Using Open Door's Commerce Server
Provide your browsers with secure transactions!
What is a Commerce Server? A commerce server is a special web server that
will ensure the secure transfer of informaton over the Internet.
Information read from and sent to the commerce server is encrypted using
the secure sockets layer (ssl) protocol, and thus can not be read by
someone "spying" on the transaction.
Why would I need to use the Commerce Server? Open Door's Commerce Server is
available to all WebDoor Pro account holders. However, only those accounts
needing information to be transferred securely, such as credit card numbers, are
recommended to use this server.
How is the commerce server set up? The commerce server runs on the same
Macintosh as the web server used for most WebDoor Pro accounts
(www2.opendoor.com). It functions in all respects just like the standard
web server running on that Macintosh, and provides access to the same set
of folders. The only difference is that access is obtained through a URL of
the form https://ssl.opendoor.com/account/. Any access of this form will be
secure.
What do I need to do to use the Commerce Server? First you must
specifically request that we give you access to the server, since we need
to set up the appropriate security. Next Decide what secure information
you'd like your clients to send or receive via Open Door's commerce server.
In most cases, you'll need to create a form that tells a program running on
the commerce server to process the form data in a secure manner. This
program is called a CGI (Common Gateway Interface). The CGI running on Open
Door's commerce server writes the information entered into the form to your
folder on the web server by creating or adding onto a file entitled
SSLData.txt in your Stats folder. (Your stats folder is used because it's
already password-protected, making it so that only you can get at the
data). The information is written in the same format as Open Door's
standard form processing CGI, but is not sent to you via e-mail, which
would be insecure and thus defeat the purpose of the commerce server.
Once the data entered is written to the file, You'll then be able to access
this data through the commerce server itself and securely retrieve your
orders, information etc.
Want to know more?
Creating Your Form
Testing Your Form
Retrieving Secure Information
Additional Notes
NOTE: it is very important your follow these directions exactly to ensure
your information it transfered and retrieved securely.
Follow the steps listed below to create your form
(Sorry, the commerce server is not currently supported by WebDoor Publisher, so you'll need to write at least some part of the HTML yourself):
- Write the appropriate HTML for your form. Be sure to include a "submit"
element. In the "FORM" tag, include the following:
<FORM METHOD="POST" ACTION="https://ssl.opendoor.com/CGI/WebDoorSSL.cgi">
- You must include a "hidden form element" which tells Open Door's CGI
that your page was not created using WebDoor Publisher:
<INPUT TYPE=HIDDEN NAME="WDversion" VALUE="Custom your-version">
You can replace "your-version" with any desried indicator. Be sure it
begins "Custom..."
- You must include a "hidden form element" which tells Open Door's CGI
the folder to send the form data to:
<INPUT TYPE=HIDDEN NAME="WebDoorSSLRecipient" VALUE="YourAccountName">
"YourAccountName" should be the exact name you requested for your WebDoor
Pro account (i.e- if your account name is MyAccount then input MyAccount as
the VALUE).
- You must include a "hidden form element" which tells Open Door's CGI
the URL of the page to open after the form is processed (that is, after the
browser hits the "submit" button):
<INPUT TYPE=HIDDEN NAME="WebDoorNextLink" VALUE="your-URL">
"your-URL" must be a fully specified URL and must be accessed through the
secure server, for instance
https://ssl.opendoor.com/YourAccountName/YourNextFile.html
- Drag the .html file you've created to your folder on the "Open Door Web
Pages 2" AppleShare server, or copy the file to ftp2.opendoor.com via FTP.
- Connect to the Internet and test the form to make sure it works
correctly. You can test the individual form elements on your local hard
disk. Note: you can only test the form's data transfer, and its linking to
another page, over the Internet.
Follow the steps listed below for testing:
(Note: this will be the same steps
your potential clients will be using to submit information)
- Access your form via the below URL address (make sure you're always
using full URLs NO RELATIVE LINKS). You may receive a window stating "You
have requested a secure document. Click OK."
https://ssl.opendoor.com/YourAccountName/YourFormName.html
(NOTE: replace YourAccountName with your Open Door Account Name and
YourFormName.html with the .html form name you've created.)
- Fill out the form. Click submit.
- You should receive the correct Next Link URL. Make sure your next link
is not a Relative link and begins:
https://ssl.opendoor.com/YourAccountName/YourNextLink.html
(this will ensure the information is secure.)
Follow the steps listed below to retrieve your secure form information:
- Open https://ssl.opendoor.com/YourAccountName/Stats/SSLData.txt You are
required to enter your name and password.
- The above URL will securely retrieve all data which has been entered
into your secure form(s), providing you have entered the correct Account
Name and password. Your account name and password are the same as for your
existing account. Newly-entered data will always be added to the bottom of
your SSLData.txt file. If you so desire you can delete or rename this file
through ARA or FTP, once you have processed data. When new data is received
a new file will then be created within your Stats folder also entitled
SSLData.txt.
- Save the retrieved data to your local hard disk if desired. Either copy and paste the information and save to your local hard disk, View Source (will also save to your desktop), or Save as...
- You may also retrieve your information via ARA from your Stats folder.
Additional Notes:
- If your WebDoor Pro account is on www.opendoor.com rather than www2, we
will have to arrange to move it for you to use the commerce server. If you
have a webmaster account (co-located server) and want to use the commerce
server, please contact us directly for details of how to do so.
- The name of the commerce server must be ssl.opendoor.com. This is for
security reasons. You cannot use an alias like www2.your-domain.com.
- Some old browsers do not support SSL, so you may want to consider
having a non-secure page for users of those browsers.
- Be sure to use the commerce server only for those pieces of data that
need to be secure. Due to the complexity of the encryption, it will be
significantly slower than the standard server.
What if I need help or have questions? As always, you can reach Open Door by phone at (541) 488-4127, or send us e-mail at help@opendoor.com.
©2005 Open Door Networks, Inc. WebDoor, HomeDoor and LogDoor are trademarks of Open Door Networks, Inc.