Hi everyone,

ok, I need some advice on how to have only one script run using ssl. I have a client who has a full e-commerce store and he would like the order form (which is a perl script) to be a secure page. I have being playing around with it for hours and I'm not too sure how to implement this.

Any ideas or suggestions would be greatly appreciated.

Thanks :)

There shouldn't be anything special - the script that's to be posted to with SSL would be in a content directory accessible by the SSL server. You still need an SSL web server process running to serve secure pages/scripts, even if it's just one.

Or did I misunderstand the question?

I think, you would need to get hold of the modules for SSL from the respective site, which I think you have.

Then you would need to hack the Perl Script so it can authenticate with a SSL server.


Thats it. :)

Travis, I have everything set up the way you mentioned but for some reason when I call the script it doesn't use ssl. Is there a specific way to call a script to assure that it is executed using ssl? I am using the https://domain.com/cgi-bin/script.cgi

Tab, has your server been properly enabled for https connections and the certificate installed on the server? Just calling to the secure script like <a href="https://domain.com/script">Script</a> should be fine... That's the only thing I can think of.

yep, it's installed correctly. I still don't have my own certificate yet (which I will be getting shortly, BTW where's the best place to get one?)

I guess what's happening is that when I call the script like you mentioned above it attempts to load the script but because the script is using images from another directory it refuses to execute the script correctly. Keep getting the message "this page has non-secure items. do you want to display these items?" and whether I click yes or no it still won't load the page.

I think I have to reorgranize all the files (gifs, etc..) to a specific folder that is ssl enabled and not just the script itself. Does this make sense?

It does make sense, and I do think it's highly advisable to organise all the GIFs and all the other files you need into the SSL directory so that you avoid the non-secure warning. From a shopper's point of view it might unnecessarily worry them and cause them to leave.

I have a suspicion that you might need a test certificate from Verisign or Thawte to complete your testing; otherwise if the re-organisation of files fail, then try using a test cert (I think Thawte is the one offering test certs, but I can't be sure - check both) and see what happens.

And do a search for certs - you'll find either of the two are recommended and there's a third as well somewhere around.

Best? I dunno, but there's a cheaper one at: https://www.equifaxsecure.com/ $79

yep, equifax is the cheapest and as good as the others :) Also, you can t4est your SSL without a certificate bought from somewhere... you will only get a warning but it'll work.

The easiest way to knwo if its working is to check if there is that litle lock in your browser. The ardest way is to check if the connection for the http isn't on the port 80... even harder involve sniffing your connection to see if it is crypted.

enjoy :)