|
SSL (Secure Sockets Layer protocol) is a standard for transmitting
confidential data such as credit card numbers over the Internet.
Most true business sites support this feature which allows
more security in data transmitted over the WWW. This is the
standard minimum security level for true business on the Internet.
SSL works by using a private key to encrypt data that is transferred
over the SSL connection. To read more about what is SSL and
how it works, go to http://www.modssl.org/docs/2.8/index.html
You can secure transfer of the confidential data on your
site through:
Using the Key
and Certificate You Already Have
SSL requires a dedicated IP because name-based hosting does
not support data encryption in HTTP requests. To enable SSL,
go to the Web Service page and click the ON/OFF
button in the SSL Support field.
If you are migrating from a different provider and already
have an SSL private key and certificate, just enter them into
the boxes that appear:
Creating a
Temporary Certificate
The only difference between the temporary and permanent certificates
is that the first is not generated by trusted Certificate
Authorities. Thus, when users enter your site they will get
the "unknown certification authority" warning window.
To generate a new temporary SSL private key and certificate,
click the link at the top of the form.
In the next window, confirm your data by clicking the Submit
button. These data are required to generate the certificate.
Don't make changes to the data if you are not sure about the
purpose of these changes:
After you have submitted the form, the following is generated:
- SSL Certificate Signing request. It includes the details
that you submitted on the previous step. Use this request
if you want to get a permanent SSL certificate from a trusted
Certificate Authority, such as Thawte
and VeriSign
(see below).
- SSL Server Private Key. This is the secret key to decrypt
messages from your visitors. It must be stored in a secure
place where it is inaccessible to others.
- Temporary SSL Certificate. It validates your identity
and confirms the public key to assure the visitors that
they are communicating with your server, not any other party.
Now that you press the Submit Query button, your site
will become secured with your temporary SSL pair.
Acquiring a
Permanent Certificate
To get a permanent certificate, you first need to generate
a certificate signing request. It includes your details and
is generated as you create a temporary SSL certificate (see
above). Copy this signing
request so you can use it later.
As the next step, go to Thawte,
VeriSign,
or any other Certificate Authority and choose to get a new
certificate. When requested, enter the signing request that
you have saved.
After the permanent SSL Certificate has been generated, save
it to a secure location. Then go to the Web Service
page and click the Edit icon in the SSL field.
Enter the certificate into the upper box of the form that
opens:
Then click upload. Now your transactions are secured.
Using Your Provider's
SSL Certificate (Shared SSL)
If your provider offers Shared SSL certificates, you can
use them instead of purchasing a certificate of your own.
Shared SSL certificate allows to secure multiple hosts within
the same domain. For example, a certificate for ' *.domain.com
' could be used for 'user1.domain.com', 'user2.domain.com',
'user3.domain.com'. When your client checks the host
name in this certificate it uses a shell expansion procedure
to see if it matches.
Unlike a regular SSL certificate, it costs less, doesn't
require a dedicated IP, and belongs to an equally trusted
Certificate Authority. The disadvantage of shared SSL is that
it can be used only with third level domains.
To secure your site with Shared SSL, go to the Web Service
page and click the ON/OFF button in the Shared SSL
Support field.
If you are using a second level domain (domain.com), you are asked to
create a third level domain alias (e.g. domainalias.domain.com):
In the above example, the site at domain testik.com
is made available both at the non-secured second level domain
name address (http://testik.com) and at the secured
third level domain alias address (https://testik.victor.psoft).
Note that Shared SSL certificates work only within one domain
level, i.e. for user1.domain.com and not for www.user1.domain.com.
In the example above, the certificate will not work for www.testik.victor.psoft,
and the users' browsers will show a warning message: "The
name on the security certificate does not match the name of
the site".
NOTE: When designing your pages set any internal links
to images or frames as <a href='https://user.domain.comimages/example.jpg'>
or simply <a href='images/example.jpg'>. If
you use the <a href='http://...> link, visitors'
browsers will display the message "The page contains
both secure and non-secure items". This is mot much of
a problem in terms of security, since visitors may simply
choose the "not display nonsecure items" option,
but no graphics will be displayed.
|
