SSL certificate: how it’s used

posted by MariyaV @ 9:44 AM
April 10, 2014

SSL certificate. What is it?

SSL is an abbreviation of the Secure Sockets Layer. It might seem to be complicated but it’s absolutely not.

SSL is a technology that provides security channel between a server and a client – mostly between a web server and a browser or a mail server and a mail client. It lets some private information such as credit card numbers, passwords, and login details to be encrypted and securely transmitted over the Internet or the internal networks.

The thing is that when you enter some private information on the site without SSL it makes you an easy prey for criminals who want to get this data as it is sent as a plain text. It can be just your email and password but as we know, the majority of people use the same password for many services and even for bank accounts.

Therefore, SSL protects millions of people from disclosure of their confidential information every day.

To create an SSL connection a web server needs an SSL Certificate. Under SSL certificate is implied a certificate itself, a Private key and a chain of the certificates which should be installed on the web server for proper work of your secure channel.

During the SSL Certificate application, the Certification Authority* will validate your details (the details that were mentioned during the CSR generation like your company and department name, its address and administrative email etc.), issue an SSL Certificate that contains them and thereby allow you to use secure connection. It means that when your clients visit the web site by entering the domain name, their web browser will request for the SSL certificate. If there is such certificate for the domain then the secured connection will be set.

*Certification Authority (CA or SSL certificate provider) is a company (part, entity, organization) that issues digital certificates.

Does my site need an SSL Certificate?

You need an SSL Certificate if you have login form on your site or your site is e-commercial.

It means that if your clients need to enter any confidential information such as credit card information, email, username or password – you need it.

If you have such certificate, your customers will trust you and you will sell even more.

SSL Certificate features and types of validation.

There are several types of the certificates:

1.     High assurance certificates. It is a type of certificates that requires the validation of ownership of the domain name and valid business registration. This information will be mentioned in your certificate so the customers know that your company exists and it is your company’s site. As it requires manual verification the certificate issue can take from an hour to a few days.

2.     Low assurance certificates. This type of certificates validates only the ownership of the domain name. As the verification is done automatically by checking the WHOIS information of the domain, it takes from 15 minutes to an hour to be issued.

3.     Extended validation certificates. It is rather new type of certificates that prevents phishing attacks. Such certificates require extended validation of your business and authorization. The Certification Authority will need your company’s documents to be provided for the validation. The procedure can take from a few days to several weeks.

4.     Wildcard certificates. This type of the certificates secures all the first-level subdomains of the main domain. For example, for the maindomain.com it will secure subdomain1.maindomain.com, mail.maindomain.com, example.maindomain.com etc.

5.     SGC (Server Gated Cryptography) Certificates. This kind of certificates allows older browsers to connect at a high encryption rate (e.g. 128-bit) instead of a low encryption rate (e.g. 40-bit). However, there is no point in using such expensive certificates because there are only about 1% of people who use such browsers.

6.     Scalable certificate. Every certificate is scalable. It means that the certificate can be used at all encryption rates depending on what user’s web browser and server supports.

7.     Unified Communications certificate (SAN or UC). It is a type of certificate that was created for use with Microsoft Exchange 2007 and Microsoft Office Communications Server 2007 products and protects several domains at once. This certificate secures both internal network names as well as external domain names.

Warranty

The warranty that is mentioned for the SSL certificate can be deceiving. It is not the amount that the purchaser of the Certificate gets. It is the compensation from the Certification Authority for the person who came to the site secured by the SSL and suffered from the criminal who managed to get the customer’s confidential information. In practice that never happens. Therefore, there is no need to look for big warranties while choosing the certificate.

What do I need to get an SSL Certificate?

First of all you need a unique IP address for every SSL Certificate you want to use. You cannot install two certificates for one IP address.

In addition, you will need a CSR. It is a file that contains an encrypted data and that should be generated on your web server or on the exterior resource. The Certification Authority will use the information (Organization name, domain name, postcode, etc…) mentioned in the CSR while creating a certificate.

If the SSL Certificate is issued for exact domain name, WHOIS information should correspond  to company name and address that is submitted with the certificate order.

If you are ordering a high assurance certificate, you will need to have an Organization validation document so that your company is checked by the Certificate Authority in the government databases.

How to upload an SSL certificate to the Apache cPanel 11?

Our Small Business and VIP Hosting plans contain free PositiveSSL certificate and free dedicated IP. (Please, contact our Customer Support Service and we will give you further instructions how to get them.)

So here is the instruction how to make the certificate work:

1. Log in to your cPanel account.

2. Go to Security > SSL/TLS Manager.

3. Choose Generate, view, upload, or delete SSL certificates.

4. If your certificate is already saved in .crt file, then choose Upload a New Certificate, click Browse and set the path to your .crt file.

If your certificate is in the email text then, please, copy the certificate text with tags BEGIN and END and input it to the field “Paste the crt below”.

Upload a new Certificate

5. Press Upload.

6. Click Go Back and then Return to SSL Manager at the bottom of the page.

7. Press Setup a SSL certificate to work with your site. If you do not have this option, then please, contact our support in chat or ticket system.

8. Choose the domain you need in the dropdown. As a result, the system will initiate the process of the certificate and private key gaining. In case if this procedure does not end, please, contact our support.

9. Input the content of your Private key (RSA) to Key and your Intermediate certificate to Ca Bundle.

Certificate installation

10. Press Install Certificate.

As the result, the certificate installation and secure connection should be set for your website. You might need to reboot your Apache webserver for the updates to set.