Welcome to Blazingfibre - web hosting, website development, custom software, network administration, technical support - London-based

How to use the shared SSL certificate

  knowledgebase  :: network status

Each hosting account comes with access to a shared SSL certificate, as standard. To use it, simply link to the page you wish to be secured. For example, on your homepage, you might have a link to your online catalogue, for which the HTML looks like this:

<a href=/catalog/index.php>shop</a>

If you wanted, you could protect your users' entire shopping session, by using this URL instead:

<a href=https://yourserver.dns-systems.net/secure/yourusername/catalog/index.php>shop</a>

Note that in the above URL, the word yourserver must be replaced with the name of the server you are using (you can discover that by going to your control panel, clicking the Web Tools tab, then clicking the Secure Server link). Also, the word yourusername must be replaced with your username - the same username you use to login with FTP.

If the pages you protect are missing images, stylesheets and so on, when you view them with SSL, that is due to the change of path to your files. Your webpages are coded with a leading / at the start of their address, for example:

<a href=/catalog/index.php>shop</a>

The leading / will need to be removed from each URL.

If it's not feasible for you to remove your leading slashes, and/or, you're not happy with the strange-looking URL in your users' browser address bars, you have two more options. You can either buy a dedicated SSL certificate, or you can link to your protected pages in the usual way, only adding the 's' in 'https' this time:

<a href=https://www.yourdomain.com/catalog/index.php>shop</a>

This is the type of URL you'd normally use if you had a dedicated certificate. The catch is that if you use this form of URL with a shared certificate, your users will see a security alert each time they access your website (unless they click "remember this choice for this site"). The SSL will still work, if the user clicks "accept". But there will be visible alerts. That is because the shared certificate contains a specific computer name (your server name) and the URL you are using does not include that server name. It is a feature of users' browsers to alert them if there is a mismatch between the hostname in the certificate and the hostname in the URL - for example, when this happens with Opera, a popup alert appears which says, amongst other things, "someone may be trying to eavesdrop on you".

If you are seeking a seamless secure user experience, with no strange URLs or popups, and no re-coding of your site, you need to buy a dedicated certificate.