Knowledgebase: Secure Server & Certs
Secure Server Usage (https / SSL)
Posted by SITEWORKS SYS on 11 November 2005 03:40 AM

With the advent of affordable and easy to install personalized secure certificates, I highly recommend that clients obtain their own unique cert to further promote the security of their site for commerce transactions.

CERTIFICATES TO PURCHASE:

Turbo SSL, $27.95 per year

RapidSSL, $69.00 per year

RapidSSL by Flexi,� $24.00 per year

*SPECIAL* Through special arrangement, we can obtain a genuine "RapidSSL, Equifax Secure Global eBusiness CA-1" certificate on your behalf for only $20.00 per year. Because we have to obtain this low price through a company that offers competitive hosting, we will not post the URL.


Secure Server Order Forms Normally, any text (such as your credit card number) sent from your browser to the web server is sent as plain text. This means that a hacker could potentially intercept (however unlikely) the information sent from your browser and read it. However, by using the secure server, the information is encrypted before it is sent from your browser. It would be practically impossible for anyone to decrypt it without knowing the key. Please use the secure server only when necessary, as when requesting sensitive information from your visitors.
The domains hosted by us are housed on many different computers, each of which have a different machine name.

To find out what machine name to use for your secure order access calls, login at web control for your domain at:

http://your-domain/cgi-bin/plusmail

Each server has its own safe-order site, and although you will be putting your form on your own domain, it must be called through the safe-order server in order for the form to be secure.

** You cannot use Frontpage forms processing via the secure server
and will need to use formmail.cgi or a similar script **

To do this, create your form as usual and put it somewhere in your www directory. You can put your form anywhere you want to, but for this example, let's assume the normal URL for your form can be accessed from a browser with this URL:

http://your-domain/signup/secureform.html

To call the form through the secure-order server, you need to use the following URL to access your pages via the secure server (even though your form resides on your own domain space):

https://machinename.safe-order.net/yourdomain/signup/secureform.html.

That would be the URL you would put as an <HREF> to link to your form from whatever page you have your visitors link from. Don't forget the "s" in "https."

To call scripts in your cgi-bin via the secure server you should use a URL like this:

https://machinename.safe-order.net/cgi-yourdomain/your-cgi.cgi

Special instructions for using FormMail.cgi with the Secure Server

If you are using formmail.cgi through the secure server, you can still place your form anywhere on your webspace you want to, but you MUST use the following URL as the ACTION of your form:
https://machinename.safe-order.net/cgi-bin/formmail.cgi
Here's an example of how the first parts of your form might look:
<FORM METHOD=POST ACTION="https://machinename.safe-order.net/yourdomain/cgi-bin/formmail.cgi">
<input type=hidden name="recipient" value="whoever@yourdomain.com">
<input type=hidden name="subject" value="Order">
<input type=hidden name="return_link_url" value="http://yourdomain.com/">
<input type=hidden name="return_link_title" value="Back to Main Page">

It is still important that you call your order page through a secure URL in order for it to work properly. You must use:
https://machinename.safe-order.net/yourdomain/order.htm.
If you call formmail.cgi through the secure server, you must also call the order form through the secure server. Otherwise, a "bad referrer" message will result.

Cgiwrap--Secure Server CGI Wrapper Your domain includes secure server access, allowing you to collect customer information in a secure fashion. Since you might also want to run a cgi program in secure mode, we make available Cgiwrap - a system that allows safe, secure use of cgi programs. We have created a sort short cut for this as well. When you want to use a cgi script or program in secure mode, you must change the URL to follow this format:

  • https://machine.safe-order.net/cgi-domain/script.cgi

Machine - that is the machine name that is hosting your domain.

cgi-domain - replace the word domain with your domain name.

script.cgi - use the name of the cgi script located in your cgi-bin directory.

(1417 vote(s))
Helpful
Not helpful

Comments (0)