NATS4 HTTPS Gateways
HTTPS is the usage of SSL certificates in order to provide encryption and secure identification in order to a secure a gateway. The ability to select how HTTPS is used on a per-tour basis has been added to NATS4, and this option is available in the Sites Admin while editing a tour.
Securing a Gateway With HTTPS
There are four ways to secure a gateway with HTTPS:
- You can get a SSL certificate for each linkdomain and prefix the URLs that load these linkdomains with https: instead of http:.
- You can get a single SSL certificate for your domain and link to your gateway_join.tpl template form. Note: this will send the surfer's data using HTTPS, but the surfer will load the form using HTTP -- this means surfers may think they aren't on a secure form, despite the SSL certificate that will encrypt their data.
- If you want a different gateway domain to be used for each site or a specific site, and you do not want these domains to be the same as your linkdomains, you can get an SSL certificate for the domains you wish to use, and input these domains into the Gateway HTTPS Domain setting for your site(s)/tour(s).
- The last way set up HTTPS is to instruct all of the available gateways to use one secure domain. In order to do this, you will need to add the new domain to your list of NATS server aliases. This method has the added benefit of displaying a secure page while only requiring one certificate. You can set this option by adding the secure domain to the GATEWAY_HTTPS field in the Configuration Admin under the Surfer section. Make sure you include the "https://" in order to secure the domain.
In the edit tour pages of your site's tour there is a "HTTPS use" feature allowing you to control how HTTPS is used. To choose how HTTPS is used in your tours, go to the Sites Admin, click Edit Tour for the tour you would like to affect, and scroll down to the "HTTPS Use" section. From this drop-down menu, you can specify how you would like to use HTTPS, and what you use HTTPS for.
Controlling HTTPS usage
There are four different ways for a tour to get an HTTPS URL on the gateway: GATEWAY_HTTPS, tour specific linkdomain, default tour linkdomain, or the Gateway HTTPS Domain tour setting.
- 1. GATEWAY_HTTPS will use the URL set in the configuration admin, under the 'surfer' option in the drop-down menu at the top of the page. To secure your link, you must enter the full URL including the https:// protocol.
- NOTE: If you set the GATEWAY_HTTPS be sure to turn on the CASCADE_SECURITY_NO_SESSION configuration variable as well, this will prevent any errors that arise from mismatched session information when going to the GATEWAY_HTTPS domain.
For example: https://mysecuredomain.com
This allows you to use one SSL certificate across multiple sites.
- 2. Gateway HTTPS Domain will use the domain specified in the HTTPS Use setting "Gateway HTTPS Domain".
- NOTE: If you do not see this setting under HTTPS use, you can submit a ticket with us to request this feature
This allows you to set a specific gateway domain for a site/tour rather than using the global GATEWAY_HTTPS or your linkdomains for the site.
- 3. Tour specific linkdomain will use the HTTPS version of the linkdomain set in specific tours under the Sites Admin.
- 4. Default tour linkdomain will use the HTTPS version of the the linkdomain set in the default tour of a given site.
NOTE: Options 3 and 4 allow you to use an SSL certificate for each individual linkdomain.
There are also three different ways to start and stop using HTTPS during the sign up process: everything, gateway join page only, and gateway join page and return URLs.
- Everything will take the supplied HTTPS URL and use it for everything after the gateway join form.
- Gateway join page only will take the supplied HTTPS URL and use it only for sending the data from the gateway join form. Pages other than the gateway join form will not be secure under this option.
- Gateway join page and return URLs will take the supplied HTTPS URL and use it for sending data on the gateway join page and for any returned URLs sent back from the join page.