|
SSL
- What
is SSL?
- How
does SSL work?
- How
do I add this feature?
What is SSL?
Secure Socket Layers provide a means for submitting encrypted
data via the web. SSL works based upon a public key / certificate
system. As data is transmitted it is encrypted into 40 bit encryption
and the web server then decrypts the data once it is transmitted.
In the rare occasion that the data was stolen during the transmission
process the only data that they would be would be encrypted
which means that viewing it would show nothing but letters,
numbers, and symbols randomly mixed.
How does SSL work?
In order for this process to work without many warning messages
from IE and Netscape about possible security hazards a certificate
must be obtained from a trusted source. Certificates are good
for one domain name, although 'wildcard' certificates are available
for sub-domain type certificates. For example, we use "*.bhg-host.com"
wildcard certificates for each of our Virtual Servers.
We
use Thawte for purchasing our own and our customers certificates,
although there are others on the market.
How do I add this feature?
BHG-HOST has added a secure certificate to all of our Virtual
Servers that is free for any account on the server to use.
Using the feature is just a matter of using the secure link
to the web page you want secured. For example, if you want a
secure link to your home page and it is on our server 'nitro',
you would use the following URL to link to your index page:
https://secure.bhg-host.com/~username.
Your welcome e-mail should have the link to use for the server
you are on. Or you can visit our server page to find the URL
for each of our servers at www.bhg-host.com/serverinfo.html.
If you would like to have your own certificate installed so
that customers can navigate your site via https://www.yourdomain.com,
you will have to purchase your own certificate. For Virtual
Accounts, you will need to request us to generate a key and
install it on the server. Dedicated Server customers can use
their WebHost Manager or Plesk system to generate the key.
Once the key is generated, you will need to request the certificate
from a trusted source, e.g. Thawte or VeriSign.
We do charge a fee for installing the certificate. We can also
handle the purchase of your certificate and installation for
you.
++++++++++++++++++++++++++++
What is
SSL?
SSL (Secured Socket Layer), is used for sending and receiving sensitive
information such as Credit Card information across the World Wide
Web. It ensures encrypted/secure communications between the client
and receiving server. The SSL protocol supports the use of a variety
of different cryptographic algorithms, or ciphers, and most of which
provide 40, 56, or 128 bit encryption security.
Key-exchange algorithms like KEA and RSA key exchange govern the
way in which the server and client determine the symmetric keys
they will both use during an SSL session. The most commonly used
SSL cipher suites use "RSA" key exchange, which many of
you have probably seen displayed on numerous websites, and next
to a provider called "Thawte", who issues the SSL Server
Certificates. A certificate is used to officially identify you as
a legitimate SSL enabled website, and displays your name as the
certified holder when visitors check it.
When to
use SSL:
SSL is not generally, nor should it be used for all pages on a website.
SSL is most commonly used for the sending and receiving of sensitive
information such as credit cards, membership ID's, or customer billing
information access. SSL need only be used on the "particular"
page where the secure activity is taking place. ALWAYS use
SSL when asking for credit card information. If visitors do not
observe the https// appearing on the form URL, and the "SSL
Symbol", does not illuminate in their browser, they won't be
doing a whole lot of business with you. No one wants his or her
credit card information intercepted and stolen as the result of
a site not using SSL encryption!
SSL Usage:
There are two different ways of using SSL. The two are essentially
the same, however one will display "VenturesOnline" as
the certificate holder, and the other, (which you must purchase)
displays "your company" as the certificate holder. Essentially,
when visitors click on an SSL enabled page, they receive a message
that displays information about the owner of the SSL certificate.
In most cases, e-commerce based websites would prefer to have 'their'
name appear as the holder because it maintains a professional appearance.
Alternatively, and if it matters not, you could simply use our default
SSL server, however visitors will see "VenturesOnline"
as the owner of the certificate. We'll explain how to obtain your
own certificate later in this document.
Calling a page via SSL:
All of our web hosting packages are SSL enabled. Use of our "default"
SSL system is included in your account package. Each server has
an individual secure certificate installed. An example to call a
page using SSL, simply enter https://securen.vosn.net/~username/anypage.html
(n=see server list for correct
URL for the server your site is on), and a prompt may appear, which
states "Security Alert." (Security Alert display is set
within your own individual browser, so may not always display).
It also provides information on whether the certificate is valid
or not, as well as ability to view the "certificates ownership
information." Go ahead, to see what we mean, give it a try
here: https://bhg-host.com/
. The certificate does not match the site and unless you have turned
off this feature in your browser, you should receive a message because
the www is missing and the www is included in the certificate. Now
try https://www.bhg-host.com/.
If you click on "View Certificate",
you'll observe VenturesOnline, as being the certified holder of
it. When you click "Yes" to proceed, the page will appear,
and you'll also observe a "Small Lock" symbol appearing
in the bottom of your browser (left for Netscape, right for Internet
Explorer). This is to verify that you are now officially in SSL
secure transaction mode. At this point, any information sent or
received from this page is encrypted between you and our server.
Secure Certificate
Name by Virtual Server (replace username with your account
username):
| Server
Name |
URL |
| ventures: |
https://secure.vosn.net/~username |
| victory: |
https://secure1.vosn.net/~username |
| gamble: |
https://secure2.vosn.net/~username |
| nitro: |
https://secure3.vosn.net/~username |
Obtaining
your own SSL certificate:
Note:
Please make sure the package you are on
includes having your own SSL in the features.
You can go directly to the Thawte website
(http://www.thawte.com),
or for a small fee, have our tech support set it up for you. Setting
up your own SSL certificate can be can be a little tricky for those
new to website administration. If you'd prefer to have us look after
these technical details, please log a Help
Desk ticket to make your request. To ensure your request will
be processed as quickly as possible, please include the following
information:
1)
The URL for the certificate:
This would be the URL you want secured, i.e. www.yourdomain.com
or secure.yourdomain.com. As you can see, you have the option of
simply enabling the certificate throughout your global domain, or
perhaps you're planning to place your e-commerce pages into a "dedicated
area" of your site. In this case, you may want to have your
secure payment form appear under a URL such as secure.yourdomain.com,
or something else of your liking.
2) Company Name:
3)
Company Division: (if this is not part of a company division, we'll
default it to your "Administration name."
4) Contact Name: (a
contact name with the company)
5) E-mail: (an email
address, generally for the above contact name)
6) Company Address:
7) Phone Number:
- In
addition to this information, we need:
- A copy of the Assumed Business Name and/or Corporate Registration
papers. We ask that you fax this information to us at 503-905-5314.
These "must" match your domain registrations (whois) to
avoid delays. We in turn fax that to Thawte when we submit the certification
request.
Because the legitimacy of any company seeking their own SSL certificate
must be 100% verified, it can take Thawte anywhere from 1 day to
2 weeks to issue the certificate. All the more reason why you'll
want to make sure the information you submit is 100% accurate, otherwise
this could result in an unnecessary delays.
|
|
