Menu 1-800-630-4694

eDirectory Support Portal

Search our growing knowledge base for helpful resources like articles, videos, and GIFs to master your online directory website software as quickly as possible or to learn more about how it all works here at eDirectory.com. Anything need to be updated? Let us know here!

What is the process for setting up an SSL on my site?

Last Updated: Apr 09, 2012 10:23AM BRT
SSL on eDirectory

An SSL Certificate helps provide an encrypted connection between your browser and the server, and is generally used for eCommerce transactions.  eDirectory support SSL and will assist in setting up the certificate for customers hosting on our servers, however certifications must be purchased from a certification vendor.

The process for setting up a certification is:

1.  Customer sends eDirectory support the information for us to generate a Certificate Signing Request (CSR).  (see below)
2.  eDirectory support generates the CSR file, and sends back to the customer
3.  The customer purchases SSL Certificate from a SSL vendor such as RapidSSL.com, Versign.com, Geotrust.com or Godaddy.com (the CSR will be required to make this purchase)
4.  The customer sends eDirectory support the SSL certificate files
5.  eDirectory installs the SSL Certificate



What is an SSL Certificate?
SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a webserver, it enables the https protocol (over port 443) and allows secure connections from a webserver to a browser. Typically SSL is used to secure credit card transactions, data transfer, logins and more recently is becoming the norm while securing browsing of social network/media sites. An SSL Certificate binds together:
  • Your domain name, server name or hostname
  • Your organizational identity (i.e. company name) and location

An organization needs to install the SSL Certificate onto its web server to initiate secure sessions with browsers.
---

Alright, but what are the advantages of using SSL certificates?
  • Encryption
With the use of SSL, the data is encrypted while being sent between the server and your browser, avoiding any kind of data interception.
  • Trustworthiness
SSL certificates encourage the website visitors to gain trust with your directory.
  • Private Channel
SSL creates a private communication channel for the transmission of sensitive data.
  • Security of Transactions
SSL is essential if you are operating an eCommerce, where you need to process online orders and do transactions with credit cards and other private information.
---

 How can I get an SSL certificate?

There are a few steps for getting an SSL certificate:

1. We will need to generate a CSR (certificate signing request) based on your answer to a questionnaire (see "Required questions to generate the CSR" below);

What is a CSR after all?

A CSR or Certificate Signing request is a block of encrypted text that is generated on the server that the certificate will be used on. It contains information that will be included in your certificate such as your organization name, common name (domain name), locality, and country.

A certificate authority will use the CSR to generate your SSL certificate.
---

Required questions to generate the CSR:

E-mail:
Host to make cert for:
City:
State:
Country (2 letter abbreviation):
Company Name:
Company Division:
Key Size (1024 or 2048):

PS: If asked about the server type where the cert. will be
installed, please choose either 'CPanel' or 'Apache'.

2. Once this CSR is generated, the file will be sent to you (via ticket/e-mail) and you will be able to purchase a certificate from the vendor of your choice, since the CSR is a requirement for doing that.

3. The vendor will then provide you with the SSL certificate files once they get your CSR information and you will send these files back to us (assuming you are hosted with us) and we will be able to install the certificate for you;

4. Specify which areas you need secured so we can turn on the re-directions accordingly. The available areas are: Site Manager, Members Area, Claim and Checkout Pages.

Once the changes in the code are properly made, your site will be secured by the certificate.
---

Please notice that there are some restrictions with SSL and eDirectory, such as the impossibility of using the HTTPS protocol on the front page. The reason behind that is because an SSL secure connection requires that ALL the elements in the page are requested using a secure connection, which is not the case of the front page, since it has banners with images from an external resource that might not have a secure layer connection.
---

SSL on an Owned License version (not hosted with eDirectory):

If you are hosting your eDirectory on your own server, this article might have given you a little explanation on how the certificate is installed, however we do not provide support to third party servers SSL installation. If you need assistance with this matter we STRONGLY suggest that you contact your hosting company for further information. Each server has its own way of installing a certificate and their system administrators will be the most appropriate people to assist you.


Okay, thank you - I got my certificate installed. How should I go about turning on the HTTPS on my own code?

That actually depends on the version you are currently using. For very old versions you can change the following constants file: conf/ssl.inc.php. For the most up-to-date version this file is located at: custom/domain_#/conf/ssl.inc.php (Where # is your domain ID number).

There you will see the following constants:
# ----------------------------------------------------------------------------------------------------
# FLAGS - on/off
# ----------------------------------------------------------------------------------------------------
define(SSL_ENABLED, "off");
define(FORCE_MEMBERS_SSL, "off");
define(FORCE_ORDER_SSL, "off");
define(FORCE_CLAIM_SSL, "off");
define(FORCE_SITEMGR_SSL, "off");

Simply switch the constant values for sections you want secured from "off" to "on" and save the file. Once saved, you can quickly test by accessing the corresponding area. It should automatically redirect your to the HTTPS protocol.

If you get a certificate error while performing this last test, the chances are that the certificate was not correctly installed. Please check with your hosting or system administrator for further information.
---