Using Secure Server (SSL)

Home : Customer Support Center : Using SSL



Normally, any text sent from your browser to the web server is sent as plain text. This means a cracker/hacker could potentially intercept the information sent from your browser and read it. By using the secure server, the information is encrypted before it is sent from your browser. It would be practically impossible for anyone to decrypt it without knowing the key.

Each domain hosted with The Server Center has the ability to access our 128-bit secure server. There are no setup fees or monthly fees to use this service.

How to Use

Using the feature is just a matter of using the secure link to the web page you want secured. For example, if you want a secure link to your home page and it is on our server 'hx2', you would use the following URL to link to your web page:

https://hx2.theservercenter.net/~username/orderform.html

* Replace username with your own control panel username.

Note: If your site resides on "hx1" simply use "https://theservercenter.net/~username/"

Your welcome e-mail should have the link to use for the server you are on. If you do not know what server you are on, send us a support ticket!

If you would like to have your own certificate installed so that customers can navigate your site via https://www.yourdomain.com, you will have to purchase your own certificate. You will need to request us to generate a key and install it on the server.

Once the key is generated, you will need to request the certificate from a trusted source, e.g. GeoTrust or VeriSign.

We do charge a fee for installing the certificate. We can also handle the purchase of your certificate and installation for you. For pricing information, please visit http://www.theservercenter.net/addons.shtml



Using FormMail.pl through secure server:

If you are calling the FormMail script through the secure server, your action line and other code will look like the following:

<FORM METHOD=POST ACTION="https://hostname.theservercenter.net/~yourusername/cgi-bin/FormMail.pl">
<input type=hidden name="recipient" value="orders@yourdomain.com">
<input type=hidden name="subject" value="Order from customer">
<input type=hidden name="return_link_URL" value="https://hostname.theservercenter.net/~yourusername/thankyou.html">
<input type=hidden name="return_link_title" value="Back to main page"> </FORM>

The last two lines allow a link back to your main page.

It's important that you call your order page through a secure URL (https) in order for it to work properly. For example:

https://hostname.theservercenter.net/~yourusername/yourorderform.html
Once you load this page you should see a keylock on the browser status bar, indicating that the page you are viewing is secured.

For detailed settings on using FormMail, click here.



Submitting Data through SSL to CGI's

Sending data from a HTML form page, over a secured connection to a CGI application running on the web server [e.g. the ubiquitous order processing application] is likely to be your main usage of SSL, so we give it closer coverage here.

The HTML code for a form page begins with a tag that looks like this:

<form name="order" action="http://yourdomain.com/cgi-bin/something.cgi" method="POST">

It is the action part we are interested in here. This is the URL that the contents of the form will be sent to when the submit button is pressed. This is where we should use the https:// URL, so that the data is submitted over the secured channel. e.g.

<form name="order" action="https://hostname.theservercenter.net/~username/cgi-bin/something.cgi" method="POST">

Note here that it is not necessary to load the order page itself over https:// [who would be interested in a blank order form?] only to specify that the data be submitted ['form action'] over SSL.

Since most CGI's respond to a successful operation by returning HTML data [i.e. an order confirmation] this information will be returned down the same https:// channel that was used to submit the data.


Using SSL with Interchange Shopping Cart

To use Interchange with our SSL server, please login to your Interchange Admin screen and follow these steps.

1. Click thru the following links: Administration -> Preferences -> Directories and Path.

2. Click on the text link "SECURE_SERVER" to modify this key field.

3. Then change the variable from "https://yourdomain.com" to: https://hostname.theservercenter.net (replace hostname accordingly)

4. Click OK. Then Click "Apply Changes" (near top).

5. Make sure the key field "SECURE_ENABLE" is set to 1 (enable). This field is found in:
Administration -> Preferences -> General.

Don't forget to click "Apply Changes" after you modify the key.

Now you can test it by going to your Order form or Checkout page. You should see a key or lock at the bottom of your browser, this indicates that the page is SECURED.



Back End Security

Although it is beyond the scope of this section of the manual to discuss web site back end security, its important to be aware of it when building SSL enabled sites. SSL is not a panacea for ensuring the privacy of your customers personal information. SSL only addresses the security of the submission of data to your site. The reality of the matter is not that their information will be captured as they submit it, but that it will be captured when you retrieve it yourself from the server, or while it is left waiting on the server for you to retrieve it. SSL can provide reassurance to customers that their information will remain private; but how you process that data once they submit it to your site, is what ensures that it remains private.

Tip:

Use SSL only where necessary. The first task when incorporating SSL into a web site, is to consider carefully where SSL should be used. SSL is computationally intensive - pages load slowly over SSL, and place greater load on the web server. A product order form would be a very good place to use SSL, however, file downloads would be a waste of resources at best.


For more information on SSL, you can view this tutorial.


  The Server Center. All rights reserved. Privacy Policy