Webnet77 Christian web host



Hosting Packages


Up to 40 GB storage!
Unmetered Traffic!

 

Christian
web hosting

All about SSL Certificates

 

OTHER ARTICLES OF INTEREST

META TAGS, Copyright, Spam Mail, Traffic Tips, Secure Email, New Site Checklist

 
WHAT IS A SSL CERTIFICATE?

Before we get started, SSL stands for Secure Socket(s) Layer. SSL has two main purposes:
  • Contrary to popular urban legend, the primary purpose of a SSL certificate is to provide you (the "user" if you will) with non-forgeable proof of the identity of the website you are connecting to.
     
  • The secondary purpose is to ensure the data exchanged between your browser and the site you are connecting to cannot be read, deciphered or decrypted by a third party who may be tapping in to the data exchange between your Browser and the remote server

 

WHO NEEDS A SSL CERTIFICATE AND FOR WHAT PURPOSE?

Any website that stores "sensitive" information like Credit Card numbers, personal information about other people (like names and addresses, Identity Numbers, Passwords etc) or sensitive company information, should only acquire the data from the individual via a secure connection. Not only is a secure connection important to protect you (the website owner) from fraud, but it is essential to protect your customers and staff from fraud as well.

Why is it important?

Firstly, when you enter data (including passwords, credit card numbers) over a non-secure internet connection, the data is transmitted from your PC to the destination server in plain text. The fact that your browser shows a bunch of '******' for the password is simply what it shows you. Your password is still being transmitted as plain text!

So what does it matter?

Any data transmitted over the internet as plain text can be intercepted. It's as simple as that. A person with malicious intentions simply has to listen on the right ports or look in the right places to read exactly what you entered. If that data happened to be your password or your credit card number ... well, you can make up the rest of the story ... and it does not end well.

BEWARE - "phony" certificates!!!

As stated, the primary purpose of an SSL certificate is to establish the identify of the site you are connecting to. There are many companies (especially web hosts) offering "free ssl" as a carrot to attract unsuspecting customers. Before you think that this is great! and the best thing since sliced bread, think again. Most are not "real". Here's how it works:

What a lot of hosts do is to purchase a wild card sub-domain SSL certificate. This allows them to make an infinite number of sub-domains like https://yoursite.the_other_guys_site.com type A records. Notice that the SSL certificate is not owned by yoursite but by the_other_guys_site (the last part before the .com is the actual domain. The part to the left of that is the sub-domain).

What this means is:

  • 1. Anyone that knows just a little bit about SSL is unlikely to purchase a product from you online (I certainly wouldn't!) because there is no way of knowing that you are who you say you are because the SSL data refers to the_other_guys_site and NOT yoursite.
     
  • Things like page rank are now also given away by you to the_other_guys_site.

Bottom line is if you want SSL on your website make sure it's an SSL certificate registered to yoursite.com and only only that. If you are thinking of signing up with some company because of a free SSL certificate, ask the following two questions:

  1. Will my site be on a dedicated IP address?
  2. Will the certificate be issued to me (my domain) or will it be a sub-domain of of some other domain?

If they do not provide you with a dedicated IP address and a dedicated certificate, stay away, it's a wild-card sub-domain certificate and fails to fulfil the primary purpose of a certificate which is to identify yoursite through a trusted third party.

 

COMMON MISCONCEPTIONS ABOUT SSL CERTIFICATES

A common misconception is that SSL certificate's main purpose is to protect the transaction between buyer and seller. This is not the main purpose of a certificate.

The main purpose of a certificate is to establish the identity of your website through a trusted third party (the issuer of the certificate). In other words, when I go to www.YourSite.com as your potentially paying customer, I need to see that the certificate on www.Your-Site.com was, in fact, issued by a trusted third party to www.YourSite.com. The "trusted third party" who signed the certificate, is my guarantee that I am on your site and not some other site.

To put this theory to the test, click here. Once the new browser window opens, click on the image in the top right or bottom left of your browser (IE) or in the browser URL bar (Firefox) as shown below. You should see something like this:

Firefox
FireFox SSL Icon

You should see something like this

SSL Certificate 

The Issued To section contains the name of the domain the certificate was issued to.

The Issued By section contains the name of the "Trusted Third Party" who issued the certificate. There is a link to their website where you could, if you wanted to, verify that the certificate issued to webnet77.net is authentic.

In a nutshell, the certificate guarantees you are on webnet77.net and not some other site claiming to be webnet77.net.
 

MONEY QUESTIONS - WHAT DOES IT ALL COST?

What follows from here onwards is generally true for all certificates but is written specifically for Webnet77 and applies specifically to Webnet77 customers wanting SSL.

Because the vast majority of SSL certificates are used for business purposes, there are costs involved. (We mention that because we can generate a self-signed certificate in 10 seconds and it doesn't cost a cent. Self signed certificates are just as secure and "real" ones and work just as well any day of the week but give an authentication warning in the browser which must be accepted before continuing). Here are the costs:
  • The Certificate needs to be bought somewhere. You can pay up to $900.00 for a certificate from places like Thawte, Verisign, GeoTrust etc or you can get one through us for under $30.00 a year. It's up to you. (If you are a Webnet77 customer, we can purchase the certificate for you and do everything else in one step -- see table below)
     
  • We charge $25.00 once off to generate the CSR (Certificate signing request), get the dedicated IP for you, Install the certificate on your site and generally to hold you hand through the entire process. (From experience we know this is pretty reasonable because most folk need a lot of hand holding in the beginning).
     
  • Recurring fee of $9.00 every quarter - 3 months for the dedicated IP address required for your website by the SSL certificate.

Current costs:

Certificate costs

 

FOR WEBNET77 CUSTOMERS ONLY

You can skip doing all the works and we will do it for you. The price is the same as above without any of the hassle of going through Step 1 to Step 5 below.

GENERATING a CSR (Certificate Signing Request)


When you buy a SSL certificate, you will be asked at some point  to enter the CSR (Certificate signing Request). If you do not host with us, you will need to contact your Web Hosting company for the CSR. If you are a webnet77 customer, contact us and we will provide you with a CSR we generate for your site.
 
WHAT ARE THE STEPS IN GETTING A SSL CERTIFICATE FOR MY SITE AND GETTING IT INSTALLED?

Follow these steps exactly and you won't go wrong. (Please note, this process has to followed to the letter or you will have problems).

STEP1: Buy your certificate

You can buy  it from us, for under $30.00 per year or from anywhere else. Just make sure it is not a chained certificate. Some companies sell "cheap" certificates that aren't worth anything. You can, of course, go to Verisign and get the same thing for $350.00. That's up to you. If we get the certificate for you, we generally use RapidSSL.
 

STEP 2: Generate the CSR (Webnet77 Customers only)

You will need to provide us with the following information:
NOTE: This is an exact science. The information you provide must be 100% accurate or your certificate will not work.

Issuing authority Description Abbrev What it is Comments
Subject: Email Address E Your Email address Email address you entered when purchasing the Certificate. This email will be viewable by anyone clicking the certificate on your website.
Subject: Common Name CN Your Host name (URL)

Host to make certificate for. This must match exactly what you entered when you bought the certificate.

For example, if you entered your domain as domain.com the certificate will not work on www.domain.com

Example #2 secure.domain.com is not the same as www.secure.domian.com. Certificates only work on the exact domain.

Subject: Country Name C Country Code 2 Letter Country code.
Subject: State S State/Province State.
Subject: City L Your City City.
Subject: Organization O Your Name or Organization Unless you are a corporation or company, this will usually by your full name. Be sure to select the correct options when purchasing your certificate.
Subject: Organizational Unit OU Your Name or Organization Unless you are a corporation or company, this will usually by your full name. Be sure to select the correct options when purchasing your certificate.

PLEASE NOTE: ALL THE ABOVE INFORMATION MUST MATCH YOUR CERTIFICATE EXACTLY (CASE ALSO) AS YOU ENTERED THE DATA WHEN YOU BOUGHT IT. IF YOU ENTER, FOR EXAMPLE, YOUR NAME AS "Dan A Jones" WHEN PURCHASING THE CERTIFICATE, YOU CANNOT ENTER "Dan Jones" (Without the "A") ON THE CSR. REMEMBER, EXACTLY THE SAME AS ON THE CERTIFICATE - EVERY SPACE, EVERY PERIOD, EVERY COMMA - OR IT WILL NOT WORK.

If you have all the information and only if you have all the information and have already purchased your certificate and need the CSR.

STEP 3: Enter the CSR at the place where you purchased the certificate.

After you enter the CSR, the company where you purchased your certificate will usually require you prove your identity. In most cases they will require you to either call them or fax them with the information they require. Simply follow their instructions.

Once you have jumped through all the hoops and complied with the screening process they will contact you to tell you your certificate is ready.

You now need to send us the entire certificate so that we can

  • Reserve an IP address for you. (We need the certificate to justify the IP address).
  • Install the certificate on your site for you.

STEP 4: Reserve an IP address for you for your SSL website (webnet77 customers only).

  • A SSL Certificate can only be assigned to a website with a unique IP address. In the early days of the Internet, IP addresses were handed out left and right, no questions asked. These days, we have to justify to ARIN (American Registry for Internet Numbers) why we want the IP address. ARIN will only approve unique IP addresses for individual domains under very specific conditions. A secure website is one such condition.
     
  • It has never happened before but there is no guarantee that ARIN will approve additional IP addresses. If your request for an additional IP address is denied, there is nothing we can do and your certificate will be useless. However, the chances of this are very slim.
     
  • It can take up to 72 hours for your IP address to be approved and allocated. This has nothing to do with us and is simply because of bureaucratic red tape.

STEP 5

  • For having generated the CSR (Certificate signing request), getting the dedicated IP for you, Installing the certificate on your site and generally holding you hand through the entire process.
     
  • Please settle as soon as possible after we invoice you to avoid delays.
     
LASTLY - PLEASE READ

Everything described above has to do with getting the SSL setup on your website. Prices quoted above DO NOT include installing Shopping carts on your site or to making them work. That is for you to do. If you want us to do this for you, please see our services rate sheet for more information and pricing.
 

OTHER ARTICLES OF INTEREST

META TAGS, Copyright, Spam Mail, Traffic Tips, Secure Email, New Site Checklist

 


Copyright 2002- Webnet77.com. All Rights reserved.
TOS::AUP::Privacy