There is no certificate on the server. I had not installed one and
didn't think I needed to. The web page is secure and the connection
from the server to the payment gateway is secure. I don't think there
is actually a security issue here, but Firefox and Safari don't know
this, so they report a potential problem (enough to scare customers).
I could install a certificate on the server, but it's somewhat
problematic because I already use the IP address of the server
throughout several custom Rev programs. My understanding is that by
installing a certificate on the server, I will not be able to refer
to the server by its IP address, but would instead be forced to refer
to it by a domain name (meaning, I'd have to change a lot of previous
programming). I'd like to avoid that.
Richard
On Apr 11, 2008, at 4:55 AM, Luis wrote:
What exactly do you mean by 'The server is not SSL protected.'?
Is the certificate installed on the server? Apple Server Admin pdf
- http://manuals.info.apple.com/en/Server_Administration_v10.5.pdf
These might be of help:
https://support.comodo.com/index.php?
_m=knowledgebase&_a=viewarticle&kbarticleid=901&nav=0,1
Nice background - http://www.afp548.com/Articles/web/sslcert.html
Cheers,
Luis.
On 11 Apr 2008, at 09:03, Richard Miller wrote:
Hi Luis,
I wish this was the problem, but I am using a very well known
vendor.... one of the biggest on the Internet. Seems the problem
lies with the sending to an http address.
Richard
On Apr 11, 2008, at 3:36 AM, Luis wrote:
Browsers will warn of certificates they do not have in their
repertoire. If you want to cater for the general population your
best bet, to avoid the warnings, is to get a certificate from a
known vendor (ie: known to the browsers). If the audience is
limited, you can generate a certificate and get them to install
it in their browsers.
Cheers,
Luis.
On 11 Apr 2008, at 08:01, Richard Miller wrote:
I have a web page that is secured by an SSL certificate. Users
access it by going to "https://mywebpage.html". This page sends
a cgi request (containing credit card information) to my MacMini
server, located elsewhere. The server is not SSL protected. The
credit card data is then processed via a Rev SSL routine to a
secure payment gateway, then immediately discarded.
Is there any security issues with this approach? Do I need to
get an SSL certificate for the server?
I've noticed that Firefox and Safari post a warning message when
one hits the Submit button on the web page, saying that while
the web page is secure, the data is being sent to a potentially
unsafe location (presumably because the form is directed to an
http address). Internet Explorer doesn't show any message.
Would it be worthwhile to get an SSL certificate for the server?
Thanks.
Richard Miller
_______________________________________________
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your
subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
_______________________________________________
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your
subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
_______________________________________________
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your
subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
_______________________________________________
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your
subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
_______________________________________________
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution