|
For more additional information contact HitSites Support at
support@hitsites.net
SSL (Secure Sockets Layer protocol) is a standard for
transmitting confidential data such as credit card numbers over
the Internet. Most true business sites support this feature which
allows increased security in data transmitted over the WWW. This is the
standard minimum safe security level for true business on the
Internet. SSL works by using a private key to encrypt data that is
transferred over the SSL connection. To read more about what is
SSL and how it works, go to
http://www.modssl.org/docs/2.8/index.html
SSL requires dedicated IP, as name-based hosting does not
support data encryption in HTTP requests. To enable SSL, go to the
Web Service page and click the ON/OFF button in the SSL Support
field.
There are three options in configuring your SSL support:
Using the key and certificate you already have
If you are migrating from a different provider and already have
an SSL private key and certificate, just enter them into the boxes
that appear:
Creating a temporary certificate
The only difference between the temporary and permanent
certificates is that the first is not generated by trusted
Certificate Authorities. Thus, when users enter your site they
will get the "unknown certification authority" warning window.
To
generate a new temporary SSL private key and certificate, click
the link at the top of the form.
In
the next window, confirm your data by clicking the Submit button.
These data are required to generate the certificate. Don't make
changes to the data if you are not confident about the purpose of
these changes:
After you have submitted the form, the following is generated:
-
SSL Certificate Signing request. It includes your details you
submitted on the previous step. Use this request if you want to
get a permanent SSL certificate from a trusted Certificate
Authority, such as Thawte
and VeriSign (see
below).
-
SSL Server Private Key. This is the secret key to decrypt
messages from your visitors. It must be stored in a secure place
where it is inaccessible to others.
-
Temporary SSL Certificate. It validates your identity and
confirms the public key to assure the visitors that they are
communicating with your server, not any other party.
When you press the Submit Query button, your site will become
secured with your temporary SSL pair.
Acquiring a permanent certificate
To obtain a permanent certificate, you first need to generate a
certificate signing request. It includes your details and is
generated as you create a temporary SSL certificate (see
above). Copy this signing
request so you can use it later.
As
the next step, go to Thawte,
VeriSign or any other
Certificate Authority and select to obtain a new certificate. When
requested, enter the signing request you have saved.
After the permanent SSL Certificate has been generated, save it to
a secure location. Then go to the Web Services page and click the
Edit icon in the SSL field. Enter the certificate into the upper
box of the form that opens:
Then click upload. Your transactions are now secured.
|
