Download SSL Certification Information

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
Document related concepts
no text concepts found
Transcript 
PestPac and SSL Secure Web Sites
Jason Kochel, CTO
January 2012
About SSL Certificates
• A web site is secured via a “Secure Sockets Layer (SSL) certificate”
• An SSL certificate provides:
– Encryption: Data transmitted between the web browser and web
server cannot be decoded by hackers or eavesdroppers
– Identity: When a visitor arrives at your site, they can view the SSL
certificate to see that the site really does belong to your company
• An SSL certificate is issued by a Trusted Certificate Authority (CA)
– Your web browser has a list of CAs that it trusts
• Examples: Network Solutions, VeriSign, Thawte, GoDaddy
– If the browser does not trust the issuer of your certificate, visitors will
get a warning that the site may be unsafe
Do I need an SSL Certificate?
• If a site is internal to your network or only for the use of your
employees, you do not need an SSL certificate
• If a site is visible to the public, and you are asking the visitor for
sensitive information (a password, a credit card), your visitors will
be more confident in your site if it is secured
• All credit card related data exchange in PestPac and all PestPac
Modules is already secure
– Entry of credit card numbers is done directly to Element Payment
Services’ secure Hosted Payments server
– Credit card numbers are never visible once entered (in fact, they are
not stored in PestPac at all)
• However, customers may still be uncomfortable trusting your site if
it doesn’t have its own SSL certificate
About SSL Issuance
• An SSL certificate is purchased for a distinct URL
– e.g. payonline.mycompany.com
– If you wish to secure many URLs within the same domain, you can buy
a “wildcard certificate” (e.g. *.mycompany.com)
• The issuer must verify your identity
– The company name and address you provide when you buy the
certificate must match the domain registration
• Use “WHOIS” to view the name and address on the domain registration
– You must demonstrate that you have administrative access to the
domain
– Exact procedures vary by issuer
– An Extended Validation certificate has more stringent requirements
Technical Requirements
• You can only run one secured site per IP address
– You can, however, run one secured site and one non-secured site on
the same IP address
• If you want to run multiple secured sites, you must check with your
Internet Service Provider to see if you have (or can acquire) multiple
external IP addresses
• MDS can help you purchase SSL certificates and configure your
server to host multiple web sites
• MDS cannot help make those sites visible to outside visitors. You
will need an IT professional to:
– Configure your internet connection to allow outside visitors to connect
to your web sites. * See: router, firewall, port forwarding
– Associate public URLs with your web sites. * See: DNS
* See “Running Multiple PestPac Web Sites” presentation for more information
Frequently Asked Questions
• “I am using PestPac, Customer Account Access [or Portal], and
Dashboard [or other modules]. How many SSL certificates do I
need?”
– Generally, you only need a certificate for customer-facing web sites,
such as Customer Account Access and Customer Portal.
– You can secure private-use web sites (such as PestPac and Dashboard)
if you are concerned about the security of the computers and networks
being used to access them.
• “Can I buy an SSL certificate on my own, or do I have to go through
MDS?”
– If you host your own server, you may buy and install your own
certificates.
– If you use PestPac Online, you may buy your own certificates. But we
must provide you with the proper Certificate Signing Request (CSR) file,
and we must install the certificate once it is issued.
Related documents
Association for Molecular Pathology Certificate of
Association for Molecular Pathology Certificate of
Webinar - Association for Molecular Pathology
Webinar - Association for Molecular Pathology
Association for Molecular Pathology Certificate of Attendance
Association for Molecular Pathology Certificate of Attendance
Networking Support Certificate C25340B
Networking Support Certificate C25340B
Social Media Marketing Certificate
Social Media Marketing Certificate
Britestream Applied: Check Point NGX Web Intelligence Accelerator
Britestream Applied: Check Point NGX Web Intelligence Accelerator
Security Aspects of Internet Related Software Engineering
Security Aspects of Internet Related Software Engineering
ppt - of Manish Mehta
ppt - of Manish Mehta
Document
Document
Natural Resource Conservation and Management
Natural Resource Conservation and Management
Security Without End Always-on SSL Protects Users with Persistent
Security Without End Always-on SSL Protects Users with Persistent
Panel: Security and the World Wide Web
Panel: Security and the World Wide Web
MEDICAL DEVICES SECTOR
MEDICAL DEVICES SECTOR
Natural Language Processing Graduate Level Academic Credit
Natural Language Processing Graduate Level Academic Credit
Associate of Science in Computer Information Technology Program
Associate of Science in Computer Information Technology Program
security
security
Brochure - Integrated Technology
Brochure - Integrated Technology