SSL (Secured Socket Layer)
What is SSL?
SSL (Secured Socket Layer), is used for sending and receiving sensitive
information such as Credit Card information across the World Wide Web. It
ensures encrypted/secure communications between the client and receiving
server. The SSL protocol supports the use of a variety of different
cryptographic algorithms, or ciphers, and most of which provide 40, 56, or
128 bit encryption security.
Key-exchange algorithms like KEA and RSA key exchange govern the way in
which the server and client determine the symmetric keys they will both use
during an SSL session. The most commonly used SSL cipher suites use "RSA"
key exchange, which many of you have probably seen displayed on numerous
websites, and next to a provider called "Thawte", who issues the SSL Server
Certificates. A certificate is used to officially identify you as a
legitimate SSL enabled website, and displays your name as the certified
holder when visitors check it.
When to use SSL
SSL is not generally, nor should it be used for all pages on a website. SSL
is most commonly used for the sending and receiving of sensitive information
such as credit cards, membership ID's, or customer billing information
access. SSL need only be used on the "particular" page where the secure
activity is taking place. ALWAYS use SSL when asking for credit card
information. If visitors do not observe the https// appearing on the form
URL, and the "SSL Symbol", does not illuminate in their browser, they won't
be doing a whole lot of business with you. No one wants his or her credit
card information intercepted and stolen as the result of a site not using
SSL encryption!
SSL Usage:
There are two different ways of using SSL. The two are essentially the same,
however one will display your hosting company as the certificate holder, and
the other, (which you must purchase) displays "your company" as the
certificate holder. Essentially, when visitors click on an SSL enabled page,
they receive a message that displays information about the owner of the SSL
certificate. In most cases, e-commerce based websites would prefer to have
'their' name appear as the holder because it maintains a professional
appearance. Alternatively, and if it matters not, you could simply use our
default SSL server, however visitors will see your hosting comapny as the
owner of the certificate. We'll explain how to obtain your own certificate
later in this document.
Calling a page via SSL:
Our system is very simple to use:
Call your page as follows..
https://your_ip_number/~your_user_name/your_file_name.html
If you do not know your ip number/username simply email
support@1st Host Web.com with your domain name and they will look it up
for you.
We use the IP number to call your pages so that your users do not see the
name of the hosting company in your url.
All of our web hosting packages are SSL enabled. Use of our "default" SSL
system is included in your account package. Each server has an individual
secure certificate installed. A prompt may appear, which states "Security
Alert." (Security Alert display is set within your own individual browser,
so may not always display) when the page is accessed by users. It provides
information on whether the certificate is valid or not, as well as ability
to view the "certificates ownership information."
If you click on "View Certificate", you'll observe your hosting company
as being the certified holder of it. When you click "Yes" to proceed, the
page will appear, and you'll also observe a "Small Lock" symbol appearing in
the bottom of your browser (left for Netscape, right for Internet Explorer).
This is to verify that you are now officially in SSL secure transaction
mode. At this point, any information sent or received from this page is
encrypted between you and our server.
If you are planning to do significant credit card business on your
website we strongly recommend obtaining your own certificate, as potential
customers may be uncomfortable providing their credit card information to an
online business that does not have it's own certification.
If you need further information please contact
support@1st Host Web.com
Obtaining your own SSL
certificate:
You can go directly to the Thawte website
(http://www.thawte.com/),
or for a small fee, have our tech support set it up for you.
Setting up your own SSL certificate can be can be a little
tricky for those new to website administration. If you'd prefer to have us
look after these technical details, please make your request. To ensure your
request will be processed as quickly as possible, please include the
following information:
1) The URL for the certificate:
This would be the URL you want secured, i.e. www.yourdomain.com or
secure.yourdomain.com.
As you can see, you have the option of simply enabling the
certificate throughout your global domain, or perhaps you're planning to
place your e-commerce pages into a "dedicated area" of your site. In this
case, you may want to have your secure payment form appear under a URL such
as secure.yourdomain.com, or something else of your liking.
2) Company Name:
3) Company Division: (if this is not part
of a company division, we'll default it to your "Administration name."
4) Contact Name: (a contact name with the company)
5) E-mail: (an email address, generally for the above
contact name)
6) Company Address:
7) Phone Number:
- In addition to this information, we need:
- A copy of the Assumed Business Name and/or Corporate Registration papers.
We ask that you fax this information to us at 413-451-0534. These "must"
match your domain registrations (whois) to avoid delays. We in turn fax that
to Thawte when we submit the certification request.
Because the legitimacy of any company seeking their own SSL certificate must
be 100% verified, it can take Thawte anywhere from 1 day to 2 weeks to issue
the certificate. All the more reason why you'll want to make sure the
information you submit is 100% accurate, otherwise this could result in an
unnecessary delays.
Free HTML
Tutorials
Questions? Just E-mail!