|
|
 |
SSL
10.1 Securing Transferred Data through
SSL
10.1.1 Using the Key and Certificate You Already
Have
10.1.2 Creating a Temporary Certificate
10.1.3 Acquiring a Permanent Certificate
10.1.4 Using Your Provider's SSL Certificate
(Shared SSL)
10.2 Installing Comodo SSL Certificate
SSL
10.1 Securing Transferred Data through SSL
SSL (Secure Sockets Layer protocol) is a standard for transmitting
confidential data such as credit card numbers over the Internet.
Most true business sites support this feature which allows more
security in data transmitted over the WWW.
This is the standard minimum security level for true business
on the Internet. SSL works by using a private key to encrypt
data that is transferred over the SSL connection.
To read more about what is SSL and how it works, go to http://www.modssl.org/docs/2.8/index.html
You can secure transfer of the confidential data on your site through:
10.1.1 Using the Key and Certificate You Already Have
SSL requires a dedicated IP, because name-based hosting does not support data encryption in HTTP requests.
To enable SSL, do the following:
|
- Click SSL on your control panel home page.
- Enable SSL for the domain in the list.
- Agree to charges, if any.
- Enter the SSL Server Private Key and SSL Certificate in the
boxes that appear:
In the Site Name field, choose whether you want to secure with or without the www prefix. Only one option will work correctly. For instance, if you choose to secure http://www.domain.com, your visitors will get security warnings when they go to http://domain.com.
- Click Submit. Now your site is secured.
10.1.2 Creating a Temporary Certificate
The only difference between temporary and permanent certificates is that temporary certificates are generated by your control panel, not trusted Certificate Authorities. Thus, when visitors enter your site, they will get the "unknown certification authority" warning window.
To generate a new temporary SSL private key and certificate,
do the following:
- Click SSL on your control panel home page.
- Enable SSL for the domain in the list.
- Agree to charges, if any.
- Click the link at the top of the form that appears.
- On the page that appears, confirm your details by clicking the Submit button:
|
These data will be used to generate the certificate. Don't make
changes to the data if you are not sure about the purpose of
these changes.
Follow instructions that appear at the top of the next page.
|
SSL Certificate Signing request:
It includes the details that you submitted on the previous step.
Use this request if you want to get a permanent SSL certificate
from a trusted Certificate Authority, such as Thawte and VeriSign.
SSL Server Private Key:
This is the secret key to decrypt messages from your visitors.
It must be stored in a secure place where it is inaccessible
to others. Don't lose this key, you will need it if you get a
permanent certificate.
Temporary SSL Certificate:
It validates your identity and confirms the public key to assure
the visitors that they are communicating with your server, not
any other party.
10.1.3 Acquiring a Permanent Certificate
To get a permanent certificate, do the following:
- Generate a temporary SSL certificate (see above).
- Copy the signing request and private key for later use.
- Go to Thawte, VeriSign, or any other Certificate Authority
and choose to get a new certificate. When requested, enter the
signing request that you have saved.
- After the permanent SSL Certificate has been generated, save
it to a secure location.
- Click SSL on your control panel home page.
- Go to the Web Service page and click the Edit icon in the
SSL field.
- Enter the certificate into the upper box of the form that opens and click Upload:
Note: For Equifax, also enter the certificate authority file; for COMODO.NET, also enter the rootchain certificate (Certificate Chain File).
Now you can use the sertificate jointly with the private key
you have saved.
10.1.4 Using Your Provider's SSL Certificate (Shared SSL)
If your provider offers a Shared SSL certificate, you can use it instead of purchasing a certificate of your own. Unlike a regular SSL certificate, it costs less, doesn't require a dedicated IP, and belongs to an equally trusted Certificate Authority. The disadvantage of shared SSL is that it can be used only with third level domains.
To secure your site with Shared SSL, do the following:
- Click SSL on your control panel home page.
- Enable Shared SSL for the domain in the list.
- Agree to charges, if any.
- If you are using a second level domain (example.com), you will be asked to create a third level domain alias (e.g. domainalias.example.com):
Now the site is available both at the non-secured second level
domain name (e.g. http://example.com) and at the secured third
level domain alias (e.g. https://example.victor.psoft).
Note that Shared SSL certificates work only within one domain level, i.e. for user1.example.com and not for www.user1.example.com. In the example above, the certificate will not work for www.example.victor.psoft, and your visitors will get the warning: "The name on the security certificate does not match the name of the site".
NOTE: When designing your pages set any internal links to images
or frames as <a href='https://user.domain.com/images/example.jpg'>
or simply <a href='/images/example.jpg'>. If you use the
<a href='http://...> link, your visitors will get the message:
"The page contains both secure and non-secure items".
This isn't much of a problem in terms of security, since visitors
may simply choose the "do not display nonsecure items"
option, but no graphics will be displayed.
10.2 Installing Comodo SSL Certificate
To install a Comodo SSL certificate:
- Click SSL on your control panel home page.
- Enable SSL for the domain in the list.
- Agree to charges, if any.
- Click the link at the top of the form that appears.
- On the page that appears, confirm your details by clicking the Submit button:
|
- These data will be used to generate the certificate.
- Don't make changes to the data if you are not sure about
the purpose of these changes.
- Follow instructions that appear at the top of the next page.
|
SSL Certificate Signing request:
It includes the details that you submitted on the previous step.
Use this request to get an SSL certificate from Comodo.
SSL Server Private Key:
This is the secret key to decrypt messages from your visitors.
It must be stored in a secure place where it is inaccessible
to others. Don't lose this key, you will need it if you get a
permanent certificate.
Temporary SSL Certificate:
It validates your identity and confirms the public key to assure
the visitors that they are communicating with your server, not
any other party.
- Copy the signing request and private key for later use.
- Click Submit Query.
- Go to http://www.instantssl.com/products/ssl.html and choose
to get a new SSL certificate.
- When requested, enter the signing request that you have saved.
You will be given an SSL certificate and a rootchain certificate.
- Save your SSL and rootchain certificates to a secure location.
- Click SSL on your control panel home page.
- Go to the Web Service page and click the Edit icon in the
SSL field.
- In the form that opens, enter the SSL certificate into the box Install Certificate based on previously generated Certificate request and click Upload:
|
Enter the rootchain certificate into the box Certificate Chain File and click Install:
|
Now you can use the certificate jointly with the private key you have saved.
|
|||||||||
|
|||||||||
|
