Getting SecureDocs To Work With SSL
Last week a colleague asked if SecureDocs worked with SSL. I said, of course it does. Everything works with SSL, since IIS provides the support. Guess what….I was wrong…sort of…but with a few lines of HTML, I was actually right.
SSL, or Secure Sockets Layer, is a feature supported by most web servers and browsers out there for the last 10+ years. It basically encrypts the connection between the host and the client making it nearly impossible for a third-party to see the information. You know you have an SSL connection when you see the URL begin with https instead of http. I say nearly impossible because it is possible to fool some users into thinking they have an SSL connection when they don’t and hijack the connection. Look for a Hak5 episode on Man in the Middle attacks with SSL for more on that.
Since this is a browser and web server feature, there isn’t any need for the site software to support it directly, right? Well, normally that would be true. SecureDocs, as I have mentioned in this earlier blog post, creates a website automatically for a document you send to someone else. This website gets created automatically regardless of whether you use SSL or not. A problem with SSL and SecureDocs comes up when we send out the notification email. That email includes the URL to the website and that URL begins with http:// and not https://. There is no way that I know of to change this URL in the email so it might seem that we don’t support SSL, right? Well, it turns out that IIS gives us a solution in the form of custom error messages.
Here is how you solve this for SecureDocs (and for any other website).
- Enable the SecureDocs website for SSL. This involves either creating a local certificate authority or paying for a real certificate. There are plenty of pointers on how to do this online.
- Create a file in c:\inetpub\wwwroot called sslredirect.htm
- Enter the following text into that file:
- In IIS Manager, go to the SecureDocs website properties. Click the Custom Errors tab and double-click on 403;4
- Change the Message Type to URL and type the following for URL: /sslredirect.htm
That’s it. Now when you click the link that starts with http:// you will automatically be redirected to the https:// version instead.
Now before you go thinking I am this amazing genius for coming up with this, I have to let you know that most of this information comes from this page. But the text shown on his page doesn’t work quite right. I had to add the window.location.search myself to get the SecureDocs parameters to show. If you still think I am a genius, well, I can’t stop you…
If this helps you, let me know in the comments. If you have any questions about this or anything else about Rightfax and Alchemy, share those with me in the comments as well. Or contact me on Twitter where I go by the name technovangelist.