[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-developers] Using only HTTPS to visit site

Subject: Re: [cobalt-developers] Using only HTTPS to visit site
From: "Kevin D" <kdlists@xxxxxxxxxxxxxxx>
Date: Fri Dec 29 06:55:01 2000
List-id: Discussion Forum for developers on Cobalt Networks products <cobalt-developers.list.cobalt.com>

Usually secure certificates are used only when the time for the transaction
occurs. Thus, you control the links... people visit http://www.yoursite.com
and then click on, say, a checkout button, which links them to
https://secure.yoursite.com/checkoutprogram?stuff

In your checkout program you could write some code to verify that they are
connecting using https, and not http. This is done differently in different
implimentations, but in perl you would use the Env variables to see how the
user is connected.

Now that I think about it, you could probably use a script-rewrite thingy in
apache. Visit apache.org for more info on that.

Kevin

----- Original Message -----
From: "Dave Simms" <dcsimms@xxxxxxxxxxx>
To: <cobalt-developers@xxxxxxxxxxxxxxx>
Sent: Thursday, December 28, 2000 5:21 PM
Subject: [cobalt-developers] Using only HTTPS to visit site


>
> We have an RaQ 3 (and a few RedHat Linux 7) machines and we're having
> trouble getting our SSL working properly.  We purchased a security
> certificate from Verisign, and installed it per their instructions.
>
> On our machine, we have one IP address, and ten name based virtual hosts.
> One of the virtual hosts is also our primary site (what DocumentRoot is
set
> to).  We can access the primary (desired secure site) using
> https://www.sitename.com.  That works fine, but we can are also able to
> access the site using http://www.sitename.com.
>
> What do we need to do to make the site and/or specific pages on that site
> become secure and only accessable using https?  I don't want people to be
> able to access our site using httpd, and then have an insecure credit-card
> transaction.
>
> Any help and/or sample httpd.conf help is appreciated.
>
> Thanks,
>
> Dave
> dcsimms@xxxxxxxxxxx
>
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
>
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers
>

Follow-Ups:
- [cobalt-developers] RAQ 4 Back Methodology
  - From: Danny Daniels

References:
- [cobalt-developers] Using only HTTPS to visit site
  - From: Dave Simms

Prev by Date: [cobalt-developers] Using only HTTPS to visit site
Next by Date: [cobalt-developers] RAQ 4 Back Methodology
Previous by thread: [cobalt-developers] Using only HTTPS to visit site
Next by thread: [cobalt-developers] RAQ 4 Back Methodology

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index