Quick Links: Home > Articles > ...
Secure Server Certificates
by:
AY Software Corporation
A Secure
Server is a must for anyone who has an online
business. . Why do you need a Secure Server?
What is a Secure Server and how does it work? How
do you get a Secure Server working? Do you need
special technical knowledge to operate a Secure
Server? How much does a Secure Server cost?
Hopefully, this article will answer all of these
questions.
How Does a
Secure Server Work?
All information
on the Internet is transferred through open
channels. For example, if you are in US and
browse a site in Australia, the information goes
through many servers located all over the world.
Anyone who has access to any of these servers can
steal the information. But what if you want to
transfer information that must not be observed by
other parties. Your only solution is to
encrypt(scramble) the information in such away
that no one else can understand what is there.
Secure Servers encrypt the information you
transmit through the Internet.
A Secure
Server is a Web Server application that ensures
secure information transfer between a Web Server
and a Web Browser. The encryption is done
with a protocol called SSL (Secure Socked Layer).
When you connect to a Secure Server with your
Browser, the Server and the Browser use Secure
Socked Layer to tell each other how to encrypt
the information. Then they can securely exchange
the information. For example, you can send credit
card information to a Secure Server, and no one
will know what kind of information you sent.
So, the first
task that a Secure Server does for you is encrypt
your information. However, a Secure Server
does much more. The most important task a
Secure Server performs is to identify itself to
the browser. It identifies itself by presenting a
digital certificate to browsers who request a
secure connection. The certificate works for a
secure server the same way as a driver license
works for you, except that it is much more
difficult to fake.
Certificates are
issued by Certification Authorities. Very
few companies in the world can issue
certificates. Actually, certificates are
generated by the Web server software, but they
will not work until a certification authority
signs the certificate. They do so with a digital
signature, which work the same as hand signature.
Before signing the certificate, the certification
authority makes sure that the organization that
submitted the signing request is the Secure
Server's owner. The certification authority
receives a fee for this job.
Any
security-enabled web browser has samples
signatures by all of the Certification
Authorities. When a browser connects to a Secure
Server, it verifies that the signature on the
Secure Server Certificate belongs to one of the
Certification Authorities. If this fails, then a
secure connection cannot be established.
All of the above
happens absolutely transparently for the person
browsing the site. Their browser just tells them
that the secure connection was established and
then shows the page. The most important thing
from an Internet merchant's perspective, is that
this gives your customer more confidence, and
convinces them that their order information will
be transferred to you safely and securely.
What Do You
Need?
To run your own
secure server you need two things - Secure Server
software and a Secure Server certificate.
You do not need
the Secure Server software unless you have your
own Internet server. Most Internet Service
Providers (ISP) have all the necessary software
that you need, and since it costs them nothing,
they will usually provide it to you.
You may also
need your own Secure Server certificate; however,
before you request an expensive certificate from
Certification Authority, first see if you can
reuse somebody else's certificate. Chances are
your ISP already has a Secure Server certificate.
If so, you can use their certificate. If your ISP
does not have a certificate, you can find other
ISPs that will handle your secure pages. Your
secure pages do not have to be hosted with the
same ISP as your main site.
If you use your
own domain, then your ISP's certificate will not
work for you. But, if you have a domain of
www.your-company.com and host it with ISP whose
domain is www.your-isp.com, then you can host
your order form as
https://www.your-company.com/order.html. However,
since the certificate was issued for
www.your-isp.com, your customers will get a
warning message every time they access the page.
For example, in Netscape Navigator the message
will look like:
The certificate
that site 'www.your-company.com' has presented
does not contain the correct site name. It is
possible, though unlikely, that someone may be
trying intercept your communication with this
site. If you suspect the certificate shown below
does not belong to the site you are connecting
with, please cancel the connection and notify the
site administrator.
This can easily
turn away potential customers. You can use your
ISP's domain and have the order page as
http://www.your-isp.com/~your-company/order.html.
If you think
that your own domain will work better for you
(and I believe this is true), you can request
your own certificate. There are currently two
Certificate Authorities that you can use.
- GeoTrust - QuickSSL
solution, 10-minute setup, $119 per year
- EquiFax - Secure
certificates for $99 per year
- VeriSign - Secure Server
Certificates for $349 per year
- Thawte - Secure Server
Certificates for $125 per year
- Baltimore - 128-bit secure
SSL certificates for $349 per year
Related
Articles
|
