This article answers the question: How can I make sure my visitors see my site only through https?
Once you have installed your SSL certificate, you need to make sure your visitors use the protected version of your website. You do that by forcing HTTP to forward to HTTPS.
Linux
In Linux you do that via adding this code to your .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
Windows
In Windows you do that via editing your web.config file. Here is an example:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="Redirect to https" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
Tip: Is your website on HTTPS but your browser still marks it as unsafe?
Then check for mixed content and delete if necessary.
If you use WordPress, it is sufficient to install and activate the Really Simple SSL plugin to resolve the mixed content problem.
