FAQ


Match word(s).

Home : Customer Support Center : FAQ Index

Secure Server Setup (SSL)

  • Can my software application maintain state when switching from normal HTTP (non-secure) protocol to HTTPS (secure) protocol?
  • Where should I get my own Secure Certificate?
  • Why do my pages load more slowly when I use SSL?
  • I can't get SSL to work with my frame pages. Why?
  • How should I access my information through SSL?
  • Can you recommend a good merchant provider?
  • I want my own SSL certificate. Tell me the steps involved!
  • Can I access my secure pages as https://www.mydomain.com/
  • Can I transfer a SSL certificate to you?
  • What is SSL?
  • Why do I get the message 'some items are insecure'?
  • What is a digital key? What is a certificate?
  • Do I need an SSL Account?


    Can my software application maintain state when switching from normal HTTP (non-secure) protocol to HTTPS (secure) protocol?
    When you change from non-secure (HTTP) to secure protocol (HTTPS), any cookies or client variables you are using with one protocol will not be recognized from one state to the next. This is true since the web server views activity under each different protocol as completely different user sessions, so it does not maintain variable state between the two different protocols. This is true whether or not you use a shared or dedicated SSL certificate. Because of this, it is best to use HTTP protocol for most user activity, and only switch to HTTPS protocol for sensitive data gathering, and then after receiving the data, provide a deliberate and compelling hyperlink that takes the user back into HTTP protocol.

    For example, to go into secure mode, you would provide a hyperlink like:

    https://www.domain.com/shoppingcheckout.htm

    and after checking out, the user would be presented with a hyperlink like:

    http://www.domain.com/homepage.htm

    Where should I get my own Secure Certificate?
    We suggest that you get your certificate through the following sites:

    http://www.equifaxsecure.com
    http://www.thawte.com
    http://www.verisign.com/ (expensive)

    Why do my pages load more slowly when I use SSL?
    SSL pages are slower because of the overhead needed to encrypt and decrypt the data. The web server must spend extra time encrypting the data before it is transmitted to your computer. Likewise, your computer must then decrypt the information. The same applies when you securely submit information from your computer to the Web server. All this requires your CPU and the Web server's CPU to work harder and therefore might cause pages to load more slowly.

    I can't get SSL to work with my frame pages. Why?
    A frame of a frames page cannot be served securely. For a framed page to be served securely the entire frames page and all pages within the frame must be accessed securely.

    How should I access my information through SSL?
    When your shared or dedicated SSL is set up, we will provide you with the URLs that will allow you to access your secure site. The only difference between a secure and non-secure URL is that secure URLs use "https://" instead of "http://".

    Can you recommend a good merchant provider?
    Low-Cost Startup Merchants:
    http://www.2checkout.com ($49 setup fee, no monthly fees)
    http://www.revecom.com ($49 setup fee, no monthly fees)

    General Merchants:
    http://www.Authorize.net
    http://www.Charge.com
    http://www.PlanetPayment.com - Accepts international merchants

    I want my own SSL certificate. Tell me the steps involved!
    Read this page.

    Can I access my secure pages as https://www.mydomain.com/
    Only if you obtain a secure certificate for your domain name.. Certificates may be obtained from Verisign, Thawte, or any other authorized CA (Certifying Authority).

    Can I transfer a SSL certificate to you?
    If you already have the certificate and can send us a backup file of the certificate that has been generated on the previous web server, as well as the password associated with the certificate file, we can install it on the web server here for a small setup fee. If you can't obtain the backup file or the password, then we will have to go through a completely new purchase, or possibly just a certificate renewal, which is less expensive.

    What is SSL?
    SSL stands for Secure Socket Layer. It is an emerging standard developed by Netscape Communications to transfer information securely across the Internet. SSL will enable your customer's browser to connect to your web site and transparently negotiate a secure communication channel. Once this connection has been made, information, like credit card numbers, can be exchanged securely.

    Please note that SSL does not include software to process credit card transactions. Although you can securely receive credit card information through SSL, actual processing of the credit card will require a "Merchant Account" from an accredited financial institution.

    Why do I get the message 'some items are insecure'?
    For a server to serve a page securely all items, including graphics, must be accessed using the https:// protocol. If you are receiving a message stating some items are insecure then you have at least one item that will be served unsecurely.

    What is a digital key? What is a certificate?
    SSL uses a public key - private key system for its encrypting. The public key is used to encrypt the information. However, only the private key can be used to decrypt this information. This allows the public key to be known to all so that encrypted information may be sent to the server. The server can then use the private key, which is kept secret, to decrypt the information.

    In this scenario, the certificate is the public key. A certificate signing authority such as Thawte or Verisign issues this public key. The public and private keys compose the digital key pair.

    Do I need an SSL Account?
    If you are creating a web-based form where you want the visitor to enter data and submit the form to the web server for processing, you may want to use SSL (secure socket layer) encryption service. This is especially true if you are entering credit card numbers or other sensitive information.

    When using SSL service, as the data is transmitted from the client's browser to the web server, all information on the form is encrypted. Once it is received at the web server it is automatically decrypted, and you can then store it or process it as usual on the web server.




  • Duplication without permission prohibited.


    Script provided by SmartCGIs.com