University of Vermont

UVM Self-help Web Guide

Secure Web Pages

About Secure Socket Layer (SSL)

The University of Vermont Web server (http://www.uvm.edu/) is Secure Socket Layer (SSL) enabled. This protocol provides privacy for communications over the Internet, using cryptographic security. When being implemented by two SSL-enabled applications, data sent is transmitted in an encrypted format. Encryption uses a mathematical formula to scramble your data into a format that is unreadable by anyone who might intercept it. This technology can protect personal information from third-parties (e.g. Social Security Numbers), maintain computer security (e.g. account passwords), and provide secure authentication methods.

Specifically, a Web browser can connect to a web server using SSL, allowing it to send and retrieve information over a secure connection. A vistor of a UVM Web site could fill out a form and securely send their personal information to be stored on the Web server over a secure connection.

How it Works

To use this technology, just connect to an SSL-enabled domain using the Secure Hypertext Transfer Protocol (HTTPS) rather than the usual Hypertext Transfer Protocol (HTTP). If your browser is configured correctly, encryption is done automatically when you connect to the web server using the SSL protocol. Of course there is no point to securely connecting to publicly available documents over a secure connection.

A secure connection could be used with a CGI script. In order to do so you must:

  • Connect your visitors to a secure page containing the web form (which will post the data).
  • Have the form post to a script located on a secure server.
  • The information will then be sent securely over the Internet in an encrypted format.
For example:

Connect to a page containing a form:

https://www.uvm.edu

The HTML form would need to have an action similar to:

<form method="post" action="https://scripts.uvm.edu/cgi-bin/script.pl">

Notes

  • Information sent to a script then relayed to a mailing address remains secured only if sent to an address located on the local mail server.
  • A mailto: or Javascript form located on a secure page does not send the information securely.
  • The following UVM domains are SSL enabled:
  • To require SSL connections put the SSLRequireSSL in your .htaccess file. For information on using SSL in .htaccess check out this page about Apache SSL in htaccess examples.

More Information

Last modified December 07 2011 11:14 AM