|
SSL (Secure Sockets Layer
protocol) is a standard
for transmitting confidential
data such as credit card
numbers over the Internet.
Most true business sites
support this feature which
allows more security in
data transmitted over the
WWW.
This is the standard minimum
security level for true
business on the Internet.
SSL works by using a private
key to encrypt data that
is transferred over the
SSL connection.
To read more
about what is SSL and how
it works, go to http://www.modssl.org/docs/2.8/index.html
You can secure
transfer of the confidential
data on your site through:
 Using
the Key and Certificate
You Already Have |
SSL requires a dedicated
IP, because name-based hosting
does not support data encryption
in HTTP requests.
To enable SSL, do the
following:
- Click SSL
on your control panel
home page.
- Enable SSL
for the domain in the
list.
- Agree to
charges, if any.
- Enter the
SSL Server Private Key
and SSL Certificate in
the boxes that appear:
In the Site Name field,
choose whether you want
to secure with or without
the www prefix. Only one
option will work correctly.
For instance, if you choose
to secure http://www.domain.com,
your visitors will get security
warnings when they go to
http://domain.com.
- Click Submit.
Now your site is secured.
| Creating
a Temporary Certificate |
The only difference
between temporary and permanent
certificates is that temporary
certificates are generated
by your control panel, not
trusted Certificate Authorities.
Thus, when visitors enter
your site, they will get
the "unknown certification
authority" warning window.
To generate a new temporary
SSL private key and certificate,
do the following:
- Click SSL
on your control panel
home page.
- Enable SSL
for the domain in the
list.
- Agree to
charges, if any.
- Click the
link at the top of the
form that appears.
- On the page
that appears, confirm
your details by clicking
the Submit button:
These data will be used
to generate the certificate.
Don't make changes to the
data if you are not sure
about the purpose of these
changes.
Follow instructions that
appear at the top of the
next page.
SSL Certificate
Signing request:
It includes the details
that you submitted on the
previous step. Use this
request if you want to get
a permanent SSL certificate
from a trusted Certificate
Authority, such as Thawte
and VeriSign.
SSL Server
Private Key:
This is the secret key to
decrypt messages from your
visitors. It must be stored
in a secure place where
it is inaccessible to others.
Don't lose this key, you
will need it if you get
a permanent certificate.
Temporary
SSL Certificate:
It validates your identity
and confirms the public
key to assure the visitors
that they are communicating
with your server, not any
other party.
| Acquiring
a Permanent Certificate |
To get a permanent certificate,
do the following:
- Generate
a temporary SSL certificate
(see above).
- Copy the
signing request and private
key for later use.
- Go to Thawte,
VeriSign, or any other
Certificate Authority
and choose to get a new
certificate. When requested,
enter the signing request
that you have saved.
- After the
permanent SSL Certificate
has been generated, save
it to a secure location.
- Click SSL
on your control panel
home page.
- Go to the
Web Service page and click
the Edit icon in the SSL
field.
- Enter the
certificate into the upper
box of the form that opens
and click Upload:
Note: For Equifax,
also enter the certificate
authority file; for COMODO.NET,
also enter the rootchain
certificate (Certificate
Chain File).
Now you can use the sertificate
jointly with the private
key you have saved.
| Using
Your Provider's SSL
Certificate (Shared
SSL) |
If your provider
offers a Shared SSL certificate,
you can use it instead of
purchasing a certificate
of your own. Unlike a regular
SSL certificate, it costs
less, doesn't require a
dedicated IP, and belongs
to an equally trusted Certificate
Authority. The disadvantage
of shared SSL is that it
can be used only with third
level domains.
To secure your site with
Shared SSL, do the following:
- Click SSL
on your control panel
home page.
- Enable Shared
SSL for the domain in
the list.
- Agree to
charges, if any.
- If you are
using a second level domain
(example.com), you will
be asked to create a third
level domain alias (e.g.
domainalias.example.com):
Now the site
is available both at the
non-secured second level
domain name (e.g. http://example.com)
and at the secured third
level domain alias (e.g.
https://example.victor.psoft).
Note that Shared
SSL certificates work only
within one domain level,
i.e. for user1.example.com
and not for www.user1.example.com.
In the example above, the
certificate will not work
for www.example.victor.psoft,
and your visitors will get
the warning: "The name on
the security certificate
does not match the name
of the site".
NOTE: When designing your
pages set any internal links
to images or frames as <a
href='https://user.domain.com/images/example.jpg'>
or simply <a href='/images/example.jpg'>.
If you use the <a href='http://...>
link, your visitors will
get the message: "The page
contains both secure and
non-secure items".
This isn't much of a problem
in terms of security, since
visitors may simply choose
the "do not display nonsecure
items" option, but no graphics
will be displayed.
|
Overview
Sales Line
Documentations
Part 10 - SSL
Securing
Transferred Data through SSL