SSL Quick Help Guide:

What is SSL?

SSL is an extension for Internet protocols that allows to open a secure channel between two computers. Most often you would here about HTTPS - Web extensions based on SSL. When web site uses SSL Extensions for Security Transactions between your web browser and a web server, information passed to and from the server is encrypted. This prevents criminals from snooping on your web session, thus making sure important information (like credit card numbers) does not get into the wrong hands. This is, of course, very important for online sales and bank transactions, and even so referring site may also offer choice of using non-SSL, unsecured forms, your should upgrading your web browser (AOL users - download Netscape!) or downloading latest version of Microsoft Explorer or Netscape Navigator.

What is the difference between 40bit and 128bit browsers?

In short, 128bit version is more secure, in fact, it is unbreakable by current computers (it would take thousands of years to break 128bit encrypted message even if all computers in the world work together). However since SSL technology in general and both Microsoft Explorer and Netscape Navigator were developed in the USA, by current U.S. laws, products using advanced encryption technology (higher than 40bit encryption key) can not be exported outside the United States (except to Canada). Browsers with 40bit SSL support, while a little faster on decryption/encryption have a problem since 40bit encrypted messages can be broken. Thus if you are a citizen or permanent resident of the United States or a citizen of Canada, you should obtain more secure 128bit version of your browser.

Note: If you are using Windows NT Workstations or Server 4.0, you should contact Microsoft to obtain 128bit version of ServicePack3, this is because Windows NT has built in security subsystem, which browsers use instead of built-in functions.

How to setup SSL for your Web Site?

 
  If you own or administer a web server, SSL setup will depend on what web server software and operating you are using, most major web servers, such as Apache, Netscape FastTrack Server or Microsoft Information Server either already come SSL ready or have SSL extensions. Enabling SSL is different for each server, we will only cover here major topics:
  1. SSL Web Protocol (HTTPS), like most other public encryption algorithms uses two part key: one is private, that you keep hidden on the server, another part is used to create a request for SSL certificate. This request is then sent to a Certification Authority, which can then issue you a permanent (for one year) certificate. How to create this key depends on your server software, but will usually be an operation like "Create New Certificate Request"
  2. After Certificate Authority company receives and processes your request, it would create an SSL certificate for your server. This certificate also incorporates their special key, usually called CA signature. A browser will then check this signature with a special root CA certificate for that Certificate Authority, which browser has in its database, thus it is necessary for a web user to first download server's certificate to his or her borrower's database before it is possible to view this site. Some browsers, like Netscape will allow you to process without downloading a servers root CA certificate but will give you a warning each time you access that site.
  3. Browsers usually come with a number of root CA for several certificate authorities, but so far the only Certificate Authority common to both Netscape Navigator and Microsoft Explorer is the SSLCA.
  4. Many of the SSL Web Servers also come with or can be extended so that you could run your own certificate services. If you are a large corporation which plans to use ssl for Intranet you should consider this solution and delegate one server as a CA server for your entire company. The other alternative are, so called, self signed SSL certificates, but they are very limited, for example Microsoft Explorer can not use them.
  5. After you have received a signed SSL certificate from your Certificate Authority (or created self-signed certificate) you can use it in combination with your private key to provide SSL security for your web site. The particular setup depends on your server, but it is usually very similar to creating a virtual domain or separate web server on different port (in fact, your ssl server, https, will use port 443). Most web servers allow you to run both http and https servers as the same service (task, process), this is ok if only a small portion of a web site uses SSL security, however if most of your site is being accessed using SSL, you should configure to run two separate server processes for http and https.
  6. When you finished configuring SSL server and have verified that SSL is indeed working, you will need to change all references to the portion of the site you wish to have protected by SSL, so that http reference URLs become https. Also make sure that all browsers in your organization are upgraded to the version that supports SSL and https urls.
 
© 1998-2009 SSLCA, All rights reserved.
SSLCA in partnership with DWHS Inc. website hosting