 |
| |
Adding SSL certificates to your site
About SSL certificates
SSL certificates are used in the transmission of sensitive information on the Internet using the Secure Sockets Layer (SSL) protocol.
When a web browser points to a secured domain, an SSL handshake identifies the server (web site) and an encryption method is established. By convention, web pages that require an SSL protocol connection start with HTTPS instead of HTTP and the web browser will show a lock indicator somewhere in the browser window when displaying those pages.
You get SSL certificates from a certificate authority. Check your browser options or do an Internet search for a list of certificate authorities.
The types available include individual certificates for subdomains (www.mysite.com, mail.mysite.com) and wildcard certificates that cover everything under a domain name (*.mysite.com). If you have different domain names, you will need separate certificates for each.
Examples
Because the SSL handshake occurs before the HTTP request, each SSL certificate used for web servers is tied to an IP:Port pair. Since it's difficult to specify the port for HTTPS connections, this effectively means you need a separate IP address for each web site that uses an SSL certificate. This doesn't mean that you necessarily need multiple Network Interface Controllers (NICs) though. Your certificate authority can advise you further about what certificate(s) and configurations best suit your needs.
The documents that follow explain how to get, set up, and activate SSL certificates on your site.
Obtaining an SSL certificate
1 Start FirstClass Designer (Windows version).
FirstClass Designer is available on FirstClass Online (FCOL) in the Downloads area.
2 Choose File > Create SSL Certificate.
3 Type a password.
The password can be any combination of letters and/or numbers.
Record the password for later use.
4 Fill in the Certificate Request Information form.
 Note You must fill in every field.
5 Click OK and follow the prompts.
Text for both an RSA private key and a certificate request is generated.
When prompted, copy both to a text file and save for later use.
6 Request a certificate on your chosen certificate authority’s web site.
When prompted, paste the text starting with "----BEGIN CERTIFICATE REQUEST----" and ending with "----END CERTIFICATE REQUEST----" from the text file you created above into the field provided.
NoteIf asked what type of web server you are using, select "Other", or "Apache" if "Other" is not available. This information is gathered by certificate authorities for marketing purposes only and does not affect the certificate you receive.
You will receive a link from the certificate authority for downloading your certificate.
After you've downloaded your certificate, you need to create a certificate document in Internet Services to store it in along with your password and private key.
Creating a certificate document on Internet Services
1 Create and save a new document in Internet Services/SSL Certificates.
Give it a meaningful name ending with .cert, .crt, or .pem (for example, certname.cert).
2 Paste the text from the certificate you received, starting with "----BEGIN CERTIFICATE----" and ending with "----END CERTIFICATE----", into the document.
3 Type password: yourpassword below the certificate text, where yourpassword is the password you chose when you created the certificate request.
4 Paste the RSA private key text from the text file you saved earlier, starting with "-----BEGIN RSA PRIVATE KEY-----" and ending with "-----END RSA PRIVATE KEY-----", below the password text.
When completed, your certificate document should look something like this:
-----BEGIN CERTIFICATE-----
MIIDLD ... Cji7WnsTzuXX
-----END CERTIFICATE-----
password: pw4sitecertficate
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBA ... VhP/PxFg
-----END RSA PRIVATE KEY-----
If you are issued an intermediate certificate
Some certificate authorities issue intermediate certificates. If you receive an intermediate certificate you must place it in a separate document at the same time that you complete your server certificate document, and reference it in your server certificate document. To do this:
1 Create and save a separate document in the SSL Certificates folder.
Give it a meaningful name, starting with ca. and ending with .cert, .crt, or .pem.
2 Copy the intermediate certificate you received from the certificate authority into the new document.
3 Open your site (or server) certificate document.
4 Type cacertificate: ca.yourcertificatename below the password text, where yourcertificatename is the name of the document in which you saved the intermediate certificate.
Your site certificate document should now look something like this:
-----BEGIN CERTIFICATE-----
MIIDLD ... Cji7WnsTzuXX
-----END CERTIFICATE-----
password: pw4sitecertficate
cacertificate: ca.intermediatecert.cert
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBA ... VhP/PxFg
-----END RSA PRIVATE KEY-----
Activating SSL certificates
After you've downloaded your SSL certificate and created your certificate document in Internet Services/SSL Certificates, you need to set the status of the certificate to activate it.
To do this:
1 Fill in the SSL information and set the status as directed on the following forms:
NoteIf you are running clustered services on your system, configure the forms for each cluster.
2 Restart Internet Services.
You should now see the line "Initialized 1 HTTPS listeners" on your Internet Services console.
NoteWhen you enable HTTPS, extended server-side include (XSSI) variables that describe the connection become available (are set) and can be used in XSSI scripts. Internet Services supports all industry standard XSSI variables, with the exception of SSL_VERSION_INTERFACE. Advanced information about the variables used in Internet Services can be found on FCOL at Conferences/Peer to Peer Support/FirstClass Webmasters/FAQs.
| ||||||||||||||||