Thread: Secure your website .
View Single Post
  #5 (permalink)  
Old 07-23-2007, 12:48 AM
Thesa's Avatar
Thesa Thesa is offline
AffiliateBOTster
  
Join Date: May 2007
Posts: 102
Thesa is on a distinguished road
Default More on SSL
Checklist for choosing: SSL Certificate Vendor/Certificate Authority (CA)

1) Reputation, credibility of CA (their business and clients), whether the root is available in all popular browsers

2) The ownership of root (whether owned by CA and not chained to someone else's root)
Either own/have Trusted Root in most browsers which are expensive and recognized.
In IE, these CAs seen here -- Tools-> Internet Options, select Content tab, click Certificates, select Trusted Root Certification Authorities tab. A dialog box presenting a list of these CAs (can examine them on double clicking)

If not have above, should have a Chaining Certificate that links whatever they sell to clients with a trusted root (128 bit and as secure as above, but lesser known)
3) The management of certificate (whether easy to install and acquire, renew, revoke etc.), who shall do the examination (CA itself or do they delegate to their resellers?)


Requirements for running SSL on a server

- Require a web server that is capable of running SSL.

- To be able to access the SSL configuration functions of the web server.

- Require a Certificate Signing Request (CSR).

Installation:

Refer to the hosting company and CA providing the Certificate.


Setting up of SSL Certificates

- Certificate encrypts data precisely- www.yourdomain.com is different from yourdomain.com. Thus, to ensure that CSR is raised with correct and full name of domain to be encrypted.

- Send CSR to certificate issuer who shall examine and inform administrator of domain who shall then acknowledge the mail from the issuer and okay the SSL.

- Now, issuer will raise a SSL cert and send it to administrator. If using a chaining issuer they shall send a chain certificate also.

- The above is now sent to the host who will install as follows:
SSL cert, installed in a directory on server along with chaining certificate if applicable. The key generated in step 2 above is also installed.

Next, configure files of Server (Apache) to include statements that shall inform server that site has SSL encryption certification.
Reply With Quote