Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
PestPac and SSL Secure Web Sites Jason Kochel, CTO January 2012 About SSL Certificates • A web site is secured via a “Secure Sockets Layer (SSL) certificate” • An SSL certificate provides: – Encryption: Data transmitted between the web browser and web server cannot be decoded by hackers or eavesdroppers – Identity: When a visitor arrives at your site, they can view the SSL certificate to see that the site really does belong to your company • An SSL certificate is issued by a Trusted Certificate Authority (CA) – Your web browser has a list of CAs that it trusts • Examples: Network Solutions, VeriSign, Thawte, GoDaddy – If the browser does not trust the issuer of your certificate, visitors will get a warning that the site may be unsafe Do I need an SSL Certificate? • If a site is internal to your network or only for the use of your employees, you do not need an SSL certificate • If a site is visible to the public, and you are asking the visitor for sensitive information (a password, a credit card), your visitors will be more confident in your site if it is secured • All credit card related data exchange in PestPac and all PestPac Modules is already secure – Entry of credit card numbers is done directly to Element Payment Services’ secure Hosted Payments server – Credit card numbers are never visible once entered (in fact, they are not stored in PestPac at all) • However, customers may still be uncomfortable trusting your site if it doesn’t have its own SSL certificate About SSL Issuance • An SSL certificate is purchased for a distinct URL – e.g. payonline.mycompany.com – If you wish to secure many URLs within the same domain, you can buy a “wildcard certificate” (e.g. *.mycompany.com) • The issuer must verify your identity – The company name and address you provide when you buy the certificate must match the domain registration • Use “WHOIS” to view the name and address on the domain registration – You must demonstrate that you have administrative access to the domain – Exact procedures vary by issuer – An Extended Validation certificate has more stringent requirements Technical Requirements • You can only run one secured site per IP address – You can, however, run one secured site and one non-secured site on the same IP address • If you want to run multiple secured sites, you must check with your Internet Service Provider to see if you have (or can acquire) multiple external IP addresses • MDS can help you purchase SSL certificates and configure your server to host multiple web sites • MDS cannot help make those sites visible to outside visitors. You will need an IT professional to: – Configure your internet connection to allow outside visitors to connect to your web sites. * See: router, firewall, port forwarding – Associate public URLs with your web sites. * See: DNS * See “Running Multiple PestPac Web Sites” presentation for more information Frequently Asked Questions • “I am using PestPac, Customer Account Access [or Portal], and Dashboard [or other modules]. How many SSL certificates do I need?” – Generally, you only need a certificate for customer-facing web sites, such as Customer Account Access and Customer Portal. – You can secure private-use web sites (such as PestPac and Dashboard) if you are concerned about the security of the computers and networks being used to access them. • “Can I buy an SSL certificate on my own, or do I have to go through MDS?” – If you host your own server, you may buy and install your own certificates. – If you use PestPac Online, you may buy your own certificates. But we must provide you with the proper Certificate Signing Request (CSR) file, and we must install the certificate once it is issued.