Secure Directory/Server?


#1

I am in the process of transfering hosting for Yolo Hospice to DreamHost. For donations, which currently are via PayPal, I want the logo secure to avoid the browser warning(s) regarding unsecure and secure info.

Is this possible to do without changing the domain to “https”?

I am a begginer with server management (but a quick learner).

(I did a search on this forum and did not find anything straight forward enough for me to understand re: my situation.)

TIA,
Greg


#2

If you use the donate button on this page, you will see what I mean: http://www.yolohospice.org/donate.php

It is happening because currently the logo at the top of the paypal page is on an unsecured server.

I want to keep the logo (which has to be served by our server) to help people who are making the online transaction feel more secure.

I am imagining that some users will not be web/internet savy.

  • Greg

#3

I get the paypal screen, with logo (looks nice!) under FireFox 2.0 with no warning, the “lock” icon in the lower right of the screen, and the browser address bar color change indicative of an https:// connection…in short, it looks fine to me, and has all the assurance of a secure link. What browser are you seeing a warning in?

–rlparker


#4

Ah, yes… it is an IE thing. (I tend to test in IE since it is the quirkiest - being nice - and most used.) Still hoping for a solution.

And it is DreamHost’s oustanding non-profit service that attracted me… and I have been spreading the news.

  • Greg

#5

I just googled across this thread in another forum, which discusses your problem, pay pal’ tech support response, and finally suggest one possible -solution (use a "secure image
hosting service - very inexpensive!). Just a thought, for a “quick and easy” fix, and easy to afford since DH is subsidizing the hosting. :wink:

for instance: https://securelogohosting.com/

–rlparker


#6

a thought… but this opens up the door to possible site management nightmares… (the images are here - unless x is happening then…)

It seems that there is a solution for the site server… might have to dig a bit deeper.

We are on apache servers, yes?


#7

Yes, we are using apache 1.2 or 2.0 (both are in use).

–rlparker


#8

That’s a good point, as Strictly Business even includes the cert! (which, to me, is the main inpediment, cost wise at least).

–rlparker


#9

Give us enough time and we’ll figure it out!

Wholly


#10

New status on the forums as “DH Grizzled Veteran”. No wonder I’m cranky and tired.

Keep your stick on the ice.

Wholly


#11

I do not want the url to change to https for the whole site for marketing reasons. (The url is already well established in the community).


#12

You would not have to do that…just set-up a subdomain (like “secure.yourdomain.com”) and serve a copy of that image from there for inclusion on PayPal.

As long as the image is served from an https:// domain, there will no longer be “mixed” secure and insecure content on the page, resulting in no warning.

No change needed at all to your main site - just link to the “secure” version of the graphic when placing the graphic on the Pay Pal page. :wink:

–rlparker


#13

Okay. I was wondering if there is a way to secure the site without changing the domain in case they want more dynamic interaction further down the road.

I recall the same issue being resolved at a former place of employment, but I didn’t resolve it and I do not know what they did.


#14

The only way I know of “securing” a site in the sense you seem to be using it, is to use SSL, which necessitates using the https:// protocol for access.

I don’t believe this is actually as much of a problem for existing links as you feel it is - just use a permanent redirect, delivered via .htaccess, for impacted http:// urls - and the problem will resolve itself quickly enough with the search engines (they are smart enough to realize when they find a “permanent” redirect that the new link is what should be indexed) as they crawl the site - and any existing links that are out there “in the wild” will still be properly handled and get the user to the expected page. :wink:

–rlparker


#15

My concern is with printed materials that have the url. (Is a redirect a simple solution?)

Let me see if I can contact the IT person that did the fix a couple of years ago. I know they were running windows servers so it might not be relevant.

In the meantime, I will use the subdomain solution.


#16

Actually, it is very simple. There are lot’s of examples/tutorials on the web and in the Dreamhost wiki. Just a few lines in an .htaccess file.

–rlparker


#17

okay, thank you


#18

Truth is you could make it available using both protocols at the exact same locations.

http://www.mydomain.com
and
https://www.mydomain.com

can easily return the EXACT same content. The only difference is that the latter is encrypted between the server and the client.

Wholly


#19

My concern is that by making the server a secure server, I lose the http domain.

Are you saying that the server can be secure and pages will still load as http://www.yolohospice.org?


#20

you won’t lose the http if you add https. you can set up secure.yolohospice.org to mirror www.yolohospice.org, then add a unique IP / SSL to secure.yolohospice.org, and completely ignore the fact that you set it up except give paypal https://secure.yolohospice.org/yourlogo.png instead of http://www.yolohospice.org/yourlogo.png. for everything but paypal, just keep doing what you’ve been doing and it will work exactly the same.