Using SSL with www.washington.edu

SSL is a protocol used for encrypted HTTP transactions. Practically all information available through www.washington.edu is also available via SSL.

Encrypted transactions are used when the data being sent to the user is sensitive, when data entered into a form by a user is sensitive, or when both are true.

Accessing Data through SSL

To use SSL for an HTTP transaction you should specify the protocol https instead of http. For example, to view the UW Home Page via SSL you would use:

https://www.washington.edu/

Certificates Used by www.washington.edu

We are using certificates signed by the Thawte Group. Because of this, older versions of Netscape and Microsoft Internet Explorer will not behave completely transparantly. For Netscape:

Users of Netscape older than version 2.02 will not be able to connect to our site.
Users of version 2.02 will be able to connect, but will get warnings that our site certificate is signed by a Certificate Authority unknown to Netscape. After they proceed through the dialog boxes they should be able to connect.
Users of Netscape 3.0 or later will be able to connect transparantly.

For Microsoft Internet Explorer:

Users of IE 3.0 or older will not be able to connect to our site.
Users of IE 3.01 or higher on a PC will be able to connect transparantly.
Users of IE 3.01 on a Macintosh will be able to connect, but will get warnings with each form submission that the connection is insecure. However, they can bypass this warning.
Users of IE 4.0 or higher on a Macintosh will be able to connect transparantly.

If you connect to www.washington.edu over SSL using a name other than www.washington.edu (such as http://www/), you may get a warning that the certificate does not match the hostname when using Internet Explorer.

Proxy Servers

If the user is going through a proxy server, you may see that Internet Explorer users prior to version 4.0 will have the same session appearing to be coming from multiple IP addresses. This is Internet Explorer attempts to use all of the proxy servers for performance reasons.

Certificates used by wwwdev.cac.washington.edu, etc.

The certificates used by the following servers:

wwwtest.cac.washington.edu
wwwdev.cac.washington.edu
wwwudev.cac.washington.edu

are using what's known as a wildcard certificate. Netscape knows how to handle this type of certificate, but Internet Explorer does not. IE will correctly connect to these hosts, but you'll get a warning that the server certificate does not match the hostname to which you're connecting.

Allowing and Denying Access

You can set a directory to either allow accesses from both SSL and non-SSL connections, or for either one or the other. This can be used, for example, if you have a set of forms you only want to be used through SSL.

To only allow SSL access to a directory, create a .htaccess file with the following line:

SSLRequireSSL