SSL

[Portend]

Secure Sockets Layer

Does anybody know if any code has to be changed on a web page that is to be secured? Or is it all just up to the network admin on the server side? I know ssl is a protocol so do I just buy the key , get the admin to install it, and only change the http:// to https:// in the form and place the asp pages in the secure server or is there more coding involved?


Thanks

 

[Mark R]

It is essentially that simple.

You need to buy a server certificate from a certificate authority (e.g. verisign or Thawte).

You need to involve your admin in this process as the CA can't issue a working certificate unless they have a 'certificate signing request' which is generated by the web server on the administrator's request.

Once the completed certificate is supplied by the CA, it is then installed on the server.

You then need to activate or disable SSL/unencrypted access for each directory on the web server - e.g. you should ensure that areas which are intended to be secure have standard HTTP access disabled.

No recoding of your web site is required, except for hyperlinks which cross from the unsecure area into the secure area and vice versa (which explicitly need http:// or https:// declarations. ASP code should work fine.

 

[Portend]

When you say directory do you mean virtual directory or just folder?What I mean is can I secure a folder within a virtual directory or do I have to secure all of it contents?


Thanks

 

[Mark R]

Any folder which is web accessible can be secured individually (at least on Windows NT).

That means that a whole virtual directory can be secured, virtual directories within it can be secured individually, and 'real' directories within a virtual directory can be secured individually.

 

[Portend]

thnx for your help

 

[sun818]

If the web server is behind a firewall, the network admin will have to open up port 443, the default SSL port.