SSL Shared Certificate - uses and limitations
An option on your hosting account is the setup and use of a shared certificate allowing you to encrypt your sensitive pages using unbreakable 128-bit SSL encryption.
A certificate is installed on each of our web servers and on request we'll set up a virtual directory for you pointing to a directory called 'ssl' inside your account. The URL for your secure pages will be anonymous and in the form of :
https://dn- * -secure.com/username
(where * denotes the DotNetted web server your site in installed on)
Cookies and Session Variables
When you move between your shared SSL directory and the rest of your web site you are effectively moving from one web site and domain to another and any session variables or other cookies created will be destroyed - you need to find another way of passing information between the pages.
The most common way to do this is to either post the information from one page to the other via a form (or query string) or to save that info to your database, move to the other 'site' and then retrieve the info back from the database.
Every item that is displayed inside your secure pages, e.g. images or style sheets, MUST be served from your SSL directory otherwise you will receive an error message stating that some items in the page are insecure.
/bin directory .dll's
you wish to use your own .NET .dll files (via the /bin directory) on your secure pages you'll need to create a /bin directory under your SSL directory and place copies of your .dll's in here. This is because the SSL pages run under a separate virtual directory and application so can't access the /bin files of your main account.
Forcing a https / SSL connection
To force a connection into secure (https://) mode all you need to do is call the FULL URL of the page, for instance if you had an online store and the checkout was to be held on your secure directory in a page called checkout.asp then links in your site to the checkout page would be absolute in the form of :
To ensure that visitors cannot accidentally get to your payments pages in non-secure mode use the following piece of code at the top of all your secure pages :
If Request.ServerVariables("HTTPS") = "off" Then
On hitting your page this code will check whether a https connection has been initiated and, if not, redirect to the page through the correct secure URL.
Please note. SSL should only be used where absolutely required as the encryption is very CPU intensive using around 10 times the resources of the equivalent non SSL page. This leads to higher server loads and slower page load times for your visitors.