Difference between revisions of "NATS4 HTTPS Gateways"

From TMM Wiki
Jump to navigationJump to search
Line 7: Line 7:
 
There are three ways to secure a [[ct#Gateway|gateway]] with HTTPS:
 
There are three ways to secure a [[ct#Gateway|gateway]] with HTTPS:
  
*You can get a SSL certificate for each [[Link Domain|linkdomain]] and prefix the URLs that load these linkdomains with https: instead of http:.
+
*You can get a SSL certificate for each [[Link Domain|linkdomain]] and prefix the URLs that load these linkdomains with ''https:'' instead of ''http:''.
  
 
*You can get a single SSL certificate for your [[ct#Domain|domain]] and link to your ''gateway_join.tpl'' template form. Note: this will send the surfer's data using HTTPS, but the surfer will load the form using HTTP -- this means surfers may think they aren't on a secure form, despite the SSL certificate that will encrypt their data.
 
*You can get a single SSL certificate for your [[ct#Domain|domain]] and link to your ''gateway_join.tpl'' template form. Note: this will send the surfer's data using HTTPS, but the surfer will load the form using HTTP -- this means surfers may think they aren't on a secure form, despite the SSL certificate that will encrypt their data.
Line 13: Line 13:
 
*The last way set up HTTPS is to instruct all of the available gateways to use one secure domain. In order to do this, you will need to add the new domain to your list of NATS server aliases. This method has the added benefit of displaying a secure page while only requiring one certificate. You can set this option by adding the secure domain to the GATEWAY_HTTPS field in the configuration admin under the Surfer section. Make sure you include the "https://" in order to secure the domain.
 
*The last way set up HTTPS is to instruct all of the available gateways to use one secure domain. In order to do this, you will need to add the new domain to your list of NATS server aliases. This method has the added benefit of displaying a secure page while only requiring one certificate. You can set this option by adding the secure domain to the GATEWAY_HTTPS field in the configuration admin under the Surfer section. Make sure you include the "https://" in order to secure the domain.
  
In the edit tour pages of your sites tour there is a "HTTPS use" feature allowing you to control how HTTPS is used.
+
In the edit tour pages of your sites tour there is a "HTTPS use" feature allowing you to control how HTTPS is used. To choose how HTTPS is used in your tours, go to the [[NATS4 Sites Admin|Sites Admin]], click Edit Tour for the tour you would like to affect, and scroll down to the "HTTPS Use" section. From this drop-down menu, you can specify how you would like to use HTTPS, and what you use HTTPS for.
 +
 
 +
[[File:Https use.png|450px|Edit Tour HTTPS Use Settings]]
  
 
== Controlling HTTPS usage ==
 
== Controlling HTTPS usage ==
Line 19: Line 21:
 
There are three different ways for a tour to get an HTTPS URL: GATEWAY_HTTPS, tour specific linkdomain or default tour linkdomain.
 
There are three different ways for a tour to get an HTTPS URL: GATEWAY_HTTPS, tour specific linkdomain or default tour linkdomain.
  
*GATEWAY_HTTPS will use the URL set in your configuration admin, under the 'surfer' option in the drop-down menu at the top of the page. To secure your link, you must enter the full URL including the https:// protocol.  
+
* '''GATEWAY_HTTPS''' will use the URL set in your configuration admin, under the 'surfer' option in the drop-down menu at the top of the page. To secure your link, you must enter the full URL including the https:// protocol.  
Example:  
+
For example: ''<nowiki>https://mysecuredomain.com</nowiki>''
<pre>https://mysecuredomain.com</pre>
+
 
 +
[[File:Gateway https.PNG|450px|Gateway HTTPS Configuration Setting]]
  
 
This allows you to use one SSL certificate across multiple sites.
 
This allows you to use one SSL certificate across multiple sites.
  
*Tour specific linkdomain will use the HTTPS version of the linkdomain set in specific tours under the Sites Admin.
+
* '''Tour specific linkdomain''' will use the HTTPS version of the linkdomain set in specific tours under the Sites Admin.
  
*Default tour linkdomain will use the HTTPS version of the the linkdomain set in the default tour of a given site.
+
* '''Default tour linkdomain''' will use the HTTPS version of the the linkdomain set in the default tour of a given site.
  
 
These last two options allow you to use an SSL certificate for each individual linkdomain.
 
These last two options allow you to use an SSL certificate for each individual linkdomain.

Revision as of 10:44, 4 August 2010

NATS 4
Members Admin
The Members Admin
View Member Details
Add Member
MySQL Auth
Mod Authn DB
Multisite Access
Member Logging
Member Password Retrieval
OpenID Connect
Mod Auth OpenIDC
ID Numbers
Billers Admin
The Billers Admin
Biller
Biller Fees
Taxes
NATS Cascades
Add Cascade
Cascade Weight
Autocascade
Hidden Cascades
Geo-Targeting Cascades
Post-Biller Templates
HTTPS Gateways
Timed Cascade Rules
Upgrade Plus
Token Plus
Gateway One Step Join
Extra Biller Fields
Send Information To Special Biller
Setting Rules
Cross Sell Supported Billers
Upsell Supported Billers
Packageplus Supported Billers
Tokenplus Supported Billers

HTTPS is the usage of SSL certificates in order to provide encryption and secure identification in order to a secure a gateway. The ability to select how HTTPS is used on a per-tour basis has been added to NATS4, and this option is available in the Sites Admin while editing a tour.

Securing a Gateway With HTTPS

There are three ways to secure a gateway with HTTPS:

  • You can get a SSL certificate for each linkdomain and prefix the URLs that load these linkdomains with https: instead of http:.
  • You can get a single SSL certificate for your domain and link to your gateway_join.tpl template form. Note: this will send the surfer's data using HTTPS, but the surfer will load the form using HTTP -- this means surfers may think they aren't on a secure form, despite the SSL certificate that will encrypt their data.
  • The last way set up HTTPS is to instruct all of the available gateways to use one secure domain. In order to do this, you will need to add the new domain to your list of NATS server aliases. This method has the added benefit of displaying a secure page while only requiring one certificate. You can set this option by adding the secure domain to the GATEWAY_HTTPS field in the configuration admin under the Surfer section. Make sure you include the "https://" in order to secure the domain.

In the edit tour pages of your sites tour there is a "HTTPS use" feature allowing you to control how HTTPS is used. To choose how HTTPS is used in your tours, go to the Sites Admin, click Edit Tour for the tour you would like to affect, and scroll down to the "HTTPS Use" section. From this drop-down menu, you can specify how you would like to use HTTPS, and what you use HTTPS for.

Edit Tour HTTPS Use Settings

Controlling HTTPS usage

There are three different ways for a tour to get an HTTPS URL: GATEWAY_HTTPS, tour specific linkdomain or default tour linkdomain.

  • GATEWAY_HTTPS will use the URL set in your configuration admin, under the 'surfer' option in the drop-down menu at the top of the page. To secure your link, you must enter the full URL including the https:// protocol.

For example: https://mysecuredomain.com

Gateway HTTPS Configuration Setting

This allows you to use one SSL certificate across multiple sites.

  • Tour specific linkdomain will use the HTTPS version of the linkdomain set in specific tours under the Sites Admin.
  • Default tour linkdomain will use the HTTPS version of the the linkdomain set in the default tour of a given site.

These last two options allow you to use an SSL certificate for each individual linkdomain.

There are also three different ways to start and stop using HTTPS during the sign up process: everything, gateway join page only, and gateway join page and return URLs.

  • Everything will take the supplied HTTPS URL and use it for everything after the gateway join form.
  • Gateway join page only will take the supplied HTTPS URL and use it only for sending the data from the gateway join form. Pages other than the gateway join form will not be secure under this option.
  • Gateway join page and return URLs will take the supplied HTTPS URL and use it for sending data on the gateway join page and for any returned URLs sent back from the join page.