So far only some websites we run have been secured by an internal generated certificate which for everybody else caused a certificate error unless you imported the Certificate Authority that issued them somewhere. Now we’ve replaced it with a commercial certificate (wildcard version) to cover all the current websites and anything else we want to build or test in the future. Currently all sites will run with HTTPS, however it is not yet enforced, we will do this at a later stage. Both our blogs still can still start with HTTP however as soon as you go further it will go over into HTTPS, however we still need to edit some articles as they have collected hardcoded paths instead of relative paths in their content. This needs to be fixed until it will only run on HTTPS. Once that happens then if you then enter HTTP it will simply translate that to HTTPS for you.

Update (Sep 15): There where problems with Mozilla Firefox (Desktop as well as Mobile) throwing an error as well as Android (incl. Chrome browser), but these where due to a problem with the certificate chain. I did not test with others. Automatic rewrite on both eugene.dullaard.nl as well as sunny.dullaard.nl towards HTTPS is working fine. If the above doesn’t get resolved I will most likely revert that change until there is time to look at it. So with exception of the homepage everything is now SSL enabled. The homepage I didn’t do yet as it contains the cartoon that has an external source and cannot be obtained via HTTPS. This would throw alerts in certain browsers and as there is nothing special on that page, I left it as is.