HorizonWeb Online Support

       

Setting up HorizonWeb for HTTPS

HorizonWeb 4.2 and higher

Introduction

The HTTPS protocol can be used by web applications to encrypt the messages sent and decrypt the messages it receives. Certificates are used to manage the encryption process.

Why should I use a certificate?

  • HTTPS encrypts a user's personal information (and other traffic) between the user and the site.
    • Encryption – the exchanged data is kept secure from eavesdroppers
    • Data integrity – data cannot be modified or corrupted during transfer
    • Authentication – builds user trust, because there is proof that users are communicating with your HorizonWeb site.
  • Higher Google rankings. Google use HTTPS as a ranking signal. Google do not publish their ranking algorithm (and they regularly change it), but they do tell webmasters what contributes to it.

What do I need to do?

  • Raise a ticket with Support, asking to enable HTTPS on your HorizonWeb site. We will send you an order form.
  • Return the order form. We charge to add a certificate to your site so we can only add the certificate when we have received payment.
  • Send us your intermediate and leaf certificates. Our Hosted Services team will install the certificates.
  • Change administrator settings in HorizonWeb.

Certificates

Certificates can be bought from many different vendors. You are not required to use one particular vendor when buying a certificate. Certificates are sold by certificate authorities (CA) and by affiliates that resell their products. There are three levels of certificate validation you can choose from:

  • Domain validation (DV) – The CA validates who owns the domain.
  • Organization validation (OV) – The CA validates who owns the domain and the existence of the organization.
  • Extended validation (EV) – The CA validates the domain, that the organization exists and further information such as business registration and other jurisdiction. An EV certificate cannot be a wildcard certificate.

Buying a certificate

A survey of market share, shows you which CAs other companies, worldwide, are trusting. Different products give different levels of warranty. The warranty is provided by the CA. There are some comparison sites, such as Which SSL, from which information can be obtained. ECi will not recommend a provider, so please do your own research and consult your own specialists – caveat emptor.

Appearance in a browser

When a website is encrypted using HTTPS, the browser appears differently to your customer. For DV and OV certificates:
  • https address shown the address bar
  • Padlock icon displayed in the address bar
  • Certificate details displayed when the padlock is clicked
Additionally, an EV certificate gives the user additional feedback about the website they are visiting:
  • Green in the address bar (green bar or issuance name)
  • Website owner's company name in the address bar
  • Organization information in the certificate details

EV certificates provide the same level of encryption – 2048-bit encryption. What you are paying for is the level of validation, displaying to the customer that your company has been checked by the CA.

Sending the certificate

We need you to send us two certificates. Both will be issued to you by the CA.
  • Leaf certificate – the certificate that is linked to the website.
  • Intermediate certificate – intermediate certificates create a chain of trust. They sit between the leaf certificate and the root certificate.

    • Expiration

    If you let the certificate expire, the certificate becomes invalid. Typically, you can renew your certificate 120 days prior to and 30 days following the expiration date. This must be done by you – please add a diary entry! If the certificate expires, customers will no longer be able to access your HorizonWeb shop.

    Browser settings

    Your customers must allow TLS in their browser settings. These are default settings, so your customers should not need to change anything. It is best practice to have these options selected. Advice must be to upgrade to the latest version of your chosen browser.

    Browsers work by trying to use the most advanced encryption option, TLS 1.2. If that doesn't work, they try TLS 1.1, then TLS 1.0. Older browsers may try SSL 3.0 (and older). This is not recommended, but is better than no encryption at all.

    • Internet Explorer 11Internet Options / Advanced tab / Select all three Use TLS options. It is recommended that all SSL options are cleared. Click OK.
    • Chrome 46, Firefox 42, Opera 32 – Changing the TLS options is a hidden option. These browsers ignore Windows / Internet Options / Advanced, and options in other operating systems.
    • Safari – An update to use TLS only was included in Security Update 2014-005 which was available for MacOS 10.8 (Mountain Lion) upwards. Changing TLS is a hidden option.

    Installation

    The installation of the certificate is done by our Hosted team. If you are a Hosted Horizon customer, they will install the certificate on our server. If you are an on-prem customer, they will install it on your HorizonWeb box. We will charge you for this work.

    HorizonWeb options

    After the certificates have been installed, you need to select one or two options on your HorizonWeb site. HTTP traffic will be redirected to HTTPS with the options:
    • Admin / Global Options / System Options / Use SSL Certificate for Login – HTTPS is used for the login only. Checkout would only be encrypted if you are using payment providers such as SagePay or PayPal.
    • Admin / Global Options / System Options / Turn on HTTPS for HorizonWeb – This redirects all incoming HTTP traffic over HTTPS. No traffic will go over HTTP. This is the preferred option. Customers' old bookmarks will still work because the old HTTP addresses are redirected to HTTPS.

    These options do not "turn-on" HTTPS. This is done when we change your site on our servers. These settings must be changed after we have done that.

            Back To HorizonWeb Designer Options