Roxy

What is SSL?

SSL (Secured Socket Layer), is used for sending and receiving sensitive information such as Credit Card information across the World Wide Web. It ensures encrypted/secure communications between the client and receiving server. The SSL protocol supports the use of a variety of different cryptographic algorithms, or ciphers, and most of which provide 40, 56, or 128 bit encryption security.

Key-exchange algorithms like KEA and RSA key exchange govern the way in which the server and client determine the symmetric keys they will both use during an SSL session. The most commonly used SSL cipher suites use “RSA” key exchange, which many of you have probably seen displayed on numerous websites, and next to a provider called “GeoTrust”, who issues the SSL Server Certificates. A certificate is used to officially identify you as a legitimate SSL enabled website, and displays your name as the certified holder when visitors check it.

When should you use SSL?

SSL is not generally, nor should it be used for all pages on a website. SSL is most commonly used for the sending and receiving of sensitive information such as credit cards, membership ID’s, or customer billing information access. SSL need only be used on the “particular” page where the secure activity is taking place. ALWAYS use SSL when asking for credit card information. If visitors do not observe the https// appearing on the form URL, and the “SSL Symbol”, does not illuminate in their browser, they won’t be doing a whole lot of business with you. No one wants his or her credit card information intercepted and stolen as the result of a site not using SSL encryption!
Usage: Shared Vs Dedicated

Dedicated SSL means you will be able to access your website in secure mode the following way

https://www.domain.com/

:: Notice the S in the end of http ::

Anything you have in the public_html folder will be and can be accessed securely using the https there is no such thing as a folder to put secure stuff in, basically anything in the public_html can be accessed this way.

Shared SSL is basically using and sharing an SSL certificate of a dedicated SSL domain.

For example, if you have a reseller plan and your domain is www.hosta.com and you buy a dedicated SSL for your domain you can access your dedicated SSL like so https://www.hosta.com

Then any one of your clients can access shared SSL using your certificate like so

https://www.hosta.com/~YourClientCpanelUsername/

Then if you have an order form where you wish to process something securely for your main dedicated SSL domain it could be

https://www.hosta.com/orderform.html

or for your client

https://www.hosta.com/~User1/orderform.html

Alternatively you can use the shared SSL we have installed on our servers

https://TheserverNameYourareOn.com/~username/

Example those of you on dime9 server

https://dime9.dizinc.com/~username/

Of course that will display our company and also it will show an error that it does not match the hostname due to the fact that the one cert will be shared among many different domains. However it is still secure.

Alternatively you would get the dedicated SSL for your reseller domain to be shared among your clients using your SSL to be shared.

Anytime you will be using the site for business I strongly encourage to buy your own dedicated SSL.
Preparing, Buying, and Setting up a SSL Certificate

This guide is assuming that you are installing an SSL cert on a WHM/cPanel Server

Step 1

Generate an SSL signing request which will generate a self signed certificate, a certificate signing request (CSR), and a RSA Key. You will need to generate this on the server you wish to install the SSL. There are certain things that take into effect such as the version of Apache and the different mods.

Step 2

After the generation (which will also be stored as files on the server for later retrieval) you take the CSR to the SSL Issuer. They then pop out a certificate and you can now install it.

Step 3

You now go to “Install SSL certificate” in your WHM, type in the FULL domain which the SSL was registered for hit ‘tab’ and WHM will fill username, ip, etc. If you have generated the CSr on that server correctly, it should also fill in the self signed certificate and the RSA key. If it doesn’t, no biggie. Just enter in the Certificate which your Issuer has provided you, paste in the RSA key (if not already present) and click in the CA Bundle, and it will generate the CA bundle. If you have done this and all has gone they way it should, click ‘Do It’ and you will see it install and restart apache.
Ending Notes

Dedicated IP

You will absolutely need a dedicated IP for SSL to work or other wise browsing https:// will most of the time show another site on the server. So get an IP!

Modulus Mismatch

If the RSA Key and the Certificate Issued do not match, you will not get a CA bundle and will get an error called “Modulus Mismatch”. This means, obviously, that the key and Certificate do not match.

Pop-up Errors

SSL will work EVEN IF you get any kind of popup. When viewing your website in the secure connection (https://www.domain.com) and you get a popup saying “Domain does not match” or “Expired” or any number of things, your site is STILL SECURE. SSL certificates are only for the sole purpose of the signing or Vouching. If you don’t care about these popups then you could use the self signed certificate (will not give you CA bundle).

Domain Changes

It is possible to change the domain associated with a SSL certificate after it has been ordered. The order can be no older than 7 days. If your situation meets that criteria, then we can reorder the changed certificate for you and adjust the billing.

__________________
Roxanne


Urban Roxy -Personal Blog
SH63 - the best darn shared server!