Secure Sockets Layer (SSL) and Certificates

What is Secure Sockets Layer (SSL)?

Secure Sockets Layer (SSL) is a system that allows for a private connection when communicating with other SSL-enabled products. It is symmetric encryption nested within public-key encryption and authenticated through the use of certificates. An SSL connection can only occur between an SSL-enabled client and an SSL-enabled server. In fact, when a server is running in SSL mode, it can only communicate through SSL.

What are Certificates?

A digital certificate is a statement signed by an independent and trusted third party. The statement usually follows very a specific format, laid down in a standard called X509, but it doesn't have to.

A certificate contains three elements:

1. Subject Name and Other Certificate Extensions
   This is information about the object being certified. In the case of a person this might include your name, nationality and email address, your organization, and the department within that organization where you work. It could also include a picture of you, a codification of your fingerprints, your passport number, and so on.
2. Public Key Information
   This is the public key of the entity being certified. The certificate acts
   to bind the public key to the attributes information described above. The
   public key can be any asymmetric key, but is usually an RSA key.
3. Certifying Authority Signature
   The CA signs the first two elements and thereby adds credibility to the certificate. People who receive the certificate check the signature and will believe the attribute information / public key binding if they trust that certifying authority.

Sharing or Obtaining a SSL Certificate

You can share one of Render-Vue's certificates if you are just getting started and don't want to purchase your own. If you are serious about security and run an e-commerce web site, Render-Vue recommends getting your own certificate. Besides the security and stability advantages, now visitors can access your secure site with your domain name and not as a directory of the server you are on. (https://www.yourdomain.com as opposed to https://server0000.net/yourdomain/). When you get your own certificate, your customers see your name on the certificate and not ours.

Sharing (Dependant on sever and hosting plan)

If you decide to share our certificate, your site is automatically set up with it at https://your_server.com/yourdomain/. For example, if you are on server 5000 and your domain name is treehugger.com your secure url will be (note https, not http): https://server5000.net/treehugger/

You can find the server you are on from the welcome letter Render-Vue sent you. The server name is also displayed every time you log in through SSH or FTP. This location will have the same information as your main site, but it will be encrypted.

Getting your own Certificate.

Render-Vue recommends that you purchase your own certificate. You can get your own certificate from a variety or sources. You can get a certificate from:

• www.freessl.com
• www.thawte.com
• www.verisign.com
• www.entrust.net

Steps to obtaining your own Certificate

1. To obtain your own certificate, companies like Thawte need proof of identity. A proof of organizational name and proof of the right to a domain name are required. For specific details, look here: http://www.thawte.com/certs/server/docs.html The information will be in the control panel under the secure server section.
2. Go to your control panel. Here you can generate a Certificate Signing Request (CSR) and RSA private key that needs to be sent to the certificate issuing company. Contact a certificate issuing company with the private RSA key and your necessary identification information or use the control panel submission feature.
3. The process for installing a certificate is fairly automated from here. You still need the information obtained in step one. Follow the instructions for placing the necessary information in the text fields. You place the RSA private key in the text area first, then the certificate key that was sent to you by whomever you purchased it from.

Using Front Page with SSL

Using secure forms with front page and a shared certificate can cause problems. While we've found this to work sporadically it most often doesn't. If you want to use secure forms with front page you will have to purchase your own certificate.

Links

http://developer.netscape.com/quickfind.cgi?cp=dev01qfin
http://developer.netscape.com/tech/security/ssl/howitworks.html

Configuring CGI Scripts Using SSL...

How do I call a CGI script securely?

Using your local CGI BIN, your path would look like this:
https://secure_server.net/your_domain/cgi-bin/filename.pl or
https://your_domain.com/cgi-bin/filename.pl

The secure_sever.net represents the server your domain is hosted on.

If you would like to use formmail.pl securely you first need to:

1. Save a copy of this script on your local hard drive.
2. Upload the formmail.pl file into your local /cgi-bin directory. Then, instead of calling the universal /cgi-sys directory, you would call your own /cgi-bin directory. It would look something like this:
   https://secure_sever.net/your_domain/cgi-bin/formmail.pl
   NOTE: You do NOT include the extension of your domain
   (ie. '.com', '.net', '.org').

What is your server path to PERL and Sendmail?

Our server path to PERL is: !/usr/local/bin/perl or usr/bin/perl

The path to the Sendmail program is: /usr/lib/sendmail

How do I set permissions inside my CGI BIN?

If the browser returns "Internal Server Error" every time you submit your form, you did not have the right permission set for your script. Do the following to set the permission:

SSH/FTP into your /cgi-bin directory and issue the following command:
chmod 755 filename.pl
This will give universal execute permissions for that file.

Totally Confused and not sure - then email us and we'll try and clarify things for you.

back to top
 

copyright render-vue 1999 - © all rights reserved