Alaska Software Inc. - SSL
Username: Password:
AuthorTopic: SSL
Allen LeeSSL
on Mon, 20 Sep 2004 22:06:11 -0700
Hi Everyone;
Our website employs: action="https://oursite.com/cgi-bin/waa1gate.exe"  in
the form tag of one page to invoke SSL when personal data is passed from the
client to the server.
All other pages use: action="/cgi-bin/waa1gate.exe"
Our clients want to see the "security lock"  icon on all pages even though
NO personal data is being passed.
They want the entire site secure not just the page where it is functional.

Question: What changes need to be made to accomplish this?
Do I need to add "https://oursite.com" before all "/cgi-bin/waa1gate.exe" ?
Is there a better solution?

Allen Lee
Phil Ide
Re: SSL
on Tue, 21 Sep 2004 10:40:26 +0100
Allen,

> Hi Everyone;
> Our website employs: action="https://oursite.com/cgi-bin/waa1gate.exe"  in
> the form tag of one page to invoke SSL when personal data is passed from the
> client to the server.
> All other pages use: action="/cgi-bin/waa1gate.exe"
> Our clients want to see the "security lock"  icon on all pages even though
> NO personal data is being passed.
> They want the entire site secure not just the page where it is functional.
> 
> Question: What changes need to be made to accomplish this?
> Do I need to add "https://oursite.com" before all "/cgi-bin/waa1gate.exe" ?
> Is there a better solution?

One of my sites began life as an HTTP site, and later I migrated it to
HTTPS.  This is fairly trivial to do.  I am using Apache, so I'll show you
how to do it Apache style, but the principles should work across any web
browser.


My document root is:

   public_html\

I create a new directory in here called non_ssl:

  public_html\non_ssl\

In here I create an index.html (or default.html or whatever).

<html>
  <head>
    <META HTTP-EQUIV="refresh"
       content="5;URL=https://www.shorttermcover.com/index.html">
    <title>ShortTermCover.com</title>
  </head>
  <body>
    <center>
      <h1>www.shorttermcover.com</h1>
        The website you are trying to access is hosted on a secure server.
        Please update your browser's links to use this address:
        <p>
        <a href="https://www.shorttermcover.com">
         https://www.shorttermcover.com</a>
        </p>
  </body>
</html>

This will attempt to redirect people to the HTTPS site (and gives them a
link in case their browser doesn't support this feature).

Next, you need to eit your VHost sections.  In the VHOST for your HTTP
site, just make the DocumentRoot = public_html\non_ssl

I assume you have your SSL configuration already setup - basically this
should map set DocumentRoot to public_html\

That my friend, is all there is to it 

Regards,

Phil Ide

***************************************
* Xbase++ FAQ, Libraries and Sources: *
* goto: http://www.idep.org.uk/xbase  *
***************************************

"If the shoe fits, buy it." (Imelda Marcos)