Thursday, December 14, 2006

SSL Certificates - Secure Server Certificates

Before getting your own SSL certificate, you will need to do some reading on what your chosen Certificate Authority requires for a secure certificate, and you'll also need to come up with some documentation. There are several steps to buying a secure server certificate, once you have decided on a vendor.

This is an overview, not written in stone. Each CA is different, so make sure you read their documentation and what they require. Here is an idea of what they want:

All documentation that is requested must match *exactly*. Secure certificate authorities will verify that your organization actually exists, so they know they are issuing to the correct company. You will need to prove that the Organization Name and the Domain name are in fact yours to use.

Steps you'll be taking:

* Gather required documentation
* Have your host generate a CSR
* Complete certificate authority online application
* Certificate authority will process your request
* Pickup and install your SSL certificate (usually an URL is emailed to you to download the secure server certificate)
* Depending on the vendor, it can take a few hours to a few days.
* Send secure certificate to host for installation. (Send in plain text)

Once your web hosting provider receives this information; they will generate the CSR and send it back to you in plain text. You then send it on to Verisign or Thawte, or whoever you have chosen as your secure certificate authority. They will then generate a SSL certificate for you which you will send back to your host for installation. Your web host may charge a fee for installation in addition to what your SSL certificate vendor charges.

Something to think about:

If you've decided to purchase your own SSL certificate, you will need to decide how you want your URL to be called. If you, as a rule, call your domain name in your coding as then make sure you indicate this to your host when you request a CSR from them. If you don't, and you get the certificate for yourdomainname.com (without the www), this will cause browser errors, making the certificate seem insecure, and you will need to change your coding.

Always use yourself or your company as technical contact.

How to tell if a site is secure?

After you've browsed to a site securely; using https:// in the URL, look on the lower right hand side of your browser. You should see a closed lock. This will tell you the site is secure.

No comments: