Difference between revisions of "How Secure Web (SSL) Works"
(→Your Options) |
(fix formatting and URL ref) |
||
Line 11: | Line 11: | ||
If you'd like to use SSL encryption for your web site/domain hosted on XMission, you have a few options. | If you'd like to use SSL encryption for your web site/domain hosted on XMission, you have a few options. | ||
− | The first, and easiest, would be to use XMission's certificate. To do this, change the URL's of the pages you wish to secure to https://www.xmission.com/~username/securepage.html where you replace | + | The first, and easiest, would be to use XMission's certificate. To do this, change the URL's of the pages you wish to secure to ''<nowiki>https://www.xmission.com/~username/securepage.html</nowiki>'' where you replace ''username'' with your XMission ''username'' and ''securepage.html'' with the page you wish to secure. This could, however, be a problem for you if you have your own domain name. Reason being, you must use the XMission domain in the URL instead of www.yourdomain.com. For more details about using this method, please refer to the [[Secure Web (SSL) Tutorial]]. |
If you have your own domain and you do not wish to use the XMission domain in the pages you wish to secure, you may get a certificate signed by XMission. A certificate signed by XMission is free of charge to any XMission customer. Once again, however, there is a problem with this method. Your visitors will be prompted with "Unknown Authority" (or something similar, depending on the browser used) when they first visit the secured pages. This has the possibility of scaring off potential clients or customers that are easily spooked by "hackers" or viruses. A certificate signed by XMission, however, is just as secure as a certificate signed by a public CA. You can request a certificate signed by XMission by filling out the request form. | If you have your own domain and you do not wish to use the XMission domain in the pages you wish to secure, you may get a certificate signed by XMission. A certificate signed by XMission is free of charge to any XMission customer. Once again, however, there is a problem with this method. Your visitors will be prompted with "Unknown Authority" (or something similar, depending on the browser used) when they first visit the secured pages. This has the possibility of scaring off potential clients or customers that are easily spooked by "hackers" or viruses. A certificate signed by XMission, however, is just as secure as a certificate signed by a public CA. You can request a certificate signed by XMission by filling out the request form. |
Revision as of 15:31, 12 February 2009
Overview
Most web sites will use SSL encryption for collecting personal or confidential information. You'll most often see the use of SSL encryption when purchasing something online or viewing private statistics or documents. You'll notice that the URL (or web address) will start with https:// instead of http://. Your browser will recognize this is secure. The process is usually very smooth on the client's side. This may be an option that you're looking into for your web site hosted by XMission.
In more detail, SSL, Secure Sockets Layer, is the leading security protocol on the Internet. When an SSL session is started, the browser sends its public key to the server so that the server can securely send a secret key to the browser. The browser and server exchange data via secret key encryption during that session.
An SSL certificate is a unique digital ID that can be used to verify the identity of a person, web site, or JavaScript/Java Applet. The certificate always includes a public key, the name of the entity it identifies, an expiration date, the name of the certificate authority (CA) that issued the certificate, the digital signature of the CA, and a serial number. These certificates use public key cryptography to sign and authenticate signatures and are protected by public and private key pairs linked by cryptographic algorithms. These keys have the ability to encrypt and decrypt information.
Your Options
If you'd like to use SSL encryption for your web site/domain hosted on XMission, you have a few options.
The first, and easiest, would be to use XMission's certificate. To do this, change the URL's of the pages you wish to secure to https://www.xmission.com/~username/securepage.html where you replace username with your XMission username and securepage.html with the page you wish to secure. This could, however, be a problem for you if you have your own domain name. Reason being, you must use the XMission domain in the URL instead of www.yourdomain.com. For more details about using this method, please refer to the Secure Web (SSL) Tutorial.
If you have your own domain and you do not wish to use the XMission domain in the pages you wish to secure, you may get a certificate signed by XMission. A certificate signed by XMission is free of charge to any XMission customer. Once again, however, there is a problem with this method. Your visitors will be prompted with "Unknown Authority" (or something similar, depending on the browser used) when they first visit the secured pages. This has the possibility of scaring off potential clients or customers that are easily spooked by "hackers" or viruses. A certificate signed by XMission, however, is just as secure as a certificate signed by a public CA. You can request a certificate signed by XMission by filling out the request form.
The last means of using SSL with XMission would be to purchase a signed certificate and key from GeoTrust or another CA. When this is done, you will need to upload the signed certificate (public key) and the RSA key (private key) in PEM format. To make this process more secure, you may request that XMission generate the RSA key to be kept on XMission and send you the unsigned certificate. You can then have the certificate signed and returned to XMission with less threat of the RSA private key (which will not leave XMission's hands) being seen by another party.
To complete SSL Certificate process, please email ssl@xmission.com with the following information:
- Do you want a certificate signed by XMission, or signed by another CA such as GeoTrust?
- Your XMission account name.
- Name of organization.
- Which department of this organization is this for?
- Website to be certified (i.e. www.domain.com or store.domain.com)
- Contact email for website (e.g. webmaster@domain.com)
- City
- State
- Country
- SSL Certificate approver email address? (e.g. ssladmin@domain.com, or whois admin/tech contact)
Important: A site with multiple domain names pointing to the SSL certified site needs to give strong consideration to purchasing a wildcard SSL service. Otherwise the site visitor will be presented with a browser error regarding the non-matching SSL certificate.
Public CA's
Here is a small list of public CA's you can purchase certificates from (in alphabetical order).