|
Secure
Socket Layers (SSL)
What
is Secure Sockets Layer (SSL)?
Secure
Sockets Layer (SSL) is a system that allows for a private
connection when communicating with other SSL-enabled
products. It is symmetric encryption nested within
public-key encryption and authenticated through the use of
certificates. A SSL
connection can only occur between an SSL-enabled client
and an SSL-enabled server. In fact, when a server is
running in SSL mode, it can only communicate through SSL.
What
are Certificates?
A digital
certificate is a statement signed by an independent and
trusted third party. The statement usually follows very a
specific format, laid down in a standard called X509, but
it doesn't have to.
A
certificate contains three elements:
1.
Subject Name and Other Certificate
Extensions
This is
information about the object being certified. In the case
of a person this might include your name, nationality and
email address, your organization, and the department
within that organization where you work. It could also
include a picture of you, a codification of your
fingerprints, your passport number, and so on.
2.
Public Key Information
This
is the public key of the entity being certified. The
certificate acts
to bind the public key to the attributes information
described above. The
public key can be any asymmetric key, but is usually an
RSA key.
3.
Certifying Authority Signature
The
CA signs the first two elements and thereby adds
credibility to the certificate. People who receive the
certificate check the signature and will believe the
attribute information / public key binding if they trust
that certifying authority.
Sharing
or Obtaining a SSL Certificate
You can
share one of netbasiks.com's
certificates if you are just getting started and don't
want to purchase your own. If you are serious about
security and run an e-commerce web site, netbasiks.com
recommends getting your own certificate. Besides the
security and stability advantages, now visitors can access
your secure site with your domain name and not as a
directory of the server you are on. (https://www.yourdomain.com
as opposed to https://ssl.server.com/yourdomain/).
When you get your own certificate, your customers see your
name on the certificate and not ours.
Sharing
If you
decide to share our certificate, your site is
automatically set up with it at https://ssl.securenameservers.com/yourdomain/.
For example, if your domain name is is justkidding.com
your secure url will be (note https, not http): https://ssl.securenameservers.com/justkidding/
You can
find the server you are on from the welcome letter netbasiks.com
sent you.
Getting
your own Certificate.
netbasiks.com
recommends
that you purchase your own certificate. Although the
certificate we provide is 128bit encrypted, and conducting
transactions through it is very safe and secure, many of
our clients prefer to buy their own certificate. You can
get your own certificate from a variety or sources. You
can get a certificate from:
www.thawte.com
www.verisign.com
www.entrust.net
Steps
to obtaining your own Certificate
1.
To
obtain your own certificate, companies like Thawte need
proof of identity. A proof of organizational name and
proof of the right to a domain name are required. For
specific details, look here:
http://www.thawte.com/certs/server/docs.html.
2.
Go to
your control panel. Here you can generate a Certificate
Signing Request (CSR) and RSA private key that needs to be
sent to the certificate issuing company. Contact a
certificate issuing company with the private RSA key and
your necessary identification information or use the
control panel submission feature.
3.
The
process for installing a certificate is fairly automated
from here. You still need the information obtained in step
one. Follow the instructions for placing the necessary
information in the text fields. You place the RSA private
key in the text area first, then the certificate key that
was sent to you by whomever you purchased it from.
Using
Front Page with SSL
Using
secure forms with front page and a shared certificate can
cause problems. While we've found this to work
sporadically it most often doesn't. If you want to use
secure forms with front page you will have to purchase
your own certificate.
Links
http://developer.netscape.com/quickfind.cgi?cp=dev01qfin
http://developer.netscape.com/tech/security/ssl/howitworks.html
Configuring
CGI Scripts Using SSL
How
do I call a CGI script securely?
To
execute cgi-sys
scripts under a secure connection, you must
submit a support request to activate SSL for your account.
Using your
local CGI BIN, your path would look like this:
https://ssl.securenameservers.com/yourdomain/cgi-bin/file.pl
If you
would like to use formmail.pl
securely you first need to:
1.
Save a copy of this script on your local hard
drive.
2.
Upload
the
formmail.pl file
into your local
/cgi-bin directory.
Then, instead of calling the universal /cgi-sys
directory,
you would call your own
/cgi-bin directory.
It would look something like this:
https://ssl.securenameservers.com/domain/cgi-bin/formmail.pl
NOTE: You
do NOT include the extension of your domain (ie. '.com',
'.net', '.org').
What
is your server path to PERL and Sendmail?
Our server
path to PERL is:
!/usr/local/bin/perl
The path to
the Sendmail program is:
/usr/lib/sendmail
How
do I set permissions inside my CGI BIN?
If the
browser returns "Internal Server Error"
every time you submit your form, you did not have the
right permission set for your script. Do the following to
set the permission:
SSH into
your
/cgi-bin directory
and issue the following command:
chmod
755 filename.pl
This
will give universal execute permissions for that file.
You could
also set file permissions through the File Manager located
in your Control Panel or your FTP client like
WS_FTP.
|
