I can't seem to get an answer to this: EXACTLY where do I put my SSL files? One is cgi and the other folder is secure graphics. Is the ENTIRE SITE SSL? (I have activated it). Also, do I still need a certificate or do we work off of a powweb master certificate? I can't set up my credit card processing until I get these answers.
Thanks.

Hi rikro,

You're on the right track. Yes, you can access your entire site using SSL. You will be using Powweb's certificate. You do not need to do anything more to use SSL. The key to accessing your site with SSL is the URL used in doing it. You simply replace your site's normal URL with the one shown in your OPS Control Panel under SSL. It will read something like:

https://server.powweb.com:1234/

where "server" will be the name of the Powweb server where your site is hosted, and "1234" is a 4-digit number called a Port Number. Note, too, of course, the use of "https" instead of simply "http". From there, the URL is pointing at your site as if you'd entered everything normally.

On a practical basis, this takes a little getting used to, but its basically a bike ride. Once you're over the hump, its all downhill. My personal advice is to use relative addressing on every reference on pages that will be accessed using SSL. This will prevent users from getting a warning message from their browser that "some elements on this page are not secure". That means things like <a>nchor tags, <img> tags, <form action=> references, and such should all read like:

<img src="images/somepict.gif">

or

<a href="nextpage.html">

If you have any trouble or questions, just drop another message here. Someone will chime in. Good luck!

OK, I think I'm getting it.
I presume that the 5 digit # after.com: is unique to me. Right? I'm guessing anything I need encrypted would use the format:
http://www02.powweb.com:XXXXX/file.whatever. Am I close?

Since only a few of my files need encrypted, is it better to just encrypt everything or just those I'm worried about? I don't want to slow things down too much.

If the latter, can I make a folder called "secure" and put those in there? Does the CHMOD need to be changed?

I appreciate all the help. I'm cool with everything except SSL, and I think I'm finally gettin' it.

Rick

Hi Rick,

Yes, your port number is unique. As I'm sure you've guessed, that's how Powweb's servers direct the traffic to and from your site. And you've got the syntax right, too.

I think its a good idea to this of SSL primarily in terms of accessing pages. The pages will have elements on them that are subsequently accessed via SSL and included on them, but overall I think you want to think in terms of design and user navigation, which means pages to me. So overall you want to use SSL to access pages in the obvious places - with <form>s that will contain sensitive information - credit card numbers, EMail addresses, of course, but you might even want to use it for name and address pages. But I'd keep accessing the rest of your site as you normally do. This keeps your site's regular URL/domain name in the address box of the user's browser as long as possible and there's a comfort benefit in that. I haven't found there to be a significant speed penalty in using SSL, but then I really only use it for the final checkout page on my site which is about 98% text and HTML.

No need to CHGMOD anything except scripts in your /cgi-bin directory. Again, everything works with SSL just as it would with normal access except (a) the URL is different - a one-for-one replacement for your site's normal URL, and (b) the data is encrypted. In practice, I don't think you'll find that you will have pages that will be accessed both normally and via SSL, so there's no pressing need to set up a separate folder for those pages unless it will help keep things separate for your own thought processes.

Hope this clears things up a bit. Good luck!