Difference between revisions of "How Secure Web (SSL) Works"

From XMission Wiki
Jump to: navigation, search
(Your Options)
(Your Options)
Line 57: Line 57:
 
* Which department of this organization is this for?
 
* Which department of this organization is this for?
 
* Website to be certified (i.e. www.domain.com or store.domain.com)
 
* Website to be certified (i.e. www.domain.com or store.domain.com)
* Contact email for website  
+
* Contact email for website. (e.g. webmaster@domain.com)
** Must match approval email address as listed below or it will be rejected by SSL Registrar (e.g. webmaster@domain.com)
 
 
* City
 
* City
 
* State
 
* State
 
* Country
 
* Country
* SSL Certificate approver email address? (e.g. ssladmin@domain.com, or whois admin/tech contact)
+
* SSL Certificate Approver Email Address?  
* Verify email address used when registering the domain is valid and working. Confirm address here:  
+
** Must match Approver Email Address as listed below or it will be rejected by SSL Registrar  (e.g. ssladmin@domain.com, or whois admin/tech contact)
 +
* Verify email address used when registering the domain is valid and working. Provide address here:  
 
** This is where your certificate will be sent.
 
** This is where your certificate will be sent.
  
 
'''NOTE'''<br>
 
'''NOTE'''<br>
 
Approval of Your Certificate Request
 
Approval of Your Certificate Request
The SSL service relies upon the Subscriber or the Subscriber's authorized administrator to approve all certificate requests for all hosts in the domain. It is important that you select the correct authorized administrator below. By selecting an authorized administrator, you warrant to Certification Authority that the individual is authorized to approve the request. Your request for a SSL server certificate will not be processed beyond this point if you select an incorrect Approver Email address.
+
The SSL service relies upon the Subscriber or the Subscriber's authorized administrator to approve all certificate requests for all hosts in the domain. It is important that to select the correct authorized administrator below. By selecting an authorized administrator, you warrant to Certification Authority that the individual is authorized to approve the request. Requests will not be processed beyond this point if you select an incorrect Approver Email Address.
  
The following alternate approval email addresses can be used as Approver Email. You must make sure that the email account has been set up and is available before you submit this order, or the approval email will not be delivered:
+
The following alternate addresses can be used for your Approver Email Address. Again, you must verify the email account has been set up and is available before submitting this order, or the approval email will not be delivered:
 
{|
 
{|
 
|-  
 
|-  
Line 94: Line 94:
 
|}
 
|}
  
* Once the validation email has been approved. The certificate will be sent to the email address you registered your domain with. Please verify this email address can receive email. If you have registered your domain though us and do not have access to this email, please contact us.  
+
* Once the validation email has been approved. The certificate will be sent to the email address used when registering your domain. Please verify this email address can receive email and is checked. If your domain was registered though XMission Domain Services and you do not have access to this email, please contact us.  
  
 
Please Note: A site with multiple domain names pointing to the SSL certified site should purchase a wildcard SSL certificate. Otherwise the site visitor will be presented with a browser error regarding the non-matching SSL certificate.
 
Please Note: A site with multiple domain names pointing to the SSL certified site should purchase a wildcard SSL certificate. Otherwise the site visitor will be presented with a browser error regarding the non-matching SSL certificate.

Revision as of 11:23, 5 September 2017

Overview

Most web sites will use SSL encryption for collecting personal or confidential information. You'll most often see the use of SSL encryption when purchasing something online or viewing private statistics or documents. You'll notice that the URL (or web address) will start with "https://" instead of "http://". Your browser will recognize this is secure. The process is usually very smooth on the client's side. (This may be an option that you're looking into for your web site hosted by XMission.)

In more detail, SSL, Secure Sockets Layer, is the leading security protocol on the Internet. When an SSL session is started, the browser sends its public key to the server so that the server can securely send a secret key to the browser. The browser and server exchange data via secret key encryption during that session. This is designed to prevent eavesdropping, tampering, and message forgery.

An SSL certificate is a unique digital ID that can be used to verify the identity of a person, web site, or JavaScript/Java Applet. The certificate always includes a public key, the name of the entity it identifies, an expiration date, the name of the certificate authority (CA) that issued the certificate, the digital signature of the CA, and a serial number. These certificates use public key cryptography to sign and authenticate signatures and are protected by public and private key pairs linked by cryptographic algorithms. These keys have the ability to encrypt and decrypt information.

SSL Certificates are used for web sites, mail servers, and other Internet based applications.


Your Options

There are a few options available to you for using SSL encryption with your domain hosted on XMission. Here they are:


Buy your own certificate for your domain through XMission

Purchasing your own SSL Certificate is the ideal way to handle SSL requirements for your domain needs. XMission is an authorized reseller of GeoTrust SSL Certificates for your secure server needs. The process to purchase your own certificate is simple and straight forward.

  • Decide which certificate is best for your needs
  • Complete the order form online or by calling your XMission sales agent
  • Pay for the certificate by contacting XMission
  • XMission processed the request to the CA
  • You respond to the authorization email, verifying your identity
  • XMission completes installation

Please Note: A site with multiple domain names pointing to the SSL certified site should purchase a wildcard SSL certificate. Otherwise the site visitor will be presented with a browser error regarding the non-matching SSL certificate.

In most cases this can be done the same business day, largely depending on your ability to respond to the authorization verification email in a timely manner. In some instances, based on the certificate type, there may be additional verification that needs to take place will might add another day to the process. All around, it is pretty simple and painless.

Sales Information and Order Form: http://www.xmission.com/ssl/

Contact Sales: 801-539-0852, 877-964-7746 or sales@xmission.com


Use XMission's certificate for your /~user web site.

You can use XMission's certificate to secure a web page hosted on our servers. This is generally a way for home users, or businesses looking to save money, to securely encrypt data without having to purchase an SSL Certificate. To do this, change the URL's of the pages you wish to secure to https://www.xmission.com/~username/securepage.html where you replace username with your XMission username and securepage.html with the page you wish to secure. For more details about using this method, please refer to the Secure Web (SSL) Tutorial.

This method can be problematic for you if you have your own www domain name in use. Reason being, you must use the XMission domain in the URL instead of www.yourdomain.com. Secure Certificates are very affordable and we would suggest you consider purchasing one through XMission.


Use an XMission generated certificate for your domain

If you have your own domain and you do not wish to use the XMission domain in the pages you wish to secure, you may get a certificate signed by XMission. A certificate signed by XMission is free of charge to any XMission customer. Once again, however, there is a problem with this method. Your visitors will be prompted with "Unknown Authority" (or something similar, depending on the browser used) when they first visit the secured pages. This has the possibility of scaring off potential clients or customers that are easily spooked by "hackers" or viruses. A certificate signed by XMission, however, is just as secure as a certificate signed by a public CA. You can request a certificate signed by XMission by filling out the request form.


Buy your certificate through an alternate CA and have XMission install it

The last means of using SSL with XMission would be to purchase a signed certificate and key from GeoTrust or another CA. When this is done, you will need to upload the signed certificate (public key) and the RSA key (private key) in PEM format. To make this process more secure, you may request that XMission generate the RSA key to be kept on XMission and send you the unsigned certificate. You can then have the certificate signed and returned to XMission with less threat of the RSA private key (which will not leave XMission's hands) being seen by another party.


To complete SSL Certificate process, please email ssl@xmission.com with the following information:

  • Do you want a certificate signed by XMission, or signed by another CA such as GeoTrust?
  • Your XMission account name.
  • Name of organization.
  • Which department of this organization is this for?
  • Website to be certified (i.e. www.domain.com or store.domain.com)
  • Contact email for website. (e.g. webmaster@domain.com)
  • City
  • State
  • Country
  • SSL Certificate Approver Email Address?
    • Must match Approver Email Address as listed below or it will be rejected by SSL Registrar (e.g. ssladmin@domain.com, or whois admin/tech contact)
  • Verify email address used when registering the domain is valid and working. Provide address here:
    • This is where your certificate will be sent.

NOTE
Approval of Your Certificate Request The SSL service relies upon the Subscriber or the Subscriber's authorized administrator to approve all certificate requests for all hosts in the domain. It is important that to select the correct authorized administrator below. By selecting an authorized administrator, you warrant to Certification Authority that the individual is authorized to approve the request. Requests will not be processed beyond this point if you select an incorrect Approver Email Address.

The following alternate addresses can be used for your Approver Email Address. Again, you must verify the email account has been set up and is available before submitting this order, or the approval email will not be delivered:

admin@domain.tld
administrator@domain.tld
hostmaster@domain.tld
webmaster@domain.tld
postmaster@domain.tld
admin@www.domain.tld
administrator@www.domain.tld
hostmaster@www.domain.tld
webmaster@www.domain.tld
postmaster@www.domain.tld
  • Once the validation email has been approved. The certificate will be sent to the email address used when registering your domain. Please verify this email address can receive email and is checked. If your domain was registered though XMission Domain Services and you do not have access to this email, please contact us.

Please Note: A site with multiple domain names pointing to the SSL certified site should purchase a wildcard SSL certificate. Otherwise the site visitor will be presented with a browser error regarding the non-matching SSL certificate.



Public CA's

Here is a small list of public CA's you can purchase certificates from (in alphabetical order).

Digital Signature Trust Co. , Entrust, Equifax, GlobalSign, Thawte, Verisign


Legacy Shared Hosting