Go Premium for a chance to win a PS4. Enter to Win

x

SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Share tech news, updates, or what's on your mind.

Sign up to Post

The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security tools at their disposal to keep cybercriminals and hackers at bay. It can be a real challenge to know where to start, when you are defending against malicious code that can damage your system and against cyberthieves on the lookout for sensitive data to sell on the black market. One thing every business can do to protect their website and customers is to use Secure Sockets Layer (SSL) certificates, particularly if they run an e-commerce site or collect personal customer information through their site.


What Is SSL?


The Secure Sockets Layer (SSL) is the most widely used Internet security protocol used today. This encryption technology protects your sensitive information as it travels between the visitors’ web browser and the web server of the website they are interacting with. This secure link ensures that all data is transmitted without being intercepted by prying hackers.


SSL encrypts all data before it is sent so that no one besides you and the website you’re submitting the information to, can see and access what you type into your browser. Random characters are inserted into the original information to make it incomprehensible for anyone without the proper encryption key. Therefore, if it does fall into the wrong hands there is nothing to worry about since the information is unreadable.


SSL Certificate Basics


When you visit a website that has an SSL certificate issued by a trustworthy authority, your browser (i.e. Internet Explorer®, Firefox® and Chrome™) will form a connection with the webserver, recognize the SSL certificate, and then connect your browser and the server so that confidential information can be exchanged.


To enable SSL on your site, you need to get an SSL Certificate that identifies you and install it on your web server. The SSL certificate must also be digitally signed by another trusted root certificate to prove that the SSL certificate provider can be trusted. Business owners can get standard and extended certificates along with tools to manage multiple certificates or security challenges.


Steps For Getting A SSL Certificate


Once you have selected Certification Authority vendor, send a request for certification and pay for the certificate.

Every CA will provide a Certification Practice Statement (CPS) with more specific information about their verification process and how long it will take to receive approval, depending on the complexity of your organization and the type of certification applied for. Business owners then have to go through various stages of vetting before they can install the certificate on their site and connect to a secure server on the web.


When the SSL Certificate is installed properly, you can access a site instantly by changing the URL from http:// to https://. The secure connection happens instantly and technically.


How Can Consumers Tell if a Website is Certified?

SSL is a transparent protocol which requires no interaction from the end user. Users can verify whether the web address in their browser displays a padlock, or, in the case of Extended Validation SSL, if there is both a padlock and a green bar. This assures visitors that the site is SSL certified and that your connection is automatically secured.


How Can SSL Be Used For Business?  

 

The most common applications of SSL are to secure payment transactions, system logins, email, data transfer, and any other sensitive data exchanged online.


If your organization has to comply with regional, national or international regulations, such as Payment Card Industry compliance, on data privacy and security then you will need an SSL certificate with the proper encryption. EV SSL provides advanced security measures to deal with the bigger risks that come with e-commerce today.

SSL is critical for protecting sensitive information such as customer names, phone numbers, addresses and credit card numbers. It also defends your site from malware and prevents malvertising from eating into your resources.

SSL secures webmail and helps establish secure connection between an email client such as Microsoft Outlook and an email server such as Microsoft Exchange.


SSL can also be used to secure intranet based traffic such as internal networks, extranets, and database connections. It also helps transfer of files over https and FTP(s) services safely.


Future-Proof Your Site With SSL Certificate


Online businesses can gain and retain their customer’s trust by getting SSL certification.  Lunarpages offers free dedicated  SSL certificate  and dedicated IP’s with all of our business plans or you can get a Dedicated SSL certificate on your account. Shared SSL certificate will function only with HTML, and cgi/perl based documents/scripts/carts but it will not work with ASP, JSP or PHP pages because of security restrictions on the servers. For that you will need to purchase a Dedicated SSL Certificate and Dedicated IP. If you’re still unsure about how SSL will affect your website, contact Lunarpages at 1-877-586-7207 (US/Canada) to know more.

0
Ready for your healthcare security check-up?
Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
5
 
LVL 6

Expert Comment

by:mmarth
Comment Utility
can a file be encrypted with OpenSSL as it is being streamed in so it is not first saved in plaintext form
0
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
0
Superb Internet Corp - SSL Certificates
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant.
Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like a customer’s personal and credit card information.
1
#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
4
 
LVL 66

Expert Comment

by:Jim Horn
Comment Utility
Lots of content here and very well illustrated.  Voting Yes.
And I see it just made Featured Article on the homepage.  Congratulations!
0
Imagine a situation that you have installed SSL Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you can find step-by-step guidance on Cisco's website.

First of all, before you create a CSR (Certificate Signing Request), you must generate a private key, we refer to it as "mykey.pem" later in this document for WLC (Wireless LAN Controller)  use. It is a good practice to save the private key on the local disk in .txt format for future use, but if you forgot to do that, don't worry there is a way to export it from ASA.

We will start from the moment where we have already installed SSL certificate on ASA firewall. Usually for that process you will receive three files from the certificate vendor (or your own root certificate server)
  1. Root CA Certificate (CARoot.crt)
  2. Intermediate CA certificate (SSLCA2.crt)
  3. Device / domain / web server certificate (yourdomain_com.crt)
 

I. To install SSL certificate on WCL you need to create a .pem file that contains the full chain of certificates includes all three* certificates in the following order:

[use a text editor (notepad, nano, vi)]

-----BEGIN CERTIFICATE-----
(Your domain Certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Intermediate CA certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Root CA  certificate)
-----END CERTIFICATE-----

Open in new window

Save this file as allcerts.pem.

2
So you need a certificate so you can offer SSL encryption.  But which one should you get?  There are so many choices out there!

Here is a generic overview of the main types of SSL certificates sold by the majority of commercial Certification Authorities (CAs).  Note that vendors may use slightly different names based on their marketing.  Note that this covers SSL certificates only - other certificate types will be covered in another article.

Standard SSL
Your "no-frills" cert - valid for one name.  This is fine for most folks - it gets you the gold lock in the browser, gives you SSL encryption, and validates your server's identity.

EV (Extended Validation) SSL
This is similar to a Standard SSL cert, except the validation process is a little bit more involved, allowing the CA to assert more confidence in your identity.  The main benefit is that EV certs will turn the address bar green in most modern browsers (IE7+, FF3, etc.) - for an example see https://www.paypal.com.  The overall encryption is just the same as standard - it just makes it easier for the customer to be more confident in your identity to help prevent phishing.

UC (Unified Communications)
a.k.a. multi-domain or SAN (Subject Alternative Name)

This is a Standard SSL cert (unless specified to be EV SSL) that allows for multiple names in the same cert.  This is popular for Exchange certs, but can be used for any environment.  Example you can have www.domain1.com and …
7
We've all had that page pop up telling us there is a problem with the certificate and some of us continue on anyways and others run away to a safer competing site.  But what to do when you get the error - is it your problem or theirs?  What can you do?

The answer depends on what the reason for the security warning is.  Things will vary slightly depending on the browser type and version, but there should be a 'show details' area near the end of the message.  There are 3 flavors of errors that will be seen on the client end here is the paraphrased listing:

1) Name mismatch - try entering the servername portion of the URL exactly as it shows it in the certificate (click the View Certificate button in the error message box or use the gold lock next to the address bar or down in the bottom right corner to show the cert).  For example, if you were going to https://server/index.htm and it got the warning - the certificate may be for server.domain.com, so you should instead go to https://server.domain.com/index.htm and the error should go away.

2) Certificate expired or not yet valid - usually means it expired - renew the cert if it is your server, or else contact the company of that site and ask them to update it.

3) Untrusted root - if the root certificate for the site is not already in your trusted root cert store, you will need to import that.  This is common if the site is using their own CA instead of a commericial vendor, or if they had generated a self-signed …
2
 
LVL 2

Expert Comment

by:Jason Parms
Comment Utility
One more common error – “page contains secure and nonsecure items

This error occurs, while some insecure items (such as images, frames, iframes, Flash, and JS) are being accessed on secure web pages. You can find insecure items for your web site by using this tool - https://www.ssl2buy.com/wiki/why-no-padlock/

Solutions:-

1. Replace URLs (use HTTPS instead of HTTP)

You have to require use https:// for the references on all images, iframes, Flash and JS.

Example:
<img src="https://www.yourdomain.com/abcimage.png" />

Open in new window


2. Use relative path instead of absolute path

If you are using a relative path for the references, then you will never face this error.

Absolute Path:
<img src="https://www.yourdomain.com/abcimage.png" />

Open in new window


Relative path:
<img src=" /abcimage.png" />

Open in new window

0
 
LVL 20

Expert Comment

by:Peter Hutchison
Comment Utility
Another thing to watch out for is fake websites using fake certificates. Just because a site is encrypted using an ssl certificate mean that the site is trustworthy, it doesn't.  Check that certificate, does it come from a compromised CA, is the bit length up to date (2048 bits is required or more), and check the site using different browsers which may highlight other warnings.

http://www.zdnet.com/article/fake-ssl-certificates-pirate-web-sites/
0

SSL / HTTPS

8K

Solutions

10K

Contributors

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.