Secure Web (SSL) Tutorial

From XMission Wiki
Jump to: navigation, search

XMission supports the SSL (Secure Sockets Layer) method for secure transactions across the Internet. The Internet's standard for secure transactions, SSL involves full end-to-end encryption of all socket communications. The basic idea behind SSL is to use advanced encryption to send sensitive data across the Internet to lower the possibility of third party interception during transit. It is important to realize that no method of encryption can be considered 100% secure . By simply using "https://" instead of "http://" your SSL compliant web browser will be able to access encrypted secure web services at any supported target.

Following are some SSL guidelines to remember when securing your own web pages:

  • Anything referenced by the normal "http:" will show up as "nonsecure", indicated by an unlocked padlock icon on the lower right-hand side of Netscape's screen, and the lack of a padlock icon with Microsoft's Internet Explorer.
  • When linking to a page you wish to be secure, the link should use the following syntax:
    <A HREF="https://www.xmission.com/~acctname/file.html">
  • To avoid messages to visitors indicating that part of the page isn't secure, it is always better to use a localized reference to documents within your own space. This includes images. In other words, instead of:
    <A HREF="http://www.xmission.com/~acctname/orders/mail.html">
    use:
    <A HREF="orders/mail.html">
  • Most popular web browsers support SSL, but some older web browsers still do not. If you experience problems while trying to access your secure web sites, we recommend upgrading your browser or using one, such as Netscape, that supports SSL. To accommodate your visitors that may not be able to use SSL, it is a good idea to have "SECURE" and "UNSECURE" areas to give them a backup option.

If you have a Virtual Web Host account with XMission, and you'd like to use SSL with your domain, please read our SSL documentation.


Legacy Shared Hosting