What is SSL?
The Secure Socket Layer protocol was created by Netscape to ensure secure transactions between your web server and your visitors' web browser allowing for private information to be transmitted without the problems of eavesdropping, data tampering, or message forgery.
The protocol uses a third party, a Certificate Authority (CA), to identify one end or both end of the transactions.
What is Certificate Authority?
A certificate authority or certification authority (CA) is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key by the named subject of the certificate.
Certificate Authorities (CAs) are organizations that are used as Trusted Third Parties, that is, an independent party, which both sides of a transaction (client and server) trust.
To enable SSL on a website, you will need to get an SSL Certificate that identifies you and install it on the server. The use of an SSL certificate on a website is usually indicated by a padlock icon in web browsers but it can also be indicated by a green address bar. Once you have done the SSL install, you can access a site securely by changing the URL from http:// to https://. When an SSL certificate is installed on a website, you can be sure that the information you enter (contact or credit card information), is secured and only seen by the organization that owns the website.
To implement SSL CA
You have the following two choices:
1. To purchase a certificate
2. To use a self-signed certificate
SelfSSL version 1.0 is a command-line executable tool that you can use to generate and install a self-signed Secure Sockets Layer (SSL) certificate for Internet Information Services (IIS) 6.0. This allows programmers to test the HTTPS protocol for development purposes without having to go through the effort of getting a certificate signed by a trusted authority.
SelfSSL generates a self-signed certificate that does not originate from a commonly trusted source,
Use this tool only to create a secure private channel between your server and a limited user group, such as exists in a software test environment.
System Requirements
SelfSSL is compatible with IIS 6.0 running on the Microsoft® Windows® Server 2003 operating system.
Installing SelfSSL
To install SelfSSL download the IIS 6.0 Resource Kit Tools.
SelfSSL Parameters
/T
Adds the self-signed certificate to the "Trusted Certificates" list. The local browser trusts the self-signed certificate only if this parameter has been specified.
/N:cn
Specifies the common name of the certificate. The computer name is used if you do not specify a common name.
/K:keylength
Specifies the certificate key length. The default is 1024.
/V:duration-of-validity
Specifies the duration for which the certificate is valid. The default is 7 days.
/S:site-id
Specifies the site ID of the SSL-protected site. The default is 1 for the default Web site.
/P:port
Specifies the SSL port. The default is 443.
/Q
Specifies Quiet mode. In Quiet mode, any existent settings for the site are overwritten silently.
Example:
selfssl.exe /T /N:CN=domainname /K:1024 /V:7 /S:I /P:443
selfssl.exe /T /N:CN=domainname /K:1024 /V:7 /S:I /P:443
No comments:
Post a Comment