Copyright © Tank Software
| Revision History | ||
|---|---|---|
| Revision 1.0 | 01 May 2003 | Revised by: WD |
| First Version | ||
This document describes how you can setup an internet site which can accept secure connections using Secure Socket Layer (SSL).
If you want users to be able to access a section of your site with sensitive information that requires some sort of encrypted connection, this is a cheap yet effective way of doing it. Basically if you havn't heard of SSL you probably do not want it :)
To get a company like InstantSSL to give you a cert, you first need the software on the server to generate what is called a Certifiacte Signing Request (CSR). To do this you will most likley need to contact your hosting providor and ask for one. They will need the following information so providing it first up may save some time:
It is imperitive you get this information correct as it is what your clients will see if they look at the cert. Once you buy the cert it can't be changed.
Once you give them this information, you should be issued a CSR and a Private Key. The private key is simply for your records and allows you to use the cert on a different server (so if you don't get it - ask for it!).
You will also need to ask what software the server is running, eg "Apache". You will also need to know what software was used to generate the CSR, eg "Apache-Modssl". Those two combinations are one of the more popular ones. Find this info out when you ask your host for the CSR to save time
You must decide what the URL will look like of your secure site. For example if you have the site: "www.soonji.com" which is normally accessed by http://www.soonji.com you could have the secure part of it "https://www.soonji.com" or say "https://secure.soonji.com". But you can only have one (unless you get a fancy wildcard cert which you probably don't want due to the cost).
Now you should have enough information to purchase a cert. Goto your favourite vendor and purchase one. They should email you with both your cert and those of the CA (the Certificate Authority) who is the entity that actually creates the cert for you. Note it may take a while for them to issue it as they first have to confirm your identity. If they don't confirm it then they are not as trustworthy and your cert isn't quite as good, but that is a topic for another day.
Now you have your cert, you should also have instructions on how to install it. Give these instructions to your hosting providor along with any and all certificates that were given to you. They should then be able to install it.
Testing your site. Simply goto "https://secure.soonji.com" where "secure.soonji.com" is the domain you registered the cert for. If you see a padlock down the bottom right then it worked fully. You should see some of your files their depending on your server setup. If you get a warning message then there may have been a problem as your cert is untrusted by the browser (this may happen too if you don't purchase it from a proper CA). If you can't see anything or get an error then it probably did not work.