SSL (Secure Sockets Layer protocol) is a standard for
transmitting confidential data such as credit card numbers
over the Internet. Most true business sites support this
feature which allows more security in data transmitted over
the WWW. This is the standard minimum security level for
true business on the Internet. SSL works by using a private
key to encrypt data that is transferred over the SSL
connection. To read more about what is SSL and how it works,
go to
http://www.modssl.org/docs/2.8/index.html
You can secure transfer of the confidential data on your
site through:
Using the Key and Certificate You Already
Have
SSL requires a dedicated IP, because name-based hosting
does not support data encryption in HTTP requests. To enable
SSL, do the following:
- Select Domain info in the Domain Settings
menu.
- Click the Edit icon in the Web Service field.
- Enable SSL for the domain in the list.
- Agree to charges, if any.
- Enter the SSL Server Private Key and SSL Certificate in the boxes that
appear:
- In the Site Name field, choose whether you want to secure with or
without the www prefix. Only one option will work correctly. For
instance, if you choose to secure
http://www.domain.com, your visitors will get security warnings when
they go to http://domain.com.
- Click Submit. Now your site is secured.
Creating a Temporary Certificate
The only difference between temporary and permanent
certificates is that temporary certificates are generated by
your control panel, not trusted Certificate Authorities.
Thus, when visitors enter your site, they will get the
"unknown certification authority" warning window.
To generate a new temporary SSL private key and
certificate, do the following:
- Select Domain info in the
Domain Settings menu.
- Click the Edit icon in the Web Service
field.
- Enable SSL for the domain in the
list.
- Agree to charges, if any.
- Click the link at the top of the form that appears.
- On the page that appears, confirm your details by
clicking the Submit button:
These data will be used to generate the certificate. Don't
make changes to the data if you are not sure about the
purpose of these changes.
- Follow instructions that appear at the top of the next
page.
- SSL Certificate Signing request. It includes the
details that you submitted on the previous step. Use
this request if you want to get a permanent SSL
certificate from a trusted Certificate Authority, such
as
Thawte
and
VeriSign
(see below).
- SSL Server Private Key. This is the secret key to
decrypt messages from your visitors. It must be stored
in a secure place where it is inaccessible to others.
Don't lose this key, you will need it if you get a
permanent certificate.
- Temporary SSL Certificate. It validates your
identity and confirms the public key to assure the
visitors that they are communicating with your server,
not any other party.
Acquiring a Permanent Certificate
To get a permanent certificate, do the following:
- Generate a temporary SSL certificate (see
above).
- Copy the signing request and private key for later use.
- Go to Thawte,
VeriSign,
or any other Certificate Authority and choose to get a new certificate. When
requested, enter the signing request that you have saved.
- After the permanent SSL Certificate has been generated, save it to a
secure location.
- Select Domain info in the Domain Settings menu.
- Go to the Web Service page and click the Edit
icon in the SSL field.
- Enter the certificate into the upper box of the form that opens and click
Upload:
Note: For Equifax, also enter the certificate authority file; for COMODO.NET,
also enter the rootchain certificate (Certificate Chain File).
- Now you can use the sertificate jointly with the private key you have
saved.
Using Your Provider's SSL Certificate (Shared
SSL)
If your provider offers a Shared SSL certificate, you can
use it instead of purchasing a certificate of your own.
Unlike a regular SSL certificate, it costs less, doesn't
require a dedicated IP, and belongs to an equally trusted
Certificate Authority. The disadvantage of shared SSL is
that it can be used only with third level domains.
To secure your site with Shared SSL, do the following:
- Select Domain info in the
Domain Settings menu.
- Click the Edit icon in the Web Service field.
- Enable Shared SSL for the domain in the
list.
- Agree to charges, if any.
- If you are using a second level domain (example.com),
you will be asked to create a third level domain alias (e.g.
domainalias.example.com):
Now the site is available both at the non-secured second
level domain name (e.g. http://example.com) and at
the secured third level domain alias (e.g.
https://example.victor.psoft). Note that Shared SSL
certificates work only within one domain level, i.e. for
user1.example.com and not for
www.user1.example.com. In the example above, the
certificate will not work for
www.example.victor.psoft, and your visitors will get the
warning: "The name on the security certificate does not
match the name of the site".
NOTE: When designing your pages set any internal
links to images or frames as <a href='https://user.domain.com/images/example.jpg'>
or simply <a href='/images/example.jpg'>. If you use
the <a href='http://...> link, your visitors will get
the message: "The page contains both secure and non-secure
items". This isn't much of a problem in terms of security,
since visitors may simply choose the "do not display
nonsecure items" option, but no graphics will be displayed.
|