[RESOLVED] Need SSL advice

1andyw

Hi,
Our web site is hosted on a shared server. We have aprx 250 static pages plus several mySql tables with 100K rows.
I now need secure service to store personal information submitted by some clients using ordinary html form input. When I asked my host provider about secure service, they talk about a fully qualified URL and now I'm lost. We purchased a domain name years ago. Our url is "http://www.mygroup.org" . We don't use subdomains but fork our pages using a "/". Do we now have a fully qualified URL? I only expect to use one login/submit setup and two tables for the encoded portion of our site. How to I proceed?

Thanks,

Andy

traq

A "fully qualified" URL is one that includes the scheme and host part, e.g.

[indent][font=monospace]http://example.com/path/file.php[/font][/indent]

as opposed to

[indent][font=monospace]path/file.php[/font]
-or-
[font=monospace]example.com/path/file.php[/font]
-or
[font=monospace]/path/file.php[/font][/indent]

It's not a kind of URL, it's just a specific way of writing the URL.

1andyw

Thank you, traq. 🙂

bradgrafelman

dons pedant hat

traq;11039645 wrote:
It's not a kind of URL, it's just a specific way of writing the URL.

Given that RFC 1738 says this:

RFC 1738 wrote:
An HTTP URL takes the form:
  http://<host>:<port>/<path>?<searchpart>[/quote]I'd have to disagree with you and say that you only posted one [i]URL[/i]; the other three examples were not URLs but rather one or more components that could have comprised a URL.
EDIT: That is, of course, assuming "URL" does not also include "relative URLs" (as defined in RFC 1808).

traq

bradgrafelman;11039653 wrote:
dons pedant hat
…
I'd have to disagree with you and say that you only posted one URL; the other three examples were not URLs but rather one or more components that could have comprised a URL.

I'd have to agree with you; though I contest the implied accusation that I claimed the other three examples were, in fact, URLs.

I submit that the term "fully qualified URL" still refers to a "specific" URL format, regardless of whether it is (technically) the only format.

BTW nice hat

cretaceous

Been following this thread.. what relevance does "fully qualified URL" have to SSL cert?

Doesn't every method of getting html resolve it back to its full URL anyway?

1andyw

Good point.
I understand the an SSL page will throw an error if an off-site page attempts to load with the on-site pages. In my case, I have several widgets for weather, translation, etc that load at different points accross the site. I wouldn't want to include my entire domain with the SSL. I think I have to explore getting a sub-domain issued, ie: secure.mygroup.org and then try to get just the sub-domain under SSL.

Andy

dalecosp

Late to this thread, but probably what they are saying is that you need your own server.

Under Apache (at least), you can have only one SSL site per IP address/network interface (e.g. per "machine" in most hosting situations). If you are sharing the system with others (e.g. don't have "root" on the box), they can't give you an HTTPS site.

Now, this limitation is being overcome by certain means (here's one), but as most hosting companies lag behind current technology for several months or even years (PHP 4.x, anyone? I'm still in command of one "shared" server using that), that's likely what they're trying to tell you.

1andyw

I believe you are right. That is the path I am exploring now.

Thanks,

Andy