Page 1 of 1
how to use SSL
Posted: Thu Jan 26, 2006 5:01 pm
by Smackie
hello im not sure how to use SSL my host has a Shared SSL Certificates and i wanna know how to use it on 2 pages of mine if someone can help me please i need some help on this never worked with SSL before..
thank you
Smackie
Posted: Thu Jan 26, 2006 5:03 pm
by pickle
It's WAAAY easier than I'm guessing you expect

.
If the host already has a certificate setup, then you can secure your pages by just using https:// instead of http://. As soon as you use the https protocol, your connection is secured.
Posted: Thu Jan 26, 2006 5:09 pm
by Smackie
well i talked to the hosters and they said use
https://hostname.com/~username/ but for some reason i can only get the front page to come up i want to get like my check out page to come up only secure
thank you again
Smackie
Posted: Thu Jan 26, 2006 5:13 pm
by John Cartwright
That looks like the physical address of the host.. usually a domain will point to that instead of actually going to that url.
To get a page on a secured connection, change all your links from http:// to https:// as mentioned before.
Posted: Thu Jan 26, 2006 6:18 pm
by Smackie
i tried that but they come up forbidden :-\ but i can put in
https://orange.nswebhost.com/~username/ (username as my username to login with) and it comes up as my front page of that website
Posted: Thu Jan 26, 2006 7:32 pm
by Christopher
Often hosting companies use a shared SSL certificate. It is usually in the form
username.hostname.com or
hostname.com/username (like yours). It should be setup so that
http://username.com and
https://hostname.com/username point to your website.
There are a couple of tricks that you may need to do to make things work. First you need to inventory all the links on your secure pages. These either link to other secure pages or back to non-scure pages in the main site. If you just use relative URLs on the ones that link to other secure pages everything there should work fine. For the links that go between secure and non-secure pages you just need to make sure you have the full URL.
The one other problem you may have is that you will loose your session when you go from non-secure to secure and back. This is the old "dropped cart" problem. That is because the session is associated with a domain name. To solve that you need to manually pass he SESSIONID and start the session with that ID. There are some security measures you can take regenerating session IDs and checking an internally generated unique ID.