Why you need security for your website
The Internet has created many new global business opportunities for enterprises conducting online commerce. However, the many security risks associated with conducting e-commerce have resulted in security becoming a major factor for online success or failure.
Over the past seven years, consumer magazines, industry bodies and security providers have educated the market on the basics of online security. The majority of consumers now expect security to be integrated into any online service they use, as a result they expect any details they provide via the Internet to remain confidential and safe. For many customers, the only time they will ever consider buying your products or services online is when they are satisfied that their details are secure.
This guide explains how you can utilize Positive SSL to activate the core security technology available on your existing web server. You will also learn how Positive SSL allows you to protect your customer's transactions and provide visitors with proof of your digital identity - essential factors in gaining confidence in your services and identity.
Using Positive SSL Certificates to secure your online transactions tells
your customers that you take their security seriously. They will visibly see
that their online transaction will be secure and confidential, which will give them the confidence that you have removed the risk associated
with trading over the Internet.
Using Security helps you realize the benefits of online commerce:
- Cost effectiveness of online operations and delivery
- Open global markets - gain customers from all over the world
- New and exciting ways of marketing directly to your customers
- Offer new data products and services via the Web
Only if you have visibly secured your site with SSL security technology
will your customers have confidence in your online operations. Read on
to learn how SSL helps you achieve the confidence essential to successful
What is SSL?
Secure Sockets Layer, SSL, is the standard security technology for creating encrypted communication between a web server and a browser. It ensures that all data passed between the web server and browser remain private and uncompromised. SSL is an industry standard, used by millions of websites to protect online transactions with their customers. To use SSL, a web server requires an SSL Certificate.
When you choose to activate SSL on your web server, you will be prompted to complete a number of questions about the identity of your website (e.g. your website's URL) and your company (e.g. your company's name and location). Your web server then creates two cryptographic keys - a Private Key and a Public Key. Your Private Key is so called for a reason - it must remain private and secure. The Public Key does not need to be secret and is placed into a Certificate Signing Request (CSR) - a data file also containing your details. You should then submit the CSR during the SSL Certificate application process Comodo, the Positive SSL Certification Authority will validate your details and issue an SSL Certificate containing your details and allowing you to use SSL.
Your web server will match your issued SSL Certificate to your Private Key. Your web server will then be able to establish an encrypted link between the website and your customer's web browser.
For detailed application and installation instructions, please refer to the "Step by step instructions to set up SSL on your web server" section of this guide.
Displaying the SSL secure padlock
The complexities of the SSL protocol remain invisible to your customers. Instead their browsers provide them with a key indicator to let them know they are currently protected by an SSL encrypted session - the Padlock:
As seen by users of Internet Explorer
Clicking on the Padlock displays your SSL Certificate and your details:
As seen by users of Internet Explorer
All SSL Certificates are issued to either companies or legally accountable individuals. Typically, an SSL Certificate will contain your domain name, your company name, your address, your city, your state and your country. It will also contain the expiration date of the Certificate and details of the Certification Authority responsible for the issuance of the Certificate.
When a browser connects to a secure site, it will retrieve the site's
SSL Certificate and check that it has not expired, it has been issued
by a Certification Authority the browser trusts, and that it is being
used by the website for which it has been issued. If it fails on any one
of these checks the browser will display a warning to the end user.
Why should you use an Positive SSL Certificate?
Comodo, the Certification Authority behind Positive SSL, is the fastest growing SSL Provider in the world. Unlike other Certification Authorities, Comodo does not just provide SSL Certificates - they are a world-renowned security and cryptography service provider. When you are a customer of Comodo, you can feel safe knowing that your website security is provided by experts.
Positive SSL Certificates are the most cost-effective fully validated and fully supported 128 bit SSL Certificates you can buy today!. You can also feel safe in the knowledge that Comodo will validate your application in accordance with the latest digital signature legislation pertaining to Qualified Certificates. This validation is done effectively and quickly, ensuring you need not wait the traditional 3 working days normally associated with a fully validated SSL Certificate.
Positive SSL boasts industry leading browser compatibility - comparable to Verisign and Thawte, however without the costs associated with other SSL Providers. Positive SSL Certificates are compatible with over 99% of browsers - including Internet Explorer 5.00 and above, all versions of Firefox, Netscape 4.5 and above, AOL 6 and above and Opera 5.00 and above.
Positive SSL benefits summary:
Positive SSL Certificates are the most cost effective SSL Certificates you can buy which include:
- Full validation conducted quickly - in many cases you can expect your SSL Certificate to be issued within minutes
- Telephone, email, web support
- Over 99.9% browser compatibility
- 128 bit strong encryption security
- Backed by warranties ranging from $50 to $10,000
Positive SSL Certificates provide you with the key to successfully using SSL on your web server.
Testing your web server before you buy -
Try an SSL Certificate for free
Trial SSL Certificates provide full SSL functionality for 30 days and are fully supported by our expert technical support staff. Unlike test Certificates from other CAs, Positive SSL trial Certificates are issued using the same Trusted Root CA that issues our end-entity SSL Certificates and provides 99% browser ubiquity, and NOT by a different test CA. This unique service helps you fully test your system prior to your live roll out.
Trial SSL Certificates are ideal for anyone requiring proof of ease of installation, confirmation of high quality technical support and also confirmation of compatibility with the majority of the browsers that exist today. Trial SSL Certificates are also ideal for practicing with Certificates and learning about SSL implementation before committing to installing a Certificate on your live system.
Get your free 30 day trial SSL Certificate
Step by step instructions to set up SSL on your
Apache web server
There are four stages to setting up SSL on your Apache web server:
1. Create a Certificate Signing Request (CSR)
2. Apply online
3. Installing your Certificate
4. Displaying your Secure Site Seal
1. Generating a Certificate Signing Request (CSR)
A CSR is a file containing your certificate application information, including your Public Key. Generate your CSR and then copy and paste the CSR file into the web form in the enrollment process:
Generate keys and certificate:
To generate a pair of private key and public Certificate Signing Request (CSR) for a web server, "server", use the following command :
openssl req -new -nodes -keyout myserver.key -out server.csr
This creates two files. The file myserver.key contains a private key; do not disclose this file to anyone. Carefully protect the private key.
In particular, be sure to backup the private key, as there is no means to recover it should it be lost. The private key is used as input in the command to generate a Certificate Signing Request (CSR).
You will now be asked to enter details to be entered into your CSR
What you are about to enter is what is called a Distinguished Name or a DN.
For some fields, there will be a default value. If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]: GB
State or Province Name (full name) [Some-State]: New York
Locality Name (city) : New York
Organization Name (eg, company) [Internet Widgits Pty Ltd]: MyCompany Inc
Organizational Unit Name (eg, section) : IT
Common Name (eg, YOUR name) : mysubdomain.mydomain.com
Email Address :
Please enter the following 'extra' attributes to be sent with your certificate request
A challenge password :
An optional company name :
Use the name of the web server as Common Name (CN). If the domain name is mydomain.com append the domain to the hostname (use the fully qualified domain name).
The fields email address, optional company name and challenge password can be left blank for a web server certificate.
Your CSR will now have been created. Open the server.csr in a text editor and copy and paste the contents into the online enrollment form when requested.
2. Applying for your Positive SSL Certificate Online
Visit www.Positive SSL.com and select your SSL Certificate product type. You will be required to submit the CSR into a web form. When you make your application, make sure you include the CSR in its entirety into the appropriate section of the enrollment form. When you view your CSR it will appear something like:
-----BEGIN NEW CERTIFICATE REQUEST-----
-----END NEW CERTIFICATE REQUEST-----
Be sure to copy the CSR text in its entirety into the application form, including the:
-----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST-----
3. Installing your Positive SSL Certificate
Step one: Copy your certificate to file
You will receive an email from Comodo Security Services with the certificate in the email (yourdomainname.crt). When viewed in a text editor, your certificate will look something like:
Copy your Certificate into the directory that you will be using to hold your certificates. In this example we will use /etc/ssl/crt/. Both the public and private key files will already be in this directory. The private key used in the example will be labeled private.key and the public key will be yourdomainname.crt.
We recommend that you make the directory that contains the private key file only readable by root.
Step two: Install the Intermediate Certificates
You will need to install the chain certificates (intermediates) in order for browsers to trust your certificate. As well as your SSL certificate (yourdomainname.crt) two other certificates, named GTECyberTrustRootCA.crt and ComodoClass3SecurityServicesCA.crt, are also attached to the email from Comodo Security Services.
Apache users will not require these certificates. Instead, you can install the intermediate certificates using the following 'bundle' method. In the Virtual Host settings for your site, in the httpd.conf file, you will need to complete the following:
1. Copy the below ca-bundle file to the same directory as httpd.conf (this contains all of the CA certificates in the chain).
2. Add the following line to SSL section of the httpd.conf (assuming /etc/httpd/conf is the directory to where you have copied the ca.txt file). If the line already exists amend it to read the following:
If you are using a different location and certificate file names, you will need to change the path and filename to reflect your server.
The SSL section of the updated httpd config file should now read similar to this example (depending on your naming and directories used):
Save your httpd.conf file and restart Apache.
4. Displaying your Secure Site Seal
As a valued Positive SSL customer we encourage you to display the Positive SSL
secure site seal to help promote your secure site to customers. The secure
site seal is free to all Positive SSL customers.