0

So I have a server with an SSL certificate, in which I host a variety of scripts that interact with my CRM's API.

https://myserverdomain.com/script1, https://myserverdomain.com/script2, etc...

Each of these scripts would correspond to a different product, that would better be branded with it's own url. All of the products are handled through the same CRM.

http://myproductdomain1.com, http://myproductdomain2.com, etc.

An example flow would be:

  1. So they would start on myproductdomain1.com to get product info.
  2. Then when they go to order, be taken to the https://myserverdomain/script1 to take and process order.
  3. Finally, go back to http://myproductdomain1.com for a receipt.

I want to keep the sites secured the whole time as customer goes through the order process, and I want the display URL to be myproductdomain1.com throughout the whole process.

EDIT:

I am not knowledgable in this area at all, so I realize it is a broad question (if I knew more about it, I wouldn't have to ask a question lol).

Is there a way to keep all my scripts on my server, but show my pretty URL, while keeping the site secure?

I have seen this done through cloud flare, but I cannot figure out how it was done.

EXAMPLE:

To be very specific, I have two domains hosted on hostgator, myserverdomain.com and myproductdomain.com.

There is an order form page that runs a script located at: https://myserverdomain.com/order/orderform.php

I want it so that when a customer accesses that page, it will actually display https://myproductdomain.com/order.

myserverdomain.com has an SSL Certificate, and I am using cloudflare to route traffic through myproductdomain.com, which has flex ssl.

So in this configuration, as it possible to do what I am asking while maintaining a secure connection - meaning that the padlock will show the entire time?

If so, how do I configure it?

David Avellan
  • 385
  • 4
  • 24
  • Assuming you have a *nix server, I'd use [iptables](http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/) – paulsm4 Aug 24 '15 at 18:10

1 Answers1

1

The security of https is based on multiple things. One thing is that you have encryption between the parties and proper identification of the peer (i.e. certificate check). This guarantees that the data within the connection can not be sniffed or even manipulated.

The other part of the security is that the user sees that it communicates with a secure site and detects if the communication is insecure or is with some unexpected site. This is done by the typical signs you have for a https connection in the URL bar (i.e. like the green bar for EV certificates etc) - and only there.

If you want to keep the domain used for https invisible to the user because you only want to show the branded domain which has no https, then you effectively refuse the user the ability to check for a properly secured connection. Since the user can no longer see with which domain the browser communicates and how secure the connection is a man in the middle attack would be simple: just modify the unsecured http connection from the branded domain so that the included communication with the secure site is replaced with some other site controlled by the attacker. Since only the branded domain will be shown the user can not detect such an attack.

Therefore I would recommend against hiding the real communication flow from the user.

Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172
  • So then what are my options? Do I have to get SSL certificates for each website and install my scripts onto each different URL? Seems like a lot of work (have to install composer on each domain, compile, and install scripts, and buy SSL certificate) Is there a way I can have all of the scripts in one location while keeping everything secure that keeps things simple and afforable? – David Avellan Aug 24 '15 at 19:12
  • 2
    If you want to have the branding you should get a certificate for each site or a certificate for all sites together (SAN). With a proper setup of the server you could use a shared script directory for all these domains. If branding by URL is not that important you could use a single checkout domain which is visible to the user. The best would probably to have everything with https and not only the checkout. – Steffen Ullrich Aug 24 '15 at 19:20
  • I will have to look up SAN to learn more about it. Not concerned about having SSL for everything, only the checkout. Would really like to have branding, as the domain names will be very different and could confuse customer. So, would it make more sense to install them as add-on domains to my main domain, or to create separate accounts for each one? – David Avellan Aug 24 '15 at 20:16
  • SAN wouldn't work. It is for all subdomains of one domain (disk.domain.com, email.domain.com, etc.). Can't be spread across multiple domain names according to the wiki. – David Avellan Aug 24 '15 at 20:21
  • 1
    @DavidAvellan: don't confuse SAN with wildcards. Wildcards are for subdomains of a single domain while SAN can be used for anything. For example the certificate for google.com contains SAN for youtube, google-analytics, googleapis etc. You might also use subdomains of the secure checkout (i.e. branding.secure-checkout) or subdirs (i.e. secure-checkout/branding) to lessen confusion. – Steffen Ullrich Aug 25 '15 at 04:19
  • I see. When I did a search on SAN all I saw was wild cards or sites offering wildcard SAN. I guess I have to look further. Using the sub domains with the branding is a good idea. My current domain wouldn't work for that, but I could get another domain that would be more generic so that it could make sense with a subdomain. Ideally, I would like the whole domain though. – David Avellan Aug 25 '15 at 09:06
  • I see now it is called a UC (unified communications) certificate by most vendors. However, it is pretty much the same price as buying individual SSLs, but allows more flexibility in that you can remove or add new domains names on the fly (vs being locked to only one domain). Either way, not very cost efficient. I would be more likely to explore using the wildcard with a good base domain and brand the subdomain, as over a large amount of products that will make more sense fiscally. But I have seen companies that do what I mentioned in my edit of my original post, which is ideal. – David Avellan Aug 25 '15 at 11:58
  • 1
    @DavidAvellan: it might be ideal for branding but it is bad for security. – Steffen Ullrich Aug 25 '15 at 12:09
  • @Stefan, I see. Well after a lot of tinkering, I am able to almost get what I want. Using cloudflare, I am able to have order.myproductdomain.com display myserverdomain.com, while keeping order.myproductdomain.com on the url with padlock on. The problem is that is needs to point to a particular URL (myserverdomain.com/script/myscript.php). – David Avellan Aug 25 '15 at 12:13