, clicking the Web Tools tab, then clicking the Secure Server link). Also, the word yourusername must be replaced with your username -
the same username you use to login with FTP.
If the pages you protect are missing images, stylesheets and so on, when you view them with SSL, that is due to the change of path
to your files. Your webpages are coded with a leading / at the start of their address, for example:
<a href=/catalog/index.php>shop</a>
The leading / will need to be removed from each URL.
If it's not feasible for you to remove your leading slashes, and/or, you're not happy with the strange-looking URL in your users'
browser address bars, you have two more options. You can either buy a dedicated SSL certificate, or you can
link to your protected pages in the usual way, only adding the 's' in 'https' this time:
<a href=https://www.yourdomain.com/catalog/index.php>shop</a>
This is the type of URL you'd normally use if you had a dedicated certificate. The catch is that if you use this form of URL with a shared
certificate, your users will see a security alert each time they access your website (unless they click "remember this choice for this site").
The SSL will still work, if the user clicks "accept". But there will be visible alerts. That is because the shared certificate contains a
specific computer name (your server name) and the URL you are using does not include that server name. It is a feature of users' browsers
to alert them if there is a mismatch between the hostname in the certificate and the hostname in the URL - for example, when this happens with
Opera, a popup alert appears which says, amongst other things, "someone may be trying to eavesdrop on you".
If you are seeking a seamless secure user experience, with no strange URLs or popups, and no re-coding of your site, you need to buy
a dedicated certificate.
