The online FAQ database contains hundreds of answers to frequently asked questions, articles on using our
web server applications and other related technologies, and resolutions to common problems. If you are seeing
an error message, be sure to try searching on the error message or error number that you are seeing.
|
| |
| |
| |
| |
|
|
SSL refers to the Secure Socket Layer protocol. When collecting billing data and credit card information from your site users, it is highly recommended that you use SSL to encrypt the sensitive information to and from your users. To use SSL with XCENT web server applications, you will need to have a SSL certificate installed for your site’s domain. An SSL certificate is really not much more than an extremely large number that helps your site's visitors browsers identify and negotiate an encrypted connection between their browser and your web server.
There are two commonly used techniques for using SSL on a web site, shared certificates and dedicated certificates. The shared certificate method is often an option offered by some ISP’s and web hosts to their users for little to no additional charge. The advantage to using this type of certificate is that it is generally the least expensive option. However, it is critically important in how to use a shared certificate so that this technique does not lend itself to possible security holes in a site using it. So in order to prevent that from becoming a weakness in your site, XCENT applications must be configured as described below in order to support a shared certificate.
When using a shared certificate, your ISP will give you a URL to access your site using SSL. It should look something like this (https://www.myisp.com/secure/mysite/). If you were paying close attention, you should have noticed that the normal text at the beginning of the URL is HTTPS instead of HTTP for a secure URL. This is what tells your browser to connect to the web server using the encrypted SSL connection instead of the normal HTTP connection method. In order for XCENT’s web server applications to work with a shared certificate, this URL must be able to work in both SSL mode and normal HTTP mode. This means that you must also be able to use the URL like this (http://www.myisp.com/secure/mysite/). You should be able to type both of the URL’s into your browser and get the same page, only one is encrypted with SSL, one is not. When configuring your XCENT application(s), these will be the URL’s that you must use for the URL settings within the application.
There are a variety of ways that ISP’s will configure their servers running shared certificates. Not all configurations will work well. If the ISP’s SSL server is an entirely separate machine or site, you may have to also move all your application files to the separate secure server in order to use their shared certificate. You will have to check with your ISP to determine if you will need to move any files. If so, it may be possible for them to move the files for you much more easily and faster than you can do remotely.
Installing your own dedicated certificate for your site is the is the best and recommended option. If your site is hosted by an ISP, this is something you will need to get them to help you with. This is because to get your own SSL certificate, you must generate a certificate request. This is usually done by the administrative tools for the web server itself. So, most likely your ISP will need to perform this step. Once you have generated a certificate request, you send it to the certificate authority (or CA) that you want to get your SSL certificate from. There are a number of certificate authorities and it is good to shop around to get a good price. Contrary to the scary marketing tactics one particular CA uses, there really is no difference in the quality of an SSL certificate from one CA over another. Once you have been issued your SSL certificate, it gets bound to your domain. For example, if your URL is www.example.com, then the SSL certificate should be bound to the root of your site and not any specific folder. If installing it yourself, be sure to not just bind the certificate to a specific folder within your site, and you certainly do not want to check any option that makes the certificate required for the site or folder. If you were to do that, then your whole site would always have to run in SSL mode.
|
|
|
|
| |
