Securing Transferred Data through
SSL
SSL (Secure Sockets Layer protocol)
is a standard for transmitting confidential data
such as credit card numbers over the Internet. Most
true business sites support this feature which allows
more security in data transmitted over the WWW.
This is the standard minimum security level for
true business on the Internet. SSL works by using
a private key to encrypt data that is transferred
over the SSL connection. To read more about what
is SSL and how it works, go to http://www.modssl.org/docs/2.8/index.html
You can secure transfer of the confidential
data on your site through:
Using
the Key and Certificate You Already Have
SSL requires a dedicated IP (which
cost extra), because name-based hosting does not
support data encryption in HTTP requests. To enable
SSL, do the following:
- Click SSL on your control panel home
page.
- Enable SSL for the domain in the list.
- Agree to charges, if any.
- Enter the SSL Server Private Key and SSL Certificate
in the boxes that appear:
- In the Site Name field, choose whether
you want to secure with or without the www
prefix. Only one option will work correctly.
For instance, if you choose to secure http://www.domain.com,
your visitors will get security warnings when
they go to http://domain.com.
- Click Submit. Now your site is secured.
Creating
a Temporary Certificate
The only difference between temporary
and permanent certificates is that temporary certificates
are generated by your control panel, not trusted
Certificate Authorities. Thus, when visitors enter
your site, they will get the "unknown certification
authority" warning window.
To generate a new temporary SSL private
key and certificate, do the following:
- Click SSL on your control panel home
page.
- Enable SSL for the domain in the list.
- Agree to charges, if any.
- Click the link at the top of the form that
appears.
- On the page that appears, confirm your details
by clicking the Submit button:
These data will be used to generate the certificate.
Don't make changes to the data if you are not
sure about the purpose of these changes.
- Follow instructions that appear at the top
of the next page.
-
SSL Certificate Signing
request. It includes the details that
you submitted on the previous step. Use
this request if you want to get a permanent
SSL certificate from a trusted Certificate
Authority, such as
Thawte
and
VeriSign
(see
below).
-
SSL Server Private Key.
This is the secret key to decrypt messages
from your visitors. It must be stored
in a secure place where it is inaccessible
to others. Don't lose this key, you will
need it if you get a permanent certificate.
-
Temporary SSL Certificate.
It validates your identity and confirms
the public key to assure the visitors
that they are communicating with your
server, not any other party.
Acquiring
a Permanent Certificate
To get a permanent certificate, do
the following:
- Generate a temporary SSL certificate (see
above).
- Copy the signing request and private key for
later use.
- Go to Thawte,
VeriSign,
or any other Certificate Authority and choose
to get a new certificate. When requested, enter
the signing request that you have saved.
- After the permanent SSL Certificate has been
generated, save it to a secure location.
- Click SSL on your control panel home
page.
- Go to the Web Service page and click
the Edit icon in the SSL field.
- Enter the certificate into the upper box of
the form that opens and click Upload:
Note: For Equifax, also enter the certificate
authority file; for COMODO.NET, also enter the
rootchain certificate (Certificate Chain File).
- Now you can use the sertificate jointly with
the private key you have saved.
