order from Winhost

1. Click Order SSL Certificate
2. Pick a type (RapidSSL, Wildcard, etc.)
3. Click Order SSL Certificate to submit

Note: We will use HTTP validation by default and fall back to DNS validation.

DigiCert verifies your domain

It's automatic. Should issue within 10 minutes.

You do nothing.

Cert installed automatically

Confirmation email sent.

If verification fails: that means we can't reach your domain (rare). You'll need to add a DNS TXT record yourself to finish. ^*

B — Upload my own PFX

1. Click Upload SSL PFX File
2. Choose your .pfx file
3. Enter the PFX password
4. Click Upload

Cert installed

Takes a few moments. Confirmation email sent.

(No domain verification needed — the PFX is already a valid cert.)

both paths merge here

Final step — Turn on the HTTPS redirect

So no one lands on the old http:// version and sees “Not Secure” message

^* Reissue / DNS note: if you handle DNS validation yourself, or if you reissue the certificate later, you will need to redo this verification step.

Want the full step-by-step with screenshots? See the detailed article: Order an SSL Certificate Through Winhost.

Quick answers

Question	Answer
Do I need to do anything for domain validation?	If the site is currently hosted with us, OR if the DNS is pointing to our name servers, you don't need to do anything — validation happens automatically.
Do I need to generate a CSR?	No. Winhost handles the CSR for you behind the scenes.
How fast?	DV certs should issue within 10 minutes. OV/EV take 1–3 business days because DigiCert has to verify your organization.
I already have a cert from someone else — can I use it?	Yes. Use Option B and upload your `.pfx` file.
Does my site go down?	No. It stays online the whole time.
What is a PFX file?	A PFX file is a password-protected file that bundles a digital certificate, its private key, and any intermediate certificates into one package. It’s commonly used on Windows systems to secure SSL/TLS connections, sign code, and verify identities.

Purchasing an SSL certificate from a third-party provider

Fri, 27 Feb 2026 19:47:47 GMT

Introduction

This article outlines the general steps for obtaining an SSL certificate from a third-party provider and installing it on your website using the control panel.

You will first generate a CSR (Certificate Signing Request) on your computer. This CSR is submitted to your chosen SSL provider. The CSR is required for the SSL Provider to issue your certificate. Once the certificate has been issued, you will export the certificate as a PFX file. You will then upload this PFX file to your control panel, where it can be used for installation on your site.

NOTE: We understand that some customers prefer to manage their SSL certificates independently. If you’re looking for a more streamlined process, you also have the option to purchase an SSL certificate through us. In most cases, we handle the setup and installation, which usually requires little to no action on your part.

What Is a CSR and Why Do I Need One?

A CSR (Certificate Signing Request) is a small file you generate on your computer. Think of it like a job application form. It contains information about your website and your company. When you want to buy an SSL certificate from a third-party provider (like GoDaddy, Namecheap, or another CA), they need this file from you in order to create your certificate.

Once they have your CSR, they will verify your information and issue your SSL certificate. You will then need to install that certificate. This guide walks you through the whole process, step by step.

What You Will Need Before You Start

A Windows computer (Windows 10 or Windows 11 is fine).
IIS (Internet Information Services) — this is a free feature that comes with Windows. It is not turned on by default, but we will show you how to turn it on below.
The domain name you want to secure (for example, www.yoursite.com).
Basic information about your company (name, city, state, country).

Step 1 — Turn On IIS (If You Have Not Already)

IIS is a built-in Windows feature that is usually turned off. Here is how to turn it on:

Click the Start button (the Windows logo in the bottom-left corner of your screen).
Type Turn Windows features on or off and click on it when it appears.

In the list that appears, look for Internet Information Services. Check the box next to it.
Click OK and wait for Windows to finish. This may take a couple of minutes.

Tip: If the box next to Internet Information Services is already checked, IIS is already installed and you can skip to Step 2.

Step 2 — Open IIS Manager

Click the Start button and type IIS or Internet Information Services Manager.
Click on Internet Information Services (IIS) Manager to open it.

Step 3 — Create the Certificate Request (CSR)

This is where you generate the CSR file that you will send to the SSL certificate provider.

In IIS Manager, look at the left-hand side panel. Click on your computer's name (it will be at the very top of the list).
In the middle section, look for an icon called Server Certificates. Double-click on it.

On the right-hand side, click Create Certificate Request... A window will open asking for your information.

Fill in each field as follows (do not worry — it is just basic information about you and your website):

Field	What to Enter
Common Name	The full domain name you want to secure. Example: www.yoursite.com. If you want a Wildcard certificate that covers all subdomains, use *.yoursite.com.
Organization	The legal name of your business or organization. If you are an individual, you can use your full name.
Organizational Unit	The department handling this. If you are unsure, you can type IT or just your company name again.
City / Locality	The city where your organization is located.
State / Province	Your state or province. Spell it out fully (example: California, not CA).
Country	The two-letter country code. For the United States, enter US.

Click Next. On the next screen, you will see a Cryptographic Service Provider and a Bit Length. Leave these settings as they are (the defaults are fine) and click Next again.
On the last screen, you will be asked to save the file. Click the ... button to choose where to save it. Save it somewhere easy to find, such as your Desktop. Name it something you will recognize, like mysite_csr.txt.
Click Finish. Your CSR file has been created and saved!

Tip: Do not delete or move this file after you save it. You will need it in the next step.

Step 4 — Submit Your CSR to Your SSL Provider

Now that you have your CSR file, it is time to purchase your SSL certificate from a third-party provider (such as GoDaddy, Namecheap, Comodo, or any other provider of your choice).

Open the CSR file you saved in the previous step. You can do this by right-clicking the file and selecting Open with > Notepad.
You will see a block of text that starts with -----BEGIN CERTIFICATE REQUEST----- and ends with -----END CERTIFICATE REQUEST-----. Select all of this text and copy it (Ctrl + A, then Ctrl + C).
Go to your SSL provider's website and start the SSL certificate purchase process. When they ask for your CSR, paste the text you copied into the box they provide.
Complete the purchase and follow any verification steps your provider requires. They will email you when your certificate is ready.

Note: Every SSL provider is a little different. If you are not sure where to paste the CSR, look for a step in their checkout or order process labeled 'Enter CSR' or 'Configure Certificate'.

Step 5 — Complete the Certificate Installation in IIS

Once your SSL provider emails you the certificate, you will need to complete the installation in IIS. This connects the certificate to the request you made earlier.

Save the certificate file your provider sent you to your computer (usually a .crt or .cer file).
Open IIS Manager again and go back to Server Certificates (same as Step 2).
On the right-hand side, click Complete Certificate Request...
Click the ... button to browse to the certificate file you saved. Give it a friendly name you will recognize (for example, MySiteSSL) and click OK.

Your certificate is now installed in IIS. The next step is to export it as a PFX file so you can upload it to Winhost.

Step 6 — Export the Certificate as a PFX File

Winhost needs the certificate in a specific format called PFX (also known as PKCS#12). This file bundles your certificate together with its private key. Here is how to export it:

In IIS Manager, go back to Server Certificates. Find the certificate you just installed in the list.
Click on it once to select it, then on the right-hand side click Export...
Choose where to save the file and give it a name (for example, mysite_certificate.pfx). You will also be asked to create a password — write this down, as you will need it when uploading to Winhost.
Click OK. Your PFX file is now saved on your computer.

Step 7 — Upload the PFX to Winhost

The last step is to upload your PFX file to the Winhost Control Panel so it can be installed on your site.

Log in to your Winhost Control Panel and go to Sites > [your domain] > SSL Manager.
Click Upload PFX.
Browse for the PFX file you exported in Step 6 and enter the password you created for it.
Click Upload to install the certificate on your site. That's it!

Note: After your certificate is installed, remember to set up a forced HTTPS redirect so visitors always use the secure version of your site. See the Force HTTPS with URL Rewrite knowledge base article for instructions.

Note: If you run into any trouble at any step, contact Winhost Support. Have your domain name and the step number from this guide ready — it will help us assist you faster.

Order an SSL Certificate Through Winhost

Wed, 25 Feb 2026 20:37:10 GMT

Overview

Winhost makes ordering an SSL certificate simple. When you order through the Winhost Control Panel, everything is handled automatically. Just follow the steps below, and your certificate will typically be issued and installed within 10 minutes.

Good to know: you have two options for getting SSL on your site — (I) order a certificate from Winhost, or (II) upload a PFX file of an SSL certificate that you obtained elsewhere. You no longer need to generate a CSR yourself; Winhost handles that behind the scenes.

Before You Begin

You will need a Max plan or higher to use SSL. If you are on a Basic plan, upgrade first:

Log in to the Winhost Control Panel.
Go to Sites > [your domain] > Change Plan.
Select Max or a higher plan and complete the upgrade.

Your Two Options

Inside the SSL Manager you will see two choices. Pick whichever fits your situation:

Option I — Order SSL from Winhost

Let Winhost buy and install the certificate for you. Best for most customers — takes about 10 minutes end-to-end.

Option II — Upload a PFX

Already bought a certificate elsewhere? Upload your .pfx file and we install it on your site.

Option I — Order an SSL Certificate Through Winhost

In the Control Panel, go to Sites > [your domain] > SSL Manager.

Click Order a New SSL Certificate.
Select the type of SSL certificate you want (for example, RapidSSL for a standard single-domain, or Wildcard if you need to cover subdomains).
Enter the common name (your domain name or sub-domain name, for wildcard SSL Certificates, you must enter *.[domain name] without the []), organization name, organization unit, city/locality, state/province, and country.

Review your admin contact information and confirm your Admin Email address. This is where your SSL certificate details and renewal reminders will be sent — make sure it is correct.
Click on Continue >>> to review your information and then Order SSL Certificate to submit your order.

That’s it on your end. Winhost handles the CSR, sends the order to DigiCert, and installs the certificate automatically once DigiCert verifies your domain.

BEHIND THE SCENE

Domain Validation

Before your SSL certificate can be issued, DigiCert (our certificate authority partner) needs to confirm that you own or control the domain. There are three ways this can happen — in most cases, it is fully automatic.

Option 1 — HTTP Validation (most common, fully automatic)

If your domain is already pointing to Winhost, HTTP validation is used by default. Here is what happens:

Winhost automatically places a small hidden verification file on your site.
DigiCert checks for that file to confirm you control the domain.
Your certificate is usually issued within 20 minutes.
Once issued, the certificate is installed on your site automatically.

Note: no action is needed from you for HTTP validation. The process is entirely automatic as long as your domain points to Winhost.

Option 2 — DNS Validation (automated for Wildcard certificates or domains not yet pointing to Winhost)

If you are ordering a Wildcard SSL certificate (e.g., *.yourdomain.com), or if your domain is not yet pointing to Winhost, DNS validation is used instead. If your domain’s DNS is managed through Winhost, this is also fully automatic:

Winhost automatically adds the required DNS validation record for you.
DigiCert detects the record and verifies your domain.
Your certificate is issued and installed automatically, typically within 10 minutes.

Option 3 — DNS Validation, Manual (DNS hosted elsewhere) ^*

If your domain’s DNS is managed at a third-party provider (such as GoDaddy, Cloudflare, or another domain registrar), you will need to add a DNS record yourself:

After placing your order, the Control Panel will display a DNS TXT record value.
Log in to your DNS provider and add the TXT record shown in the control panel.
Once the record is added, DigiCert will automatically detect it (this may take several minutes to a few hours depending on your DNS provider). Click on the Validate Now button to complete to process.
Your certificate will be issued and installed automatically once validation is complete.

Note: DNS changes can take time to propagate. If your certificate has not been issued after a few hours, contact Winhost Support for assistance.

Organization Validated (OV) and Extended Validation (EV) Certificates

If you are ordering an OV or EV SSL certificate (such as TrueBiz or an EV certificate), there are additional manual verification steps required by DigiCert on top of the domain validation above:

DigiCert will reach out to verify your organization’s details (name, address, phone number, etc.).
For EV certificates, DigiCert may call you directly to confirm your identity. The certificate will not be issued until you respond.
This process is separate from domain validation and cannot be skipped.

Heads-up: OV and EV certificates take longer to issue because of the additional manual review. Plan for at least 1 to 3 business days.

Option II — Upload Your Own PFX Certificate

If you already purchased an SSL certificate from another provider (or have one exported from another server), you can install it on your Winhost site by uploading a PFX file. No domain validation is needed on our side — the PFX is already a valid, signed certificate.

In the Control Panel, go to Sites > [your domain] > SSL Manager.
Click Upload SSL PFX File.
Choose your .pfx file from your computer.
Enter the PFX password (the password you set when the file was exported).
Click Upload.

Done in seconds. Your certificate is installed on the site immediately and a confirmation email is sent.

Don’t have a PFX yet? If your certificate provider gave you a .cer or .crt file plus a private key, you will need to combine them into a single .pfx file before uploading. Contact Winhost Support if you need a hand.

After Your Certificate Is Issued

Once your certificate is issued, Winhost receives a notification from DigiCert (or completes the PFX upload) and automatically installs the certificate on your site, you will receive a confirmation email when everything is in place.

Final step — Turn on the HTTPS redirect

To avoid a “Not Secure” warning in browsers, enable a forced HTTPS redirect after installation. See the Force HTTPS with URL Rewrite knowledge base article for instructions.

Note: if domain validation is not completed within 30 days, the validation token will expire and a new certificate order will need to be placed. Contact Winhost Support if you need help.

Renewing Your Certificate

SSL certificates must be renewed annually. You will receive a renewal reminder by email 30 days before your certificate expires. To renew, follow the same steps as ordering a new certificate through SSL Manager — the process is identical.

Note: the Renew button becomes available 30 days before expiration. If you receive a reminder but cannot see the button yet, wait a day or two and try again.

^* Reissue / self-managed DNS note: if you handle DNS validation yourself (Option 3 above), or if you reissue the certificate later, you will need to redo the DNS TXT record verification step each time.

Obtaining a Multi-Domain Let’s Encrypt Certificate

Fri, 29 Aug 2025 16:02:56 GMT

While our site can have a primary domain and additional domains as the domain pointers pointing to it, only one SSL certificate can be installed per site. This is a stopping factor for those who need to point multiple domains to the same site and require all of them to be protected with https protocol. The only solution in this case it to purchase and install Multi-Domain certificate from some other SSL reseller as we do not resell Multi-Domain certificates.

While the prices of Multi-Domain certificates can get very high, fortunately, there is a free Multi-Domain certificate we can obtain from Let’s Encrypt. The process of obtaining, approving, and installing Let’s Encrypt certificate manually can be tedious, confusing, and frustrating, but luckily for us, there are software called ACME clients that will simplify those tasks. For the purpose of this tutorial, I will use the following domain names all pointing to the same Winhost site:

alaskafoxes.online – Primary Domain
alaskafoxes.shop – Domain Pointer
alaskafoxes.store – Domain Pointer

All of the domains are using CloudFlare DNS Services. I will use Certify The Web Desktop ACME client to obtain and manage Let’s Encrypt certificates. It will be connecting to the CloudFlare account and will create DNS entries to use DNS-01 Challenge validate the domain. It is important to note that this is the only challenge type that can be used to obtains Wildcard type certificate.

All of my three domains are now using CloudFlare DNS services and A Records are pointing to my Winhost site, so I can go to the next step of obtaining Global API Key from my CloudFlare account. Login to your CloudFlare account and navigate to API Tokens section. Click on View button next to Global API Key, enter your CloudFlare account password and press View button. Copy the Global API Key shown and save it to a secure place. This key with CloudFlare email address will be used by Certify the Web client to create DNS record required to obtain the certificate.

Now, let’s download and install Certify the Web desktop certificate manager / ACME client on a Windows machine.

When Certify the Web is installed, open it and go to Settings –> Certificate Authorities. Select Let’s Encrypt option in Prefer Certificate Authority drop-down box and hit New Account button

Select Let’s Encrypt from Certificate Authority drop-down box, enter your email address, agree to the terms, and hit Register Contact button.

Let’s Encrypt account was registered successfully, and is shown on Settings –> Certificate Authorities page

Now let’s connect our client to CloudFlare: go to Settings –> Stored Credentials –> Add New Stored Credentials

On the Add/Update Store Credential page, select CloudFlare DNS API from Credential Type drop-down box, enter the name for your credentials such as CF, and paste you Global API Key you obtained earlier in Auth Key filed. Enter the email address of your CloudFlare account in Email Address filed. Hit Save once done.

Now let’s create another stored credential to store a password that will be used to protect PFX file of the certificate. We will use this password to import PFX file to Winhost site. Hit Add New Stored Credentials button again and in Credential Type drop-down box select Password. Give the stored credential a name such as PFX Password, enter the desired password, and hit Save button.

Now go to Managed Certificates section and hit New Certificate button

Now let’s add all common names to the certificate we would like to protect. There will be three wildcard common names and three “naked” domains, i.e. this certificate will protect all domains, and all their sibdomains: everything. I will need to add the following entries:
alaskafoxes.online
*.alaskafoxes.online
alaskafoxes.shop
*.alaskafoxes.shop
alaskafoxes.store
*.alaskafoxes.store

I will start pasting those entries one by one in Add domains to certificate field and hitting “+” button to add them until I have them all listed as shown on the next screen shot. I decided to set *.alaskafoxes.online as my primary domain under Primary column. When adding wildcard common name the message warns you that you need to setup DNS challenge for that type of certificate which will do later on.

Navigate to Advanced section and select Let’s Encrypt from Certificate Authority drop-down box

Navigate to Signing & Security page, scroll down Security section, and select PFX Password that we created earlier from the drop-down box .

Next, go to Authorization section and in Challenge Type drop-down box select dns-01. Select CloudFlare DNS API in DNS Update Method drop-down box. Select CF credential that we created earlier in Credentials drop-down box. Click on “…” button next to DNS Zone Id filed. The domains of your CloudFlare accounts will be populated in the DNS Zone Id filed. I am selecting my first domain, alaskafoxes.online. It will be replaced with a Zone Id identifier. Since DNS propagation takes time, the default 60 seconds is not enough. I will increase it to 600 seconds. Hit Add Configuration button.

When you hit Add Configuration button, in the configuration above that we just filled out there additional text box appears called Domain Match. The software hides this filed initially not to confuse the users as most of the users are ordering certificate for one domain. However, when Muti-Domain certificate is ordered, we will need to enter the exact common names separated by a semicolon. So go back to Authorization Settings of the first domain, alaskafoxes.online and enter the following in Domain Match text field:
*.alaskafoxes.online;alaskafoxes.online
Verify the configuration for the first domain, and scroll down to the configuration section of the next domain

I will have the same configuration for next Authorization Settings for another domain, alaskafoxes.shop, except selecting DNS Zone Id for alaskafoxes.shop and in Domain Match filed entering
*.alaskafoxes.shop;alaskafoxes.shop

I will do the same for my last domain, alaskafoxes.store, adding the following in the Domain Match filed:
*.alaskafoxes.store;alaskafoxes.store

Now it is time to save changes by hitting Save button and then proceed with certificate request by pressing Request Certificate button in the top-right corner.

The certificate manager will create required TXT records in CloudFlare and will attempt to verify them in 10 minutes as we entered 600 seconds in Propagation Delay Seconds. If all information are entered correctly, the certificate will be issued and placed to the following directory on your machine:

C:\ProgramData\certify\assets\

To verify the certificate was issued correctly and includes all domains, I will import / install that certificate on my local machine and check its subject alternative names

Everything looks correct, so I will proceed installing that certificate on my Winhost test account following the instructions in this article.

The certificate was successfully installed. The site was assigned with an Unique IP address and all domains and subdomains are now protected.

The Certify the Web certificate manager will display the list of the current certificates and their expiration date.

The certificate will be renewed automatically by the certificate manager. All you need to do after the certificate renewal is to grab PFX file of the new certificate and install it on your Winhost site. The renewal settings tells when the certificate renewal will take place. By default, the renewal mode is set to 75% of the certificate lifespan. Therefore, if Let's Encrypt certificate is being issued for 90 days, then the renewal will occur on the day 63 from the date when the certificate was issued.

CloudFlare SSL Support

Fri, 23 Aug 2024 22:04:39 GMT

If you are routing your DNS through CloudFlare, you can enable SSL support by logging into your CloudFlare account, selecting the site, and then SSL/TLS. Checking "Flexible" is the easiest way to add SSL support for your site. When checking this option, make sure you remove any SSL redirects on your site, otherwise, you'll create an infinite loop.

Exporting an SSL Certificate to a PFX file

Sat, 13 Apr 2024 05:25:58 GMT

In cases where a certificate is installed on a local Windows machine, the certificate export can be performed with Microsoft Management Console (MMC).

1. Enter mmc in the Search bar and then select Run as administrator. (For older versions of Windows, click on the Start menu and then Run. Enter "mmc" and click OK.)

2. Click on the File menu and then Add/Remove Snap-in...

3. Select Certificates and then click on the Add > button.

4) Check Computer account and then click on Next >.

5. Check Local computer and then click on Finish. Click on OK to finish adding the snap-in.

6. Expand the Certificates (Local Computer) folder, then Personal, and click on Certificates.

7. In the middle pane, right click on the SSL Certificate, select All Tasks, and then Export...

8. This will launch the Certificate Export Wizard. Click on the Next button.

9. Check Yes, export the private key and then click on the Next button.

10. Check Personal Information Exchange - PKCS #12 (.PFX), Include all certificates in the certification path if possible and Enable certificate privacy. Click on the Next button.

11. Check Password and enter the password twice. Click on the Next button.

12. Enter the path and certificate name directly or use the Browse button to find the path where you want to certificate saved and then enter the filename. Click on the Next button to continue.

12. Click on the Finish button to export and save the certificate. You can then import the SSL Certificate at Winhost.

Additional Resources

Exporting at DigiCert

Exporting at GoDaddy

Exporting from Apache, Tomcat, or Java server

Importing an SSL Certificate from a PFX file

Thu, 11 Apr 2024 00:30:39 GMT

You can import an SSL Certificate from a .pfx file that was exported. Make sure that the exported .pfx file is protected by a password.

To get started:

Log into the control panel on Winhost.

Click on the Sites tab.

Click on the site account.

Click on SSL Manager icon under Site Tools.

Naviate to the following Import SSL link: https://cp.winhost.com/sites/importSSL.aspx.

1. Click on the Browse button and select the .pfx file on your local computer.

2. Enter the PFX password.

3. Click on the Submit Certificate button.

Force https with URL rewrite

Thu, 05 Jul 2018 21:52:37 GMT

For most sites, after installing a SSL certificate, https can be forced by adding a URL rewrite rule to the site's web.config file. Though, please note it will not apply to all sites, for example it may not work for those using routing or it may conflict with any existing URL rewrite rules. In the case of a CMS like WordPress or nopCommerce, it is often a setting within the CMS itself. The URL rewrite rule will not always work for ASP.NET Core sites (see below for more information).

URL rewrite rule to redirect all requests to https

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>
    <rewrite>
      <rules>
        <rule name="Redirect to https" stopProcessing="true">
          <match url=".*" />
          <conditions>
            <add input="{HTTPS}" pattern="off" ignoreCase="true" />
          </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
        </rule>
      </rules>
    </rewrite>
  </system.webServer>
</configuration>

Redirect to https in Core

For Core apps, UseHttpsRedirection middleware can be used to force https by adding app.UseHttpsRedirection(); to the program.cs as in the example below

var builder = WebApplication.CreateBuilder(args);

var app = builder.Build();

  app.UseHttpsRedirection();

More detailed information can be found after the link https://docs.microsoft.com/en-us/aspnet/core/security/enforcing-ssl

Securing domain pointers with a single domain certificate

Because multi-domain certificates can be cost prohibitive or less than straight forward to order, a workaround is using domain forwarding and flexible SSL through cloudflare.com. Flexible SSL means the connection is secure between the client and cloudflare, but is not secure between cloudflare and the site. So it shouldn't, for example, be used to secure a subdirectory pointer. But is sufficient when a domain pointer is only an alternate address for a site. Please note that this will assume some familiarity with cloudflare since it is an external service.

Add the domain pointer as a website in cloudflare and then when viewing the domain Overview, expand SSL, click Overview, then Configure, select the Flexible radial button and then Save.

Now create the domain forwarding rule by expanding Rules then clicking Page Rules.

In the URL field enter the domain pointer

For Then the settings are select "Forwarding URL" and "301 - Permanent Redirect" and enter the primary site domain in the "Enter destination URL" field

Save and Deploy

Browser security warnings after installing SSL certificate

Fri, 14 Apr 2017 16:50:17 GMT

Some of the most popular web browsers now display an "insecure" warning when visiting pages that are not accessed via HTTPS. The "insecure" warning may also be triggered on an HTTPS connection if certain page elements - such as images or external scripts - are not accessed via HTTPS.

After you have installed an SSL certificate for your domain there are still some things you may need to do to prevent any "insecure" warnings in your visitor's browser. If you install an SSL certificate but don't properly direct site traffic to use it, you will get the warnings.

That's because installing an SSL certificate makes https available, but it does not automatically send your visitors to an HTTPS URL. To force all incoming connections to use HTTPS you'll want to add an entry to the system.webServer element of your web.config file (go ahead and create the file if you don't already have one) that uses the IIS URL rewrite module to redirect all non-HTTPS traffic to HTTPS:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="Redirect to https" stopProcessing="true">
                    <match url=".*" />
                    <conditions>
                        <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

That will take care of forcing all incoming connections to HTTPS, though for the sake of consistency you may also want to update your site navigation and internal links to use the HTTPS URL.

If you still see insecure site warnings after implementing the URL rewrite, try:

Updating local image links (also references to images or scripts from outside of your domain) that use an HTTP absolute path URL to use the HTTPS URL.
If you're using a database-driven application like WordPress, you may have to update the HTTP URLs in the database. There are "find and replace" WordPress plugins that can help with that.