|
FAQ - SSL (Secure Socket Layer) Security
The information that is transferred between your Web server and a person visiting your Web site may pass through many different computers as it crosses the Internet. As a result, it is possible that someone will attempt to intercept this information. Even if you are not personally worried about this threat (it is actually quite rare), visitors to your Web site may be very concerned. Therefore, in cases where you are transmitting sensitive information, we recommend you use the Secure Socket Layer (SSL) protocol with your HTTP service.
SSL is an industry-standard way of passing sensitive information between computers. It is often used to securely transfer credit card numbers and other sensitive information across the Internet. Because Netscape developed it, SSL is frequently referred to as Netscape Encryption.
You can add SSL for a one-time setup fee of $50 and for some packages, a $10/mon. fee. Both Netscape Navigator and Internet Explorer support SSL.
Before you can run SSL on your Web server, you must first purchase a Digital ID (also known as a Digital Certificate) from a certificate authority such as VeriSign or Thawte. This chapter discusses how to obtain a Digital Certificate from VeriSign or Thawte, how to install it on your Web server, and how to access your Web server in secure mode.
What is a Digital Certificate?
A Digital Certificate, or Digital ID, is the electronic equivalent to a driver's license, passport, or membership card. It can be presented electronically to prove your identity, or to validate your right to access private information or services online.
Digital IDs bind a person's or a computer's identity to a pair of electronic keys. These keys can be used to encrypt and digitally "sign" information to prove its authenticity. A Digital ID makes it possible to verify someone's claim that they have the right to use a particular key, and helps prevent people from using false identities or keys to impersonate other users. Used in conjunction with SSL encryption, Digital IDs provide a complete security solution, assuring the identity of all parties involved in an online transaction.
For more information about how Digital IDs work, take a look at VeriSign's FAQ at the following URL:
Using 1stNation's Digital Certificate
If you don't want to purchase your own Digital Certificate, you can use the one that belongs to 1st NT or you can have us generate a "Generic certificate". Using our Digital Certificate or a "Generic" Certificate will save you the cost of purchasing your own.
Using a "generic" certificate does not compromise the security of your transaction; however, if the domain name to which the Digital ID is issued does not trace to a Registered Agency, a warning message appears that could potentially scare away customers. This warning simply states the status of the certificate. Again, the transaction is secure; the warning simply informs the visitor that the registration is not registered. Because many visitors become concerned by "any" warning messages, , we recommend using a "registered" certificate.
When you request that SSL be placed on your site, we will request which method you require.
If you are using our certificate, a sub-web will be provided at https://ssl.1stnation.com/yourdomain for you to use. No warning messages will show up.
If you wish a "generic certificate", we will setup https://www.yourdomain.com for you.
If you wish a "Registered Certificate", we will install it for you after you purchase it.
Obtaining Your Own Digital Certificate
IMPORTANT NOTE: We can only install Digital Certificates for the principal NT domain. Digital Certificates cannot be installed for virtual hosts. If you need a Digital Certificate for a virtual host and you do not wish to use the certificate of the main domain, you should upgrade the virtual host to its own domain.
We recommend that you purchase your certificate from either VeriSign or Thawte.
VeriSign Certificate
VeriSign is one of the oldest and largest providers of Digital IDs on the Internet. The majority of secure Web sites prefer to use VeriSign IDs. For more information on VeriSign and their products, visit their Web site at http://www.verisign.com/.
Ordering a Digital Certificate from VeriSign
This section describes the four basic steps to obtain your own Digital Certificate as quickly as possible.
Currently, certificates issued by VeriSign cost $349 and are valid for one year. Renewals currently cost $249 per year. VeriSign's prices are subject to change, so check their Web site for up-to-date pricing.
Step 1: Request a Certificate from VeriSign
To simplify the process of requesting a Digital Certificate from VeriSign, we have created a form that you can send to us via email. Follow these steps to submit the following Certificate Generation Request to us so that we can forward the information to VeriSign:
- Fill out the following Certificate Generation Request form.
- Cut and paste everything between the (---Cut Here---) lines into an email message.
- Type the following into the Subject line of the email message:
Certificate Generation Request for .
- Send the email message, including the above Subject line, to admin@1stnation.com
After receiving this form, 1st NT will produce a Digital ID request and forward it to VeriSign.
------------ Cut Here ------------------
I have submitted to VeriSign the authorization letter and now would
like 1st NT to generate a certificate request for the following:
Country Name:
State or Province:
City or Locality:
Organization Name:
Department Name:
Common Name:
Webmaster email:
Domain Name:
Webmaster Phone:
Server Name:
Login Name:
Domain Name:
IP Number:
Webmaster Name:
email contact:
------------ Cut Here ------------------
Step 2: Check the Verification Message for Accuracy
After receiving the Digital ID request, VeriSign sends a verification message back to 1st NT. We then forward a copy of that message back to you. A very important part of that message is an encrypted UIN tracking request that looks something like the following:
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBJTCB0AIBADBtMQswCQYDVQQGEwJVUzEQMA4GA1UEChs4lBMHQXJpem9 uYTEN
1UEBxMETWVzYTEfMB0GA1UEChMWTWVs3XbnzYSBDb21tdW5pdHkgQ29sb GVnZTE
A1UEAxMTd3d3Lm1jLm1hcmljb3BhLmVkdTBaMA0GCSqGSIb3DQEBAQUAA0k AMEYC
QQDRNU6xslWjG41163gArsj/P108sFmjkjzMuUUFYbmtZX4RFxf/U7cZZdMagz 4I
MmY0F9cdpDLTAutULTsZKDcLAgEDoAAwDQYJKoZIhvcNAQEEBQADQQAjIFpTL gfm
BVhc9SQaip5SFNXtzAmhYzvJkt5JJ4X2r7VJYG3J0vauJ5VkjXz9aevJ8dzx37ir
3P4XpZ+NFxK1R=
-----END NEW CERTIFICATE REQUEST-----
In addition to the tracking request, the verification message contains the information you provided about yourself, which you should check for accuracy. If an error is found, you should repeat Steps 1 and 2.
Step 3: Send an Authorization Letter to VeriSign
After you receive the verification message, you need to visit VeriSign's Web site at the following URL:
In this form there is a box where you should enter the UIN tracking section of the verification message that you received. Copy and paste the entire UIN tracking information from the email you received (it should look like the example shown in Step 2) and paste it into this form, then press Continue. This will take you to VeriSign's Enrollment Form. Complete the form, choosing "Stronghold" in the Server Software selection. You will also be asked to provide a challenge phrase. This phrase is a type of password that will allow you to make changes to your Digital ID, request a lost key pair, or anything else that requires proof that you are the one responsible for the ID. Do not forget the challenge phrase that you choose to enter. No one, including 1st NT and VeriSign, will know what this phrase is, so we will not be able to assist in any way if you forget this phrase.
After filling out all the information, your completed Authorization Letter will appear on the screen. Please review this letter for accuracy. If everything is correct, press "AGREE." This finalizes the sign-up process. VeriSign will then send an email message back to you containing a personal identification number (PIN). Use this PIN in all correspondence with VeriSign concerning the processing of your Digital ID.
Step 4: Notify Us when You Receive Your Key Pairs
Once you have submitted your authorization letter to VeriSign, you can expect a waiting period of up to three weeks while VeriSign generates your secure key pairs. Please contact VeriSign directly if you have concerns or questions about this process.
When the key pair generation process is complete, VeriSign will send you a Secure Key in an email message. Forward a copy of this email message to admin@1stnation.com so that we can install the certificate on your Web server. Please allow 2 business days (48 hours) for the certificate installation.
Contacting VeriSign
Key pair generation can take up to three weeks, so it is completely normal to not hear anything from VeriSign for awhile. If you need to check on the status of your Secure Key generation, please call VeriSign directly by phone at (415) 961-8820. Tell the operator that you are "following up on the status of a certificate request" and be prepared to provide the PIN number they gave you. You can also contact VeriSign via email at support@verisign.com.
Please note that once you have sent the authorization letter to VeriSign, there is absolutely nothing that we can do to expedite the key generation process. If a certificate request has been generated and you have been provided with a PIN from VeriSign, please contact them directly with any questions regarding your certificate.
Thawte Certificate
This section describes the four basic steps to obtain your own Digital Certificate from Thawte.
Currently, certificates issued by Thawte cost $125 and are valid for one year. Renewals currently cost $100 per year. Thawte's prices are subject to change, so check their Web site at http://www.thawte.com/pricing.htmlfor up-to-date pricing.
For more information on Thawte and their products, visit their Web site at http://www.thawte.com/.
Step 1: Request a Certificate from Thawte
To simplify the process of requesting a Digital Certificate from Thawte, we have created a form that you can send to us via email.
Follow these steps to submit the following Certificate Generation Request to us so that we can forward the information to Thawte:
- Fill out the following Certificate Generation Request form.
- Cut and paste everything between the (---Cut Here---) lines into an email message.
- Type the following into the Subject line of the email message:
Certificate Generation Request for <www.yourcompany.com>.
- Send the email message, including the above Subject line, to admin@1stnation.com
After receiving this form, we will produce a Digital ID request and forward it to Thawte.
------------ Cut Here ------------------
I have submitted to Thawte the authorization letter and now would
like 1st NT to generate a certificate request for the following:
Country Name:
State or Province: <Full State Name Required>
City or Locality:
Organization Name:
Department Name:
Common Name: <The domain name whose URL you want to install SSL on>
Webmaster email:
Domain Name:
Webmaster Phone:
Server Name: <Leave Blank>
Login Name:
Domain Name:
IP Number:
Webmaster Name:
email contact: <This should be the reseller email address if you are a reseller, or your own email address if you have your own virtual server>
------------ Cut Here ------------------
Step 2: Check the Verification Message for Accuracy
After receiving the Digital ID request, Thawte sends a verification message back to 1st NT. We then forward a copy of that message back to you. A very important part of that message is an encrypted UIN tracking request that looks something like the following:
-----BEGIN NEW CERTIFICATE REQUEST-----
FMCB0AIBADBiuytMQswCQYDVQQGEwJVUzEQMA4GA1UEChs4lBMHQXJpem9u YTEN
UxMETWVzYTEfMkjB0GA1UEChMWTWVs3XbnzYSBDb21tdW5pdHkgQ29sbGV nZTE
1UEAxMTdljk3d3Lm1jLm1hcmljb3BhLmVkdTBaMA0GCSqGSIb3DQEBAQUAA0 kAMEYC
;oiuoiDRNU6xslWjG41163gArsj/P108sFmjkjzMuUUFYbmtZX4RFxf/U7cZZdMa gz4I
MmY0F9cdpDLTAutULTsZKDcLAgEDoAAwDQYJKoZIhvcNAQEEBQADQQAjIFpTL gfm
BVhc9SQaip5SFNXtzAmhYzvJkt5JJ4X2r7VJYG3J0vauJ5VkjXz9aevJ8dzx37ir
3P4XpZ+NFxK1R=
-----END NEW CERTIFICATE REQUEST-----
In addition to the tracking request, the verification message contains the information you provided about yourself. You should verify this information for accuracy. If an error is found, you should repeat Steps 1 and 2.
Step 3: Send an Authorization Letter to Thawte
After you receive the verification message, you need to visit Thawte's Web site:
In this form there is a box where you should enter the UIN tracking section of the verification message that you received. Copy and paste the entire UIN tracking information from the email you received, just like the example shown in Step 2, and paste it into this form, then press Continue. This will take you to Thawte's Enrollment Form.
After filling out all the information, your completed Authorization Letter will appear on the screen. Please review this letter for accuracy. If everything is correct, press "AGREE." This finalizes the sign-up process. Thawte will then send an email message back to you containing a personal identification number (PIN). Use this PIN in all correspondence with Thawte concerning the processing of your Digital ID.
Step 4: Notify Us when You Receive Your Key Pairs
Once you have submitted your authorization letter to Thawte, you can expect a waiting period of up to three weeks while Thawte generates your secure key pairs. Please contact Thawte directly if you have concerns or questions about this process.
When the key pair generation process is complete, Thawte will send you a Secure Key in an email message. Forward a copy of this email message to admin@1stnation.com so that we can install the certificate on your Web server. Please allow 2 business days (48 hours) for the certificate installation.
Renewing Your Digital Certificate
Digital Certificates obtained through VeriSign or Thawte are issued for a period of one year. Prior to the end of that period, you will be reminded by your Certification Authority that you need to renew your certificate.
The process of renewing a certificate is identical to the process of obtaining a new one. To renew your certificate through VeriSign or Thawte, follow the instructions for Obtaining a Digital Certificate as outlined for either VeriSign or Thawte.
Using SSL: The HTTPS Protocol
Once your Digital Certificate is installed on your Web server, you will be able to connect to your Web server using the HTTPS protocol on an SSL-enabled Web browser such as Netscape Navigator or Microsoft Internet Explorer. Any file that is transmitted from your Web server to a Web browser using the HTTPS protocol is considered secure.
The only difference between the addresses is the protocol (http vs. https). However, only the URL using the https protocol would be considered secure. Whenever you want to link to a page from within your Web site, and you want that page to be transferred in secure mode, be sure to use the https protocol.
Frequently Asked Questions About SSL
What is SSL (Netscape encryption)?
As an add-on feature, VServers offers Secure Socket Layer (SSL), also referred to as "Netscape encryption." SSL allows a Web browser to securely communicate with your VServer NT through an encrypted session. SSL is often used to transfer credit card numbers and other sensitive information.
What does a Digital Certificate do?
A server uses a Digital Certificate to prove its authenticity. The Digital Certificate establishes a legal relationship between a legitimate company and their Web site.
What is the cost for SSL?
The prices vary depending on which service provider you choose. Currently, the cost of purchasing a Digital Certificate from VeriSign is $349 for the first year and $249 for each year thereafter. For Thawte, the cost is $125 for the first year and $100 for each year thereafter. Because their prices are subject to change, you should visit these service providers' Web sites for up-to-date pricing:
VeriSign Pricing: http://www.verisign.com/products/site/pricing.html
Thawte Pricing: http://www.thawte.com/pricing.html
In addition, we charge a one-time $50 setup fee and $10/mon. for installing SSL on your site.
I use SSL encryption on a NT-00 package?
No. SSL can only be used on accounts that have IP addresses.
Can I order SSL encryption after my server has been setup?
Yes. SSL can be added to your NT site at any time.
How long does it take to set up SSL encryption?
SSL can be ordered anytime. Until a new Digital Certificate is received, you do not have https capability.
What additional information will VServers need to setup encryption?
To add encryption, 1st NT only needs the DNS name associated with the virtual server. You will need to provide directly to VeriSign additional documentation for ordering the Digital Certificate.
Can I transfer my certificate over from another provider?
If your certificate was generated on the Stronghold software, we may be able to install it for you; however, we cannot guarantee that it will work. If you have a copy or backup of your certificate, we can probably import it.
In some cases, you will have to go to your certificate issuing authority and have the certificate re-issued for a fee.
What information will I need to provide to VeriSign to get a certificate?
To purchase a certificate from VeriSign, you must provide to them a signed copy of either a business license or articles of incorporation. You must also supply a signed copy of the VeriSign Web masters form letter. More information about Digital Certificates is available at URL http://www.VeriSign.com.
What is a Challenge Phrase?
VeriSign requires you to enter a Challenge Phrase, which is used like a password for future actions against your Digital ID. For example, if you lose your key pair, or your Digital ID is otherwise compromised, you must provide your Challenge Phrase to the Digital ID Center to verify that you are authorized to request revocation of the Digital ID. Choose a Challenge Phrase that will be easy for you to remember but hard for someone else to guess. Neither VeriSign nor 1st NT will have access to your Challenge Phrase, so you must remember it. You will need this phrase later if you wish to revoke your certificate.
What if I want additional licenses/certificates for other Web sites I support?
You can only use the same license for multiple sites if the domain name is registered to your company. In this case, you need to pay only the yearly renewal fee ($249 for VeriSign, $100 for Thawte).
How do I order a Digital Certificate?
To avoid potential problems, it is best to coordinate ordering certificates with us. Certificate processing takes up to 2-3 weeks.
How do I activate SSL?
In order to activate SSL, simply change the URL to read "https" instead of "http." For example:
"https://www.mydomain.com"
|
