In line with the NetCulture commitment to offer advances in server side functionality, we are happy to support SSL (Secure Socket Layer) on our full virtual domain accounts. This is the first phase in providing future full secure banking transaction in co-operation with the SG2 service in France. SSL provides the ability to encrypt pages on your virtual server. These can be used to transfer sensitive financial data, passwords, order forms and even credit card details. The operation of SSL on our virtual domain accounts could not be easier. Once we have enable SSL to function with your domain, you will be assigned a specific address, using ‘ https:// ' as the prefix. This points to your secure directory area where the secure pages are stored. You would then refer to the pages in the same way as any normal ‘html' ‘HREF' command, for example ‘https:// www.yourdomain.com/order.html'. Please note the ‘s' in the protocol section, this tells both the client web browser and the server system to negotiate a secure SSL link for data transfer. There are two options available for our clients who would like to use SSL. This is the use of an account with or without a certificate. Each secure server has to have an internationally recognised ‘certificate'. The data from this certificate is presented to the client web browser showing the authorisation name and registration details. The certificates are similar to a domain name and can only be authorised from certain ‘trusted' institutions, the main two organisations are Thawte and VeriSign. For compatibility and also price reasons, NetCulture uses Thawte for all certification. NetCulture already has a number of certificates and, if you have taken a look at the secure test page, you should now be able to see the certificate authorisation details from a secure page. Level 1 : Using NetCulture certification : The more inexpensive method of secure pages will use the NetCulture certificate, this will then give you the ability to load your secure pages onto our secure server and reference in HTML using an address similar to https://web10.netculture.net/yourcompany Level 2 : Using you own certificate : For our clients who want to ensure that their web sites are truly ‘virtual', we would suggest that your own certificate is obtained. This enables the address of https://www.yourdomain.com to be used. The price to register for your own certificate is currently $125 per year, and full details can be seen on the Thawte web site. They will need certain documentation from your organisation to ensure that the certificate can be issued and the process usually takes 7 working days. We have included below a FAQ on using the SSL functions :- Q : What are the costs involved and how do I place an order for SSL at NetCulture ? A : Please refer to our SSL ordering section. Full details are included there of the procedure and also the costs involved. Q : Where do I load my secure pages ? A : When we create your secure server two new directories are created in your home directory. These are named ‘www-sec’ for secure web pages and ‘logs-sec’ which holds the log files relating to the secure system. Pages can therefore be uploaded using standard ‘ftp’ into the ‘www-sec’ area. Q : How can I parse secure data from forms in HTML ? A : Our secure servers run Unix SCO OpenServer 5 and have the scripting language PERL and PHP/FI available. Perl and or PHP/FI scripts can be written to output the data to a file which can then be download, put onto other web pages etc etc. Please note that NetCulture can give examples of Perl code and if need be, or provide a quotation for specific cgi development. If there is a specific script that you would like written for you, please send full details to info@NetCulture.net Q : Is my certificate portable to another Presence Provider if I decide to change ? A : Currently, the Key and Certificate files used are server application dependant. These means that as we use NetScape Servers, your key and certificate files will only operate on another platform using the same software. Netscape and Microsoft are looking towards implementing a standard to allow these to be moved over different platforms. NetCulture will therefore offer this service when available. Q : Can I see my other scripts / html when logged into my secure server ? A : Yes, when connected with either ‘ftp’ or ‘telnet’, you can move easily between your secure and non-secure areas. Your personal ‘cgi-files’ directory will be available to either system. Q : Can I put all my pages on a secure server ? A : Yes, but this will affect the response speed of your site. SSL pages are not normally ‘cached’ and therefore are fully transferred to the client machine on each request. This increases the data flow from server to client and in turn increases the perceived response times. We therefore suggest to only use the secure service for sensitive data. Q : How do I reference the secure pages in my HTML code ? A : Moving into secure and non secure mode must be done with an explicit ‘HREF’ command as in : <A HREF="https://www.yourdomain.com/secure.html"> to change into secure mode, and from the secure page to non-secure : <A HREF="http://www.yourdomain.com/non-secure.html"> Our Secure Account Order details can be reached here.