How Secure Web (SSL) Works
Most web sites will use SSL encryption for collecting personal or confidential information. You'll most often see the use of SSL encryption when purchasing something online or viewing private statistics or documents. You'll notice that the URL (or web address) will start with https:// instead of http://. Your browser will recognize this is secure. The process is usually very smooth on the client's side. This may be an option that you're looking into for your web site hosted by XMission.
In more detail, SSL, Secure Sockets Layer, is the leading security protocol on the Internet. When an SSL session is started, the browser sends its public key to the server so that the server can securely send a secret key to the browser. The browser and server exchange data via secret key encryption during that session.
If you'd like to use SSL encryption for your web site/domain hosted on XMission, you have a few options.
The first, and easiest, would be to use XMission's certificate. To do this, change the URL's of the pages you wish to secure to https://www.xmission.com/~username/securepage.html where you replace user name with your XMission user name and securepage.html with the page you wish to secure. This could, however, be a problem for you if you have your own domain name. Reason being, you must use the XMission domain in the URL instead of www.yourdomain.com. For more details about using this method, please refer to the SSL Tutorial.
If you have your own domain and you do not wish to use the XMission domain in the pages you wish to secure, you may get a certificate signed by XMission. A certificate signed by XMission is free of charge to any XMission customer. Once again, however, there is a problem with this method. Your visitors will be prompted with "Unknown Authority" (or something similar, depending on the browser used) when they first visit the secured pages. This has the possibility of scaring off potential clients or customers that are easily spooked by "hackers" or viruses. A certificate signed by XMission, however, is just as secure as a certificate signed by a public CA. You can request a certificate signed by XMission by filling out the request form.
The last means of using SSL with XMission would be to purchase a signed certificate and key from GeoTrust or another CA. When this is done, you will need to upload the signed certificate (public key) and the RSA key (private key) in PEM format. To make this process more secure, you may request that XMission generate the RSA key to be kept on XMission and send you the unsigned certificate. You can then have the certificate signed and returned to XMission with less threat of the RSA key (which will won't leave XMission's hands) to be seen by another party.
To complete SSL Certificate process, please email firstname.lastname@example.org with the following information:
- Do you want a certificate signed by XMission, or signed by another CA such as GeoTrust?
- Your XMission account name.
- Name of organization.
- Which department of this organization is this for?
- Website to be certified (i.e. www.domain.com or store.domain.com)
- Contact email for website (e.g. email@example.com)
- SSL Certificate approver email address? (e.g. firstname.lastname@example.org, or whois admin/tech contact)
Important: A site with multiple domains pointing to the SSL certified site need to give strong consideration to purchasing a wildcard SSL service. Otherwise the site visitor will be presented with a browser notice regarding the non-matching SSL certificate.
Here is a small list of public CA's you can purchase certificates from (in alphabetical order).