SSL confusion 1

[audiopro]

I am a bit confused regarding the SSL provided by our ISP. I have expereience of SSL's on shared hosts where secure transactions are carried out via a link, totally separate from the main website.

We have now got a virtual private server and this is set up where the http and https links both point to the same place. The padlock is in place under secure conditions so I assume the secure layer is working but I wonder if this is the normal setup.

Is it just the fact that the transaction is carried out over the secure layer which makes it actually secure and the location of the host file, say an address form, does not actually matter?

Keith

http://www.studiosoft.co.uk

 

[parkers]

Hi,

This is OK and you can be confident that all transactions will be secure over this protocol. Your apache server will be instructed to listen on port 443 for requests - it does not necessarily need to be on a different server or subdomain.

To prevent port 80 access to parts of the site that need to be secure then I would recommend adding an apache rewrite rule to automatically jump to https if a request is made.

Hope this helps a little.

Steven Parker

http://www.stevenp1974.co.uk

 

[audiopro]

Thanks for that
I just assumed that anything involving a secure connection was stored in a secure place but I suppose the form itself does not need any security, only the details entered onto it.

Keith

http://www.studiosoft.co.uk