Previous | Next Main Index:   Frames | No Frames
Document:   Frames | No Frames
 

SSL - Secure Socket Layers

 
If your server does not supply a digital certificate, a certificate may be obtained from a Certificate Authority such as Thawte Consulting, COST Computer Security Technologies, CompuSource, XCert, or Verisign.
 
SSL in WebStore is controlled by the following variables in the global setup file, ws_global.setup:
$use_ssl
$ssl_url
$ssl_graphics_url
WebStore and the SSL certificate must reside on the same server.
 
Due to the inherent overhead of secure sockets, WebStore invokes SSL when clients go to the order form and subsequent confirmation of order page.
 
When using SSL, <IMG SRC> references in %OrderForm, the order form hash of arrays, must be absolute and may be referenced using $graphics_url if the image is stored in the /Web_store/Graphics sub-directory:
    <IMG SRC="$graphics_url/visa.gif">
For images stored in a directory other than the /Web_store/Graphics sub-directory, always use https://:
    <IMG SRC="https://www.YourDomain.com/Path/To/visa.gif">
WebStore will remove the s in https:// for non-secure order form calls.
 
If you label an image in %OrderForm (order form arrays) with http:// instead of https://, and the script invokes SSL, your web browser will receive a message stating you are Viewing a Document with a Secure/Insecure Mix.
 
Be certain the domain name portion of your URLs match the name on the certificate:
    www.YourDomain.xxx
If the name on your secure certificate is www.SomeCompany.com, you must include www. in your URL or your web browser will receive a Certificate Name Check message, informing you the domain name listed on the certificate does not match the URL on the HTML document.
 
URLs leaving the secure environment are http://.
 
 
Top of Page