HTTPS is now the standard for application and website traffic on the internet. Over 85% of websites now use HTTPS by default—it’s to the point where a standard HTTP request now seems suspicious. 

This is great for the security of the internet, but it’s a huge pain for the website and application teams that are managing HTTPS records. It was easy to move HTTP records around with a simple URL redirect. HTTPS redirects, on the other hand, require changing the URL and the related SSL security certificate.

That extra step has proven to be quite a hassle, mostly because authoritative DNS and security certificates are usually managed in separate systems with no automation or integrations between them. Whenever you want to update an HTTPS record, you have to toggle between two places to make sure that everything is configured correctly.

“System” might actually be a generous term for how most companies approach SSL certificate management for HTTPS records. The reality is that most companies do it in a shared spreadsheet of some kind. The dangers of this approach are obvious: duplicate certificates, missed connections between certificates and URL records and general lack of alignment.

Here at IBM®, we’ve consistently heard about the challenge of HTTPS redirects from our NS1 Connect® customers. They want an easy button for this complicated process. They want to abandon SSL certificate spreadsheets and manage everything using the DNS portal (or Terraform playbooks, or API calls) where their primary focus lies.

Introducing HTTPS redirects in IBM NS1 Connect

We’re pleased to roll out HTTPS redirects as a standard feature for enterprise customers of our NS1 Connect-managed DNS product. Now you can manage URL redirects, DNS records and SSL certificates in a single place. We’ve used this opportunity to improve the entire URL redirects part of our SaaS platform, making it even easier to use. As with every NS1 Connect feature, HTTPS redirects is also available through our powerful API.

With the new HTTPS redirects feature, you can automatically attach SSL or TLS certificates through an integration with Let’s Encrypt to URL redirects and DNS records right in the NS1 Connect portal.

IBM NS1 Connect also makes it easy to configure HTTPS records once and have them populate across your DNS architecture. HTTPS redirects configured using NS1 as the primary DNS service will automatically flow to secondary DNS providers through a DNS zone transfer mechanism.

Does IBM NS1 Connect import or export lists of HTTPS redirects? Yes! We make it easy. You can import a CSV file of URLs you want to redirect and export CSV files of current redirected domains.

We’re also bringing together a bunch of relevant data so you can track the performance of redirected domains and ensure that connections are flowing smoothly. The raw analytics logs are available with data points like IP addresses, country, browser type and more. You’ll also be able to see statistics on number of redirects per URL, number of redirects per country and broken redirects that require fixing.

Business impact of disjointed HTTPS redirects

While on the surface managing redirects can seem like a minor operational challenge, it actually comes with some significant consequences for the agility and flexibility of businesses. Here are a few use cases:

Take for example a website migration—something pretty much every business has recently done or is planning to do. If your website records are run through HTTPS (which most are), the cut-over process to a new site becomes a complicated, drawn-out procedure. Matching SSL certificates to URL redirects and DNS records can turn that change into a weeks-long-phased ordeal where a lot can go wrong with missed connections and 404 errors.

So-called “parked” domains also present an HTTPS redirects challenge. If your business owns a bunch of similarly spelled domain names or common errors like “.co” or “.om”, the web server or nameservers you direct those domains to can change frequently. Implementing those changes at a mass level can be a huge resource drain without a way to easily attach SSL certificates to URL redirects and DNS records at scale.

Marketing and sales landing pages are yet another issue for HTTPS redirects. The easy-to-remember URL that you feature on an advertisement is probably an HTTP address that needs to redirect to a secure HTTPS record. The locations of those pages and the URLs involved are constantly changing on the fly as marketing campaigns adjust to customer activity and end-user experience metrics. Managing those changes at scale with the short-fuse timing of a dynamic sales campaign can be a huge challenge if you’re an internal service provider trying to work with an SSL spreadsheet alongside your DNS management system.