Services  |  Support  |  Account Admin  |  Contact Us  |  Site Map

Secure Transactions (SSL)

Customers who shop online may feel more comfortable if it is difficult for unauthorized people to view their transactions, especially if information such as credit card numbers is being tranmitted.

Most Webmasters will thus want secure service to implement an online store or to deliver and receive sensitive data between the HoloWWW Server and their Web users.

HoloWWW can provide secure transactions utlizing SSL. SSL is the industry-standard protocol for secure transactions. These transaction are secure in the sense that it is difficult for someone other than the receiver and sender to read the encrypted data that is sent during the transaction.

You may use the HoloNet secure key free of charge by using the "-holossl" option using the HoloWWW InstantStore. For technical reasons, using the "-holossl" option requires that your store run under the "www.holonet.net" domain while in secure mode.

HoloNet's secure key can only be used with the InstantStore system. If this does not fit your needs, you should look into obtaining your own secure certificate for your site.

• Rates for SSL Service
• Obtaining a Digital ID
• Implementing Secure Pages
• Secure E-Mail

Rates for SSL Service

There is an annual fee of $50 per site. This rate is the same for both initial setup and for renewal. Regular HoloWWW rates apply for access.

You will need to obtain the SSL certificate (also known as a Digital ID) from a valid Certificate Authority (CA), and the CA will also charge its own separate fees. Currently HoloNet supports certificates from either Versign or Thawte.

In addition, a domain name must be linked to your website, as the certificates are generated specifically on a per-domain basis. Additional fees will apply for domain name hosting and linking. For more details, visit the HoloDNS Service Manual page.

HoloNet generates 512-bit keys. HoloNet retains the private key and will destroy it, but not surrender it, upon request. We maintain multiple backup copies of each key, each backup being on a different physical server for additional safety.

Obtaining a Digital ID

The steps below outline the procedure for obtaining a certificate. The renewal process is the same.

• Submit your request:
  1. Fill out the Secure Certificate/SSL Setup Request Form

     Notes:

     • Be sure that the information that you provide to HoloNet and to the CA match exactly.
     • If your current certificate and/or site primary domain name reflects the "www." subdomain, enter "www.yourdomain.com" in the "Domain Name:" field.
     • If you wish to change the primary domain name, please contact us first.
     • Some browsers do not support secure transactions on sites whose URLs do not start with "www."

  2. Copy and paste the resulting information into an Authenticated Request.

• E-mail notification of completion will be sent to your HoloNet account.

• A temporary certificate will be installed for your site and you may begin testing with SSL service.

• You will be e-mailed a Certificate Signing Request (CSR). Some vendors may also refer to this as a Request Transaction Number (RTN).

• With the CSR in hand, go the website of the Certificate Authority to process your CSR. During this process you may be prompted to specify the Web Server Software Type for your site.

  Please specify "Stronghold" or "C2Net Apache Stronghold".

• After the CA has completed your request, your certificate will be e-mailed to you.

• Send the certificate to us as an Authenticated Request.

Implementing Secure Pages

If the site visitor has a browser which supports Secure Socket Layer (SSL) transactions, he/she can transfer pages securely between his/her browser and the HoloWWW server.

Secure pages are served significantly slower than unsecure pages. For this reason, we recommend that only critical pages, such as credit card capture pages, be secure.

When your temporary certificate is installed, a new directory for secure pages is created, called "https".

All secure pages must be placed in this directory.

If a secure page contains any inline images, these images will also need to be transferred securely, or the browser/client will display them as a broken image.

A "shared" directory is also created and is installed as a sub-directory of the "http directory. In this directory you can place any elements that you may want to share between your secure "https" site and your regular "http" site.

Summary of Directories

http

This directory is for all unsecure pages and graphics.

For unsecure access, use the URL "http://www.yoursite.holowww.com/file".

https

This directory is for all secure pages and graphics.

For secured access, use the URL "https://www.yoursite.holowww.com/file".

http/shared

This directory is for pages that can be accessed either securely or unsecurely.

For unsecure access, use the URL "http://www.yoursite.holowww.com/shared/file".

For secured access, use the URL "https://www.yoursite.holowww.com/shared/file".

Secure E-Mail

Your SSL certificate only encrypts data sent between between your site visitor's browser and the HoloWWW server.

PGP (Pretty Good Privacy) can be used to encrypt e-mail sent from your HoloWWW site and is installed and available for use with CGI Anywhere.

PGP is available from for non-commercial use from the MIT Distribution Site for PGP and commercially from ViaCrypt.