|
Secure
Web Service (SSL)
Resources
Web Crossing
4.0 provides secure web service (HTTPS) via the SSL (Secure Socket
Layers) protocol.
With
the growth of e-commerce and the presence of the Internet in everybody's
life, people are more concerned than ever about the confidentiality
and security of all our private information, hopping from router
to router, on its way between the end user and the Internet servers
we connect to.
One way
of protecting this information is to encode the data between server
and client (browser). SSL does this encoding. Web Crossing supports
SSL. When running in Direct Web Service
mode, Web Crossing can act as a full SSL server, encrypting
data to and from the server.
SSL settings
are found in the Secure Web Service Certificates
sysop panel, located just after the Direct
Web Services control panel
SSL operation
requires the use of a special certificate (this verifies who you
are to the connecting browser, and exchanges a key for encryption/decryption).
You have several options for creating or obtaining such a certificate:
- You
can build a certificate internally - but if you do so, the certificate
is signed by you, rather than a so-called "trusted authority."
(In this case, user's are warned the first time they connect
to your server that the certificate is "self-signed.")
- You
can build a certificate request and have Web Crossing forward
the request to Thawte/Verisign, or another issuing authority.
- You
can obtain a certificate or private-key using external tools,
such as Apache's Freeware Tools.
SSL services
work well with other Web Crossing features:
- In
Server-side JavaScript (WCJS),
XML-RPC calls can take https:// URLs
for the URL of the remote server for making secure Remote Procedure
Calls.
- In
WCTL, the url.http and url.httpReq
commands allow the processing of secure URLs, so you can fetch
secure pages and post to secure servers from within WCTL.
- Also,
while in Direct Web Service
you can support both standard and SSL connections. The switch
occurs depending on the value of the envir.https variable,
which is set to "on" for secure requests.All incoming
Web requests set the variable envir.url_scheme either
to the value "http" or to "https"
so you can check this value and forward to the appropriate page
or service
Resources
Sysop
Control Panel:
- Secure
Web Service Certificates
Web Sites:
Verisign
for obtaining e-commerce SSL certificates
Thawte another e-commerce SSL
certificate issuer
RSA Security the encryption
software that Web Crossing uses
An
introduction to SSL from Netscape's developer site - a good
introduction to SSL
|
