encrypted communication between two servers via https

Report · Sep 24, 2008

Here's the setup:

I have a hosted WindowsCF account with a dedicated IP
I have a hosted Linux account that can get a separate dedicated IP

I want to create a form on the CF side that has its action script on the Linux side using POST method. And the data needs to be secure - not plain text over the internet.

I am curious what ways I can do this.

Some thoughts I had were some use of self signed certificates... if both had the same key or something. But I don't know how that would work mechanically speaking. I am not an HTTPS pro, nor a certificate pro... but need to get there.

Looking for ideas here... but ideas with guts... ideas with pointers to get me going the right way.

Report · Sep 24, 2008

one other detail. the Linux server is set up as a subdomain, like files.domain.com where the CF server is the domain.com

the accounts are from two different providers/datacenters - both are shared servers.

Report · Sep 24, 2008

jasals wrote:
> one other detail. the Linux server is set up as a subdomain, like
> files.domain.com where the CF server is the domain.com
>
> the accounts are from two different providers/datacenters - both are shared
> servers.
>

I can't give you the entire picture. But, unless there is more to this
puzzle then you have spelled out, there is *NO* communication between
the windows CF account and the Linux account, if you just set the form
action to point to the sub-domain that resides on the Linux server. The
communication is then just going to be between the client that received
the form from the Windows server and the Linux server to which it was
told to delver the posted response. And I would imagine this is a
pretty standard certificate set up at this point.

I.E. If the Windows Client delivered the following form to the client:

...
<form action="https://linux.mydomain.com/some-action-page/" methode="post">
stuff...
</cform>

The browser is going to make the secure connection with the Linux server
in the normal fashion.

Report · Sep 25, 2008

Ian, my concern is that a standard form submit is not encrypted. All of the form variables are sent via the web to the linux server in a non-secure manner.

The goal is to send the form variables from the CF8 server form as a post to the linux action page in an encrypted manner.

Report · Sep 25, 2008

jasals wrote:
> Ian, my concern is that a standard form submit is not encrypted. All of the
> form variables are sent via the web to the linux server in a non-secure manner.
>
> The goal is to send the form variables from the CF8 server form as a post to
> the linux action page in an encrypted manner.
>

And the form variables would be if the form action is set to an
HTTPS://... url to a properly SSL configured server.

Report · Sep 25, 2008

> I want to create a form on the CF side that has its action script on the Linux
> side using POST method. And the data needs to be secure - not plain text over
> the internet.

It's not entirely clear what you are asking here (well it's not to me,
anyhow).

What I'm reading is that you have a form residing on one server/domain, and
the URL for the form action is on another server/domain? And the request
to the second domain (ie: the form submission) needs to be sent via HTTPS?
Don't you just need to configure the webserver on the second domain to
accept HTTPS traffic (with all the normal SSL hooplah that that entails).

Is that right?

If not, can you pls expand a bit on what you're on about?

--
Adam