E-commerce

ID #251

How do I use the shared SSL certificate?

Applies to: Grid System

The shared SSL service makes it so that all traffic to the secure URL:

    https://secure.modwest.com/yoursite.com/

leads to the same place as the insecure URL:

    http://www.yoursite.com/

So when you are uploading files to create your website, they go in the same place that you were putting them before.

Page Design

However, when you use the shared SSL certificate through the above secure URL in the HTML code of your webpages, you need to reference all files, images and other objects RELATIVELY, not absolutely, like this:

    img src=images/img.gif

and NOT like: img src=/images/img.gif
and NOT like: img src=http://www.yoursite.com/images/img.gif
and NOT like: img src=https://secure.modwest.com/yoursite.com/images/img.gif

If you write HTML that links to all objects on each page relatively as suggested here, then all links will always work correctly, regardless of whether you are at:

    https://secure.modwest.com/yoursite.com/

or are at:

    http://www.yoursite.com/

Controlling when to Turn SSL on and Off for Visitors

The way that you control which pages will be encrypted with SSL is by providing the visitor an explicit secure link to click on, written absolutely (not relatively), like so:

    a href=https://secure.modwest.com/yoursite.com/secure.html

or

    form action=https://secure.modwest.com/yoursite.com/processor.cgi method=POST

When you want to turn SSL encryption off, provide them an absolute (not relative) insecure link to click on, like so:

    a href=http://www.yoursite.com/file.html


Last update: 2010-09-27 16:03
Author: FAQ Admin
Revision: 1.2

Digg it! Share on Facebook Print this record Send FAQ to a friend Show this as PDF file
Please rate this FAQ:

Average rating: 4.33 (3 Votes)

completely useless 1 2 3 4 5 most valuable

You can comment this FAQ

Comment of Anonymous:
The reason for the advice in this FAQ is because when you are using the shared SSL certificate, your website is not at the DOCUMENT_ROOT of the webserver. It is 1 subdirectory down from the DOCUMENT_ROOT.

It is the difference between:

yoursite.com/ (where files are in the DOCUMENT_ROOT)

and

securesite.com/yoursite.com/ (where your files are in a subdirectory named "yoursite.com", not in the DOCUMENT_ROOT)

Added at: 2004-01-02 17:45

Comment of Anonymous:
If your site uses cookie-based PHP sessions, then the shared SSL certificate is not going to work for you and you will need to buy your own SSL certificate for your own domain name:

http://www.modwest.com/help/kb5-264.html
Added at: 2004-04-12 10:47