Installation and Setup > Security Best Practices > Using SSL

Using SSL

Related Topics: AppConfig Security | ControlScan Partner Program | Data Encryption |Security Best Practices

Security Coding Practices  | Web.config authentication   

Overview:

What is SSL?

Secure Sockets Layer, a protocol developed by Netscape for transmitting private documents via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with https: instead of http:.

AspDotNetStorefront fully supports working with SSL certificates. We recommend you get your cert on www.yourdomainname.com (or to wherever your domain is).

 

Turning On SSL

 

This link (when displayed as SSL-OFF) indicates that your SSL is NOT enabled. Clicking this link will enable your SSL. If SSL is on, clicking the link otherwise will turn back OFF.

 

NOTE:

DO NOT TELL THE STORE SITE TO USE SSL UNTIL YOU ARE ABSOLUTELY SURE YOUR SSL CERTIFICATE IS INSTALLED. You can test if it is installed by invoking your store home page via https , NOT http:// (e.g. https://www.yourdomainname.com). If that works, your SSL cert is installed.

 

To obtain the SSL certificate for your site:

         To obtain a SSL certificate for your site, contact your hosting provider. We do NOT offer SSL certificates ourselves.

Once you have the SSL properly installed, and you can invoke your store via https://www.yourdomainname.com (change your domain to your domain name!), then you are ready to tell the store to use SSL.

Note that using SSL is not supported on development machines.

Once you have SSL properly installed, you can do this:

(e.g. www.MyFirstWebStore.com, then use MyFirstWebStore.com)

The store will not go secure on any page that requires secure entries (e.g. sign-in page, cart page, account pages, admin pages, etc).

The store WILL ONLY go secure if it is RUNNING ON yourdomainame.com. It will NOT go secure if you invoke it via IP address, or another domain name. The store uses the AppConfig:LiveServer to know when it is running in production.

If you want the store to go "non" secure again on other pages, set AppConfig:GoNonSecureAgain=true (it is FALSE by default). If this is left at false, the cart will stay secure once it has gone secure for that customer during their visit. That is recommended setting (false) as customers prefer to see the lock icon remain in their browser once they have already seen it once on the site. It is a very negligible performance impact to stay secure unless you are on a very high traffic site.

We do not install SSL certificates, Your hosting provider will do that, or your technical staff will need to do that.

We work with dedicated SSL certificates, tied to www.yourdomainname.com (your domain).

Shared SSL certificates are not supported.

Again the store will NOT go live on anything other than a production server, where AppConfig:UseSSL=true and AppConfig:LiveServer matches your domain name! Best to get the SSL cert on www.yourdomainname.com and also set AppConfig:RedirectLiveToWWW=true

 

AppConfig Parameters for Going Live!

Set AppConfig:LiveServer=your domain name if you want to go live. However, the site would not go "live" for SSL, etc. until you are then running on that actual domain.

Set also set AppConfig:RedirectLiveToWWW=true IF their SSL cert is on www.yourdomainname.com

 

Important Reminder: Always perform RESET CACHE when you make changes in your AppConfig Parameters.

   

   System Requirements | Security Best Practices | Support & Upgrade Contracts | Downloads | Contact Us

   Copyright © 1995-2006 All rights reserved.