SSL
(Secured Socket Layer)

  

ssl.gif (2857 bytes)

 

What is SSL?

SSL (Secured Socket Layer), is used for sending and receiving sensitive information such as Credit Card information across the World Wide Web. It ensures encrypted/secure communications between the client and receiving server. The SSL protocol supports the use of a variety of different cryptographic algorithms, or ciphers, and most of which provide 40, 56, or 128 bit encryption security.

Key-exchange algorithms like KEA and RSA key exchange govern the way in which the server and client determine the symmetric keys they will both use during an SSL session. The most commonly used SSL cipher suites use "RSA" key exchange, which many of you have probably seen displayed on numerous websites, and next to a provider called "Thawte", who issues the SSL Server Certificates. A certificate is used to officially identify you as a legitimate SSL enabled website, and displays your name as the certified holder when visitors check it.

When to use SSL:

SSL is not generally, nor should it be used for all pages on a website. SSL is most commonly used for the sending and receiving of sensitive information such as credit cards, membership ID's, or customer billing information access. SSL need only be used on the "particular" page where the secure activity is taking place.  ALWAYS use SSL when asking for credit card information. If visitors do not observe the https// appearing on the form URL, and the "SSL Symbol", does not illuminate in their browser, they won't be doing a whole lot of business with you. No one wants his or her credit card information intercepted and stolen as the result of a site not using SSL encryption!

SSL Usage:

There are two different ways of using SSL. The two are essentially the same, however one will display "VOSN" as the certificate holder, and the other, (which you must purchase) displays "your company" as the certificate holder. Essentially, when visitors click on an SSL enabled page, they receive a message that displays information about the owner of the SSL certificate. In most cases, e-commerce based websites would prefer to have 'their' name appear as the holder because it maintains a professional appearance. Alternatively, and if it matters not, you could simply use our default SSL server, however visitors will see "VOSN" as the owner of the certificate. We'll explain how to obtain your own certificate later in this document.


Calling a page via SSL:

All of our web hosting packages are SSL enabled. Use of our "default" SSL system is included in your account package. Each server has an individual secure certificate installed. An example to call a page using SSL, simply enter https://secure13.vosn.net/~USERNAME/anypage.html, and a prompt may appear, which states "Security Alert." (Security Alert display is set within your own individual browser, so may not always display). It also provides information on whether the certificate is valid or not, as well as ability to view the "certificate's ownership information." When you click "Yes" to proceed, the page will appear, and you'll also observe a "Small Lock" symbol appearing in the bottom of your browser (left for Netscape, right for Internet Explorer). This is to verify that you are now officially in SSL secure transaction mode. At this point, any information sent or received from this page is encrypted between you and our server.


Obtaining your own SSL certificate:

Note: Please make sure the package you are on includes having your own SSL in the features.

You can go directly to the Thawte website (http://www.thawte.com), or for a small fee, have our tech support set it up for you. Setting up your own SSL certificate can be can be a little tricky for those new to website administration. If you'd prefer to have us look after these technical details, send us your request. To ensure your request will be processed as quickly as possible, please include the following information:

1) The URL for the certificate:

This would be the URL you want secured, i.e. www.yourdomain.com or secure.yourdomain.com. As you can see, you have the option of simply enabling the certificate throughout your global domain, or perhaps you're planning to place your e-commerce pages into a "dedicated area" of your site. In this case, you may want to have your secure payment form appear under a URL such as secure.yourdomain.com, or something else of your liking.


2) Company Name:

3) Company Division: (if this is not part of a company division, we'll default it to your "Administration name."

4) Contact Name: (a contact name with the company)

5) E-mail: (an email address, generally for the above contact name)

6) Company Address:

7) Phone Number:

- In addition to this information, we need:

- A copy of the Assumed Business Name and/or Corporate Registration papers. We ask that you fax this information to us at 7755219025. These "must" match your domain registrations (whois) to avoid delays. We in turn fax that to Thawte when we submit the certification request.

Because the legitimacy of any company seeking their own SSL certificate must be 100% verified, it can take Thawte anywhere from 1 day to 2 weeks to issue the certificate. All the more reason why you'll want to make sure the information you submit is 100% accurate, otherwise this could result in an unnecessary delays.