SSL provides visitors to your web site with the confidence to communicate securely via an encrypted session. For companies wishing to conduct secure e-commerce, such as receiving credit card numbers or other sensitive information online, SSL is essential. For additional information about the other components of e-commerce, see Appendix A.

Ordering SSL
Enetrics Communications offers SSL as an add-on enhancement feature for its Virtual Server system. A nominal setup fee is required, but no monthly recurring charges are applicable. (Please Enetrics Communications's web site for complete pricing information.) Ordering SSL for your Virtual Server is an easy task. You simply need to send an e-mail message to Enetrics Communications's service department or order SSL from Enetrics Communications's web site.

Accessing Your Secure Server
You can access any of your web content (e.g. documents, images, scripts) on your Virtual Server securely by using the https:// prefix rather than the http:// prefix. For example, to send the contents of a fill-out-form securely to one of your CGI scripts, include something like the following in your HTML source:

<form method="POST"
action="https://www.yourcompany.com/cgi-bin/script.cgi">

Ensure that once you enter secure mode that you do not reference embedded document content (images, etc) by an insecure prefix (i.e. src="http://www.yourcompany.com/image.gif").

A digital certificate is a document that gives your customers the assurance that your web site is legitimately yours and not an impostor's. A digital certificate will also provide you with a legal basis for transactions on the Internet.

The Secure Server (httpsd) has a digital certificate embedded in the binary. This certificate contains information about who owns the certificate (e.g. company name, domain name, contact address) as well as information about the issuing authority (e.g. VeriSign, Thawte). Because the certificate is embedded in the web server binary, you can only support one digital certificate per Virtual Server. Therefore, virtual subhosts that share the same Virtual Server must also share the same digital certificate.

In reality, the domain name mismatch in no way hinders the security of the transactions. The warning simply notes that the domain name included with the digital certificate ownership information does not match the domain name of the web site requested. The transaction is still secure. Even though the warning is couched in "unlikely" terms, many of your clients may feel uncomfortable conducting a transaction after such a warning is generated.

Enetrics Communications has developed a way around the warning (for all browsers which support Thawte signed certificates including MSIE 4.0+ and Netscape 3.0+) that still ensures integrity of the secure transactions. The default digital certificate installed with your secure server is owned by Enetrics Communications but instead of 2kweb.net includes the domain name "securesites.com". When you order your secure server, Enetrics Communications sets up a canonical name in the securesites.com zone file for your account. This canonical name has the form account-name.securesites.com.

For example, if the account name for your Virtual Server is "myacct", then a canonical name "myacct.securesites.com" is set up for your use. You can then access your secure server without generating a warning by referencing "https://surfutah.securesites.com". An example of this reference is illustrated below:

<form method="POST"
action="https://surfutah.securesites.com/cgi-bin/order.cgi">

Visit the Technical Support Pages for SSL for More Details