For Apache Webserver
Why you need security for your website
The Internet has created many new
global business opportunities for enterprises conducting online commerce. However, the
many security risks associated with conducting e-commerce have resulted in security becoming
a major factor for online success or failure. Over the past 7 years, consumer magazines,
industry bodies and security providers have educated the market on the basics of online
security. The majority of consumers now expect security to be integrated into any online
service they use, as a result they expect any details they provide via the Internet to
remain confidential and integral. For many customers, the only time they will ever consider
buying your products or services online is when they are satisfied their details are secure.
This guide explains how you can utilize InstantSSL to activate the core security
technology available on your existing webserver. You will also learn how InstantSSL allows
you to protect your customer's transactions and provide visitors with proof of your digital
identity - essential factors in gaining confidence in your services and identity.
Using InstantSSL Certificates to secure your online transactions tells your customers
you take their security seriously. They will visibly see that their online transaction will
be secure, confidential and integral and give them the confidence that you have removed
the risk associated with trading over the Internet.
Using Security helps you realize the benefits of online commerce: " Cost
effectiveness of online operations and delivery
" Open global markets - gain customers
from all over the world
" New and exciting ways of marketing directly to your customers
" Offer new data products and services via the Web Only if you have visibly
secured your site with SSL security technology will your customers have confidence in your
online operations. Read on to learn how SSL helps you achieve the confidence essential to
successful e-commerce.
What is SSL? Secure Sockets Layer, SSL, is the standard security technology
for creating an encrypted link between a web server and a browser. This link ensures that
all data passed between the web server and browser remain private and integral. SSL is an
industry standard and is used by millions of websites in the protection of their online
transactions with their customers. In order to be able to generate an SSL link, a web server
requires an SSL Certificate. When you choose to activate SSL on your webserver you
will be prompted to complete a number of questions about the identity of your website
(e.g. your website's URL) and your company (e.g. your company's name and location). Your
webserver then creates two cryptographic keys - a Private Key and a Public Key. Your Private
Key is so called for a reason - it must remain private and secure. The Public Key does not
need to be secret and is placed into a Certificate Signing Request (CSR) - a data file also
containing your details. You should then submit the CSR during the SSL Certificate application
process Comodo, the InstantSSL Certification Authority, who will validate your details and
issue an SSL Certificate containing your details and allowing you to use SSL. Your
webserver will match your issued SSL Certificate to your Private Key. Your webserver will
then be able to establish an encrypted link between the website and your customer's web
browser. For detailed application and installation instructions please refer to
section "Step by step instructions to set up SSL on your webserver" of this guide.
Displaying the SSL secure padlock
The complexities of the SSL protocol
remain invisible to your customers. Instead their browsers provide them with a key indicator
to let them know they are currently protected by an SSL encrypted session - the Padlock:
As seen by users of Internet Explorer
Clicking on the Padlock displays your SSL Certificate and your details:
As seen by users of Internet Explorer
All SSL Certificates are issued to either companies or legally accountable individuals.
Typically an SSL Certificate will contain your domain name, your company name, your address,
your city, your state and your country. It will also contain the expiry date of the Certificate
and details of the Certification Authority responsible for the issuance of the Certificate.
When a browser connects to a secure site it will retrieve the site's SSL Certificate
and check that it has not expired, it has been issued by a Certification Authority the
browser trusts, and that it is being used by the website for which it has been issued. If
it fails on any one of these checks the browser will display a warning to the end user.
Why should you use an InstantSSL Certificate?
Comodo, the Certification
Authority behind InstantSSL, is the fastest growing SSL Provider in the world. Unlike other
Certification Authorities, Comodo does not just provide SSL Certificates - they are a
world-renowned security and cryptography service provider. When you are a customer of Comodo,
you can feel safe knowing that your website security is provided by experts.
InstantSSL Certificates are the most cost-effective fully validated and fully supported
128 bit SSL Certificates you can buy today! You can contact the technical support team
between 3am- 7pm EST (soon to be 24 hours). You can also feel safe in the knowledge that
Comodo will validate your application in accordance with the latest digital signature
legislation pertaining to Qualified Certificates. This validation is done effectively and
quickly, ensuring you need not wait the traditional 3 working days normally associated
with a fully validated SSL Certificate. InstantSSL boasts industry leading browser
ubiquity - comparable to Verisign and Thawte, however without the costs associated with
other SSL Providers. InstantSSL Certificates are compatible with over 99% of browsers -
including Internet Explorer 5.00 and above, Netscape 4.5 and above, AOL 6 and above and
Opera 5.00 and above.
InstantSSL benefits summary: InstantSSL Certificates are the most cost
effective SSL Certificates you can buy which include: " Full validation conducted
quickly - in many cases you can expect your SSL Certificate to be issued within minutes
" Telephone, email, web support available 3am - 7pm EST
" Over 99.3% browser
compatibility
" 128 bit strong encryption security
" Backed by warranties ranging
from $50 to $10,000 InstantSSL Certificates provide you with the key to successfully
using SSL on your webserver.
Testing your webserver before you buy -
Try an SSL Certificate for free
Trial SSL Certificates provide full SSL functionality for 30 days and are fully supported
by our expert technical support staff. Unlike test Certificates from other CAs, InstantSSL
trial Certificates are issued using the same Trusted Root CA that issues our end-entity
SSL Certificates and provides 99% browser ubiquity, and NOT by a different test CA. This
unique service helps you fully test your system prior to your live roll out. Trial
SSL Certificates are ideal for anyone requiring proof of ease of installation, confirmation
of high quality technical support and also confirmation of compatibility with the majority
of the browsers that exist today. Trial SSL Certificates are also ideal for practicing
with Certificates and learning about SSL implementation before committing to installing a
Certificate on your live system.
Get your
free 30 day trial SSL Certificate
Step by step instructions to set up SSL on your
Microsoft IIS 5x webserver
There are four stages to setting up SSL on your Microsoft IIS 5x
webserver: 1. Create a Certificate Signing Request (CSR)
2. Apply online
3.
Installing your Certificate
4. Displaying your Secure Site Seal
1. Generating a Certificate Signing Request (CSR) A CSR is a file containing
your certificate application information, including your Public Key. Generate your CSR and
then copy and paste the CSR file into the webform in the enrollment process: Generate
keys and Certificate Signing Request: " Select Administrative Tools from the Start
Menu
" Start Internet Services Manager
" Open the Properties window for the website the CSR is for. You can do this by right
clicking on the Default Website and selecting Properties from the menu
" Open Directory
Security by right clicking on the Directory Security tab
" Click Server Certificate. The following Wizard will appear:
" Click Create a new certificate and click Next.
" Select Prepare the request now, but send it later and click Next.
" Provide a name for the certificate, this needs to be easily identifiable if you are
working with multiple domains. This is for your records only.
" If your server is 40
bit enabled, you will generate a 512 bit key. If your server is 128 bit you can generate
up to 1024 bit keys. We recommend you stay with the default of 1024 bit key if the option
is available. Click Next
" Enter Organization and Organization Unit, these are your company name and department
respectively. Click Next.
" The Common Name field should be the Fully Qualified Domain Name (FQDN) or the web
address for which you plan to use your Certificate, e.g. the area of your site you wish
customers to connect to using SSL. For example, an InstantSSL Certificate issued for
comodo.net will NOT be valid for secure.comodo.net. If the web address to be used for
SSL is secure.comodo.net, ensure that the common name submitted in the CSR is secure.comodo.net.
Note that preceding the FQDN with https:// is NOT necessary. Click Next.
" Enter your Country, State and City. Click Next.
" Enter a filename and location to save your CSR. You will need this CSR to enroll
for your Certificate. Click Next.
" Check the details you have entered. If you have made a mistake click Back and amend
the details. Be especially sure to check the domain name the Certificate is to be Issued
To. Your Certificate will only work on this domain. Click Next when you are happy the
details are absolutely correct.
2. Applying for your InstantSSL Certificate Online Visit www.instantssl.com
and select your SSL Certificate product type. You will be required to submit the CSR into
a webform. When you make your application, make sure you include the CSR in its entirety
into the appropriate section of the enrollment form. When you view your CSR it will appear
something like: -----BEGIN NEW CERTIFICATE REQUEST-----
MIIDVjCCAr8CAQAwezEdMBsG
A1UEAxMUd3d3Lm15ZG9tYWlubmFtZS5jb20xDDAK
BgNVBAsTA1dlYjEaMBgGA1UEChMRWW91ciBDb21wYW55I
E5hbWUxEDAOBgNVBAcT
B015IENpdHkxETAPBgNVBAgTCE15IFN0YXRlMQswCQYDVQQGEwJVUzCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEAuev9LnSRX/6u5Iz7ckpt0IG4DwnAF/lsksJ0
n5r9w1EK9Np5/OJEt72
r5es3nie5rTKo3O4yvSLovkS0vqT+iOlEZvl5B4mXTEPw
fDLjEcwcNb8SCJ4ArUAhHKJWHDKJHDKDA6587568
gfhjfjFHGFHFhsgGHJGJjhhj
HFD^TGFrYTrYTrfGHI&DHJKDHkjwjkkgAgcwCgYIKoZIhvcNHKJHFrytD
ETR$456
AwcwEwYDVR0lBAwwCgYIKwYBBQUHAwEwgf0GCisGAQQBgjcNAgIxge4wgesCAQEe
WgBNAGkAYw
ByAG8AcwBvAGYAdAAgAFIAUwBBACAAUwBDAGgAYQBuAG4AZQBsAC67
QwByAHkAcAB0AG8AZwByAGEAcABoAGk
AYwAgAFAAcgBvAHYAaQBkAGUAcgOBiQCq
EH3QppP7Ewuz6oh4EUXMbKdqieAcbQ52iFSXqQ/n1xAtEpVUfjIM
3exr42EhyYlr
lV7cpUKbSr/eQ6c/hjiUi17EpvleBBV0BkFWsWzJoShx0BmOKvDnKINNQC3Jya+M
N/t9a
xyuCwdUYJiLglNnjcBLSxL/6hovXNDLuCLgMAAAAAAAAAAAMA0GCSqGSIb3
DQEBBQUAA4GBAEQT6Pwj0BHeOU
w+AR0GAT30q+1OYNkr341CouMC6M7KqlKgVZDV
tRes4uz1Yf8+WRCutVvDByrey+CdgzJzHvHqS6lAj2swx8Q
adclVWOkZfH//k/KE
1MiOEb6c3Mp1ECorjIm+HRN20Qga+dnDBOowyRYn7Vz+NKar88mrJwk/
-----END
NEW CERTIFICATE REQUEST----- Be sure to copy the CSR text in its entirety into the
application form, including the: -----BEGIN CERTIFICATE REQUEST----- and -----END
CERTIFICATE REQUEST-----
3. Installing your InstantSSL Certificate
Installing the Root & Intermediate
Certificates When you InstantSSL Certificate has been issued you will receive 3
Certificates via email from Comodo Security Services. Save these Certificates to the
desktop of the webserver machine, then: " Click the Start Button then select Run
and type mmc
" Click File and select Add/Remove Snap in
" Select Add, select
Certificates from the Add Standalone Snap-in box and click Add
" Select Computer
Account and click Finish
" Close the Add Standalone Snap-in box, click OK in the
Add/Remove Snap in
" Return to the MMC A. To install the GTECyberTrustRoot
Certificate:
" Right click the Trusted Root Certification Authorities, select All Tasks, select Import.
" Click Next.
" Locate the GTECyberTrustRoot Certificate and click Next.
" When the wizard is
completed, click Finish.
B. To install the ComodoSecurityServicesCA Certificate:
" Right click the Intermediate Certification Authorities, select All Tasks, select
Import.
" Complete the import wizard again, but this time locating the ComodoSecurityServicesCA
Certificate when prompted for the Certificate file.
" Ensure that the GTECyberTrustRoot
certificate appears under Trusted Root Certification Authorities
" Ensure that the
ComodoSecurityServicesCA appears under Intermediate Certification Authorities
C. Installing your SSL Certificate " Select Administrative Tools
" Start Internet Services Manager
" Open the properties window for the website. You can do this by right clicking on the
Default Website and selecting Properties from the menu.
" Open Directory Security by
right clicking on the Directory Security tab
" Click Server Certificate. The following Wizard will appear:
" Choose to Process the Pending Request and Install the Certificate. Click Next.
" Enter the location of your certificate (you may also browse to locate your certificate),
and then click Next.
" Read the summary screen to be sure that you are processing the
correct certificate, and then click Next.
" You will see a confirmation screen. When
you have read this information, click Next.
" You now have a server certificate
installed. Important: You must now restart the computer to complete the install
Open the Properties of the default website and ensure that SSL port contains the number
443 (it should default to this number automatically). You may want to test the Web site
to ensure that everything is working correctly. Be sure to use https:// when you test
connectivity to the site.
4. Displaying your Secure Site Seal As a valued InstantSSL customer we
encourage you to display the InstantSSL secure site seal to help promote your secure site
to customers. The secure site seal is free to all InstantSSL customers.
| 