What is SSL
certificates,How HTTPS works,How to generate CSR and eventually
installing an SSL certificate . The Secure Socket Layer was created by
netscape to ensure secure transactions between web servers and
browsers,mail servers and mail client
HTTPS or Hypertext Transfer Protocol Secure indicates that the website has been authenticated by a third party Certification Authority (CA).HTTPS is a visual indication that information is being exchanged for the session in a more secure way.HTTPS appears in the URL when a website is secured by an SSL certificate.The details of the certificate, including the issuing authority and the corporate name of the website owner, can be viewed by clicking on either the lock symbol on the browser bar.
Self Signed and Signed SSL Certificates
Whether you get your certificate signed by a certificate authority or sign it yourself, there is one thing that is exactly the same on both.The data sent over an https connection will be encrypted regardless of whether the certificate is signed or self-signed.In other words, both types of certificates will encrypt the data to create a secure website.A certificate authority tells your customers that this server information has been verified by a trusted source.he problem with using a self-signed certificate is that nearly every Web browser checks that an https connection is signed by a recognized CA. If the connection is self-signed, this will be flagged as potentially risky and error messages will pop up encouraging your customers to not trust the site.Since they provide the same protection, you can use a self-signed cerificate anywhere you would use a signed certificate.Self-signed certificates are great for testing servers.If you're creating a website that you need to test over an https connection, you don't have to pay for a signed certificate for that testing site.If You're Doing Ecommerce You Need a Signed Certificate.
HTTPS or Hypertext Transfer Protocol Secure indicates that the website has been authenticated by a third party Certification Authority (CA).HTTPS is a visual indication that information is being exchanged for the session in a more secure way.HTTPS appears in the URL when a website is secured by an SSL certificate.The details of the certificate, including the issuing authority and the corporate name of the website owner, can be viewed by clicking on either the lock symbol on the browser bar.
How SSL Works
- A browser attempts to connect to a website secured with SSL.
- The browser requests that the web server identify itself.
- The server sends the browser a copy of its SSL Certificate.
- The browser checks whether it trusts the SSL Certificate. If so, it sends a message to the server.
- The server sends back a digitally signed acknowledgement to start an SSL encrypted session.
- Encrypted data is shared between the browser.
Why do we need SSL
If you are transmitting sensitive information on a web site, such as credit card numbers or personal information, you need to secure it with SSL encryption.With booming Internet trends and fraud, most will not submit their private details on the web unless they know that the information they provide is securely transmitted and not accessible for anyone to view.Self Signed and Signed SSL Certificates
Whether you get your certificate signed by a certificate authority or sign it yourself, there is one thing that is exactly the same on both.The data sent over an https connection will be encrypted regardless of whether the certificate is signed or self-signed.In other words, both types of certificates will encrypt the data to create a secure website.A certificate authority tells your customers that this server information has been verified by a trusted source.he problem with using a self-signed certificate is that nearly every Web browser checks that an https connection is signed by a recognized CA. If the connection is self-signed, this will be flagged as potentially risky and error messages will pop up encouraging your customers to not trust the site.Since they provide the same protection, you can use a self-signed cerificate anywhere you would use a signed certificate.Self-signed certificates are great for testing servers.If you're creating a website that you need to test over an https connection, you don't have to pay for a signed certificate for that testing site.If You're Doing Ecommerce You Need a Signed Certificate.
What is Certificate Authority
A certificate authority
is an entity which issues digital certificates to organizations or
people after validating them.Certification authorities have to keep
detailed records of what has been
issued and the information used to issue it, and are audited regularly
to make sure that they are following defined procedures.For example
Versign,GoDaddy,GlobalSign.
Process involved in buying SSL certificate
- Generate a Certificate Signing Request (CSR) for the web server you plan to secure
- Contact any of CA(Versign,GoDaddy,GlobalSign,Thawte)
- Choose your Type of SSL Certificate and Buy
- Apply the certificates on your web server.
Generate a CSR with OpenSSL
To install a digital certificate, you must first generate and submit a
Certificate Signing Request (CSR) to the Certification Authority (CA).The CSR contains your certificate-application information.
Install Open-SSL on your
server,this is a common package and will be available on all of the
major distros through their package installer.
Step 1: Generate Private key :
openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
.+++
........................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:abcde
Verifying - Enter pass phrase for server.key:abcde
.+++
........................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:abcde
Verifying - Enter pass phrase for server.key:abcde
Step 2: Generate a CSR : openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:xyz
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:abc
State or Province Name (full name) []:abc
Locality Name (eg, city) [Default City]:abc
Organization Name (eg, company) [Default Company Ltd]:abc
Organizational Unit Name (eg, section) []:abc
Common Name (eg, your name or your server's hostname) []:*.abc.com or abc.com [actual domain name for that you need to buy ssl]
Email Address []:abc@xyz.com
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:abc
State or Province Name (full name) []:abc
Locality Name (eg, city) [Default City]:abc
Organization Name (eg, company) [Default Company Ltd]:abc
Organizational Unit Name (eg, section) []:abc
Common Name (eg, your name or your server's hostname) []:*.abc.com or abc.com [actual domain name for that you need to buy ssl]
Email Address []:abc@xyz.com
Please enter the following 'extra' attributes
to be sent with your certificate request
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:password
An optional company name []:abc org
After the verification of SSL from Service Provider, download the certificate and intermediate certificate.
Now you can upload this ssl and server.key file to ELB to enable SSL.
While uploading if you face any error like "Invalid Private Key", than convert the private key file to equivalent .pem file
openssl rsa -in server.key -outform PEM -out server.key.pem
Than try again.
to be sent with your certificate request
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:password
An optional company name []:abc org
After the verification of SSL from Service Provider, download the certificate and intermediate certificate.
Now you can upload this ssl and server.key file to ELB to enable SSL.
While uploading if you face any error like "Invalid Private Key", than convert the private key file to equivalent .pem file
openssl rsa -in server.key -outform PEM -out server.key.pem
Than try again.
No comments:
Post a Comment