Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SSL confusion 1

Status
Not open for further replies.

audiopro

Programmer
Apr 1, 2004
3,165
GB
I am a bit confused regarding the SSL provided by our ISP. I have expereience of SSL's on shared hosts where secure transactions are carried out via a link, totally separate from the main website.

We have now got a virtual private server and this is set up where the http and https links both point to the same place. The padlock is in place under secure conditions so I assume the secure layer is working but I wonder if this is the normal setup.

Is it just the fact that the transaction is carried out over the secure layer which makes it actually secure and the location of the host file, say an address form, does not actually matter?

Keith
 
Hi,

This is OK and you can be confident that all transactions will be secure over this protocol. Your apache server will be instructed to listen on port 443 for requests - it does not necessarily need to be on a different server or subdomain.

To prevent port 80 access to parts of the site that need to be secure then I would recommend adding an apache rewrite rule to automatically jump to https if a request is made.

Hope this helps a little.

Steven Parker
 
Thanks for that
I just assumed that anything involving a secure connection was stored in a secure place but I suppose the form itself does not need any security, only the details entered onto it.

Keith
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top