|
|
| Secure
Server
BiznizSource
offers SSL for clients that need to transmit
private or sensitive data collected in their web
site securely.
Where
do I get secure certificate?
How do I use SSL?
|
| What
is SSL?
|
SSL
is a security protocol that was developed by
Netscape Communications Corporation, along with
RSA** Data Security, Inc. This protocol ensures
that data transferred between a client and a
server remains private. It allows the client to
authenticate the identity of the server.
Once your server has a digital certificate, SSL-enabled
browsers like Netscape Navigator and Microsoft
Explorer can communicate securely with your web
site using SSL.
SSL
uses a security handshake to initiate the TCP/IP
connection between the client and the server.
During the handshake, the client and server agree
on the security keys that they will use for the
session, and the client authenticates the server.
After that, SSL is used to encrypt and decrypt all
of the information in both the https request and
the server response, including:
- The
URL the client is requesting
- The
contents of any form being submitted
- Access
authorization information like user names and
passwords
- All
data sent between the client and the server.
HTTPS
is a unique protocol that combines SSL and HTTP.
You need to specify "https://"
as an anchor in HTML documents that link to SSL-protected
documents. A client user can also open a URL by
specifying https:// to request an
SSL-protected documents.
Because HTTPS (HTTP + SSL) and HTTP are different
protocols and usually use different ports (443 and
80, respectively), you can run both secure and
non-secure HTTP servers at the same time. As a
result, you can choose to provide information to
all users using no security, and specific
information only to browsers who make secure
requests. This is how a retail company on
the Internet can allow users to look through the
merchandise without security, but then fill out
order forms and send their credit card numbers
using security.
A browser that does not have support for HTTP over
SSL will naturally not be able to request URLs
using HTTPS. The non-SSL browsers will not allow
submission of forms that need to be submitted
securely.
|
| Where
Do I Get a Certificate
|
Option
1 (not available on NT)
Use BiznizSource's SSL digital certificate. This
option gives you full SSL security on your web
site. The only drawback is that you will need to
use BiznizSource's domain name in any secure URL:
https://www.BiznizSource.net/<your-userID>/<orderform.html>
Option
2
Contact
us to obtain your own Digital Certificate by
Thawte, a verisign company $125. https://www.yourdomain.com/orderform.html
|
| How
do I use SSL?
|
| Attention:
If you are using Miva Merchant, the following is
built in to the software.
If
you have a link to an order form, for example,
from your home page, you would need to use a URL
similar to following:
- https://www.BiznizSource.net/<your-userID>/orderform.html
-or-
- https://www.yourdomain.com/orderform.html
(if you have your own digital certificate)
The
"s" in https:// suggests an SSL related
file. Substitute the path to the order form
starting with user directory name. If your account
resides on server #2, you would need to use
https://www.BiznizSource.net/<userid>/form.htm
or 03, 04, etc. respectively depending on which
server the secure form resides.
If
the secure form calls a cgi script, you must also
reference that script securely.
<form
method="post" action="https://www.BiznizSource.net/<userid>/cgi-local/order.cgi">
-or-
<form method="post"
action="https://www.yourdomain.com/cgi-local/order.cgi">
(if you have your own digital certificate)
|
|
|
