SSL (Secure Socket Layer) is used to transfer data between web server machine and client machine as encrypted data stream. SSL enabled websites should operated only on HTTPS protocol. These websites we called as HTTPS enabled or secured website. To implement SSL on our website we need to take security certificate from trusted third party organization. Verisign, COMODO, Thawte, Equifax, Go Daddy, Entrust and GeoTrust are leading SSL secure certificate providers. It is needed to select the correct secure certificate for your purpose and budget. You can concentrate on following while you are selecting a security certificate.
- Your budget
- Your purpose whether you need very high security or medium security
- Web server using
- Operating system that the web server is running
- Encryption algorithm
- Private Key size (normally 1024/2048)
- Warranty that they provided
Once you decided from which provider you are purchasing a certificate you need to follow few steps to complete the installation of certificate in the web server.
Before you install SSL security certificate you need to buy a commercial certificate or get a free test certificate. Free test certificates are only for testing purposes only and they are not allowed to use for commercial purposes. Before purchase or download test certificate you need to generate CSR (Certificate Server Request) from your web server. This request is contained all the necessary details to process a security certificate for your server. Please keep in mind that this certificate server request should generated only from the machine that your are going to install the certificate.
Open IIS Manager (Internet Information Services Manager) by browsing from Control Panel or run "inetmgr" command. Select the server name from left side pane. Double click on "Server Certificates" icon.
Fig 1: Server Certificate Icon
In "Actions" pane you will see few options such as Import, Create Certificate Request, Complete Certificate Request, Create Domain Certificates and Create Self-Signed Certificates.
If you have already installed security certificates are there it will down in server certificates list. To create new certificate server request click on "Create Certificate Request" link. It will open "Request Certificate" window.
Fig 3: Request Certificate window
Next step is to purchase your commercial certificate or download test certificate. Go to the site official web site of the security certificate provider you have been selected. Complete the security certificate apply forms and when it asks for CSR (Certificate Server Request) you should copy the content of CSR file you generated in step 1. When you are coping the content of this file, open that file only using plain text editors like notepad. Never use rich text editors like Ms-Word since it might add some additional characters. If everything success complete the certification application process and you will end up with the certificate generated for you by the certification authority. Final step is to install the purchased or downloaded certificate in your web server.
From step 2 you will get a certificate file which is having extension as ".cer". Once you have this certificate file click "Complete Certificate Request" link in Actions pane. In "Complete Certificate Request" window browse your certificate and provide friendly name for easily identify the certificate among other installed security certificate in the server. Complete this window and you will get successfully installed your security certificate in your server.
Once you successfully installed security certificate in your web server next step is to bind the certificate with your particular web site. In one server there might have more than one certificates installed. You should specifically set which certificate should use by your web site. For that in IIS Manager select your particular web site and click on "Bindings" link in Actions pane. By default you will have only HTTP binding for a web site. You should add HTTPS binding and specify which security certificate or SSL certificate to use from the certificate drop down list.
If everything done you have successfully setup your HTTPS enables or Secured web site. Now browse your web site from your browser and see the progress of your work. Please make sure that you are typing "https://
What is SSL?
SSL stands for Secure Socket Layer. It uses HTTPS (Hypertext Transfer Protocol Secure) protocol instead of general HTTP protocol. HTTPS is a combination of the Hypertext Transfer Protocol and a network security protocol.
HTTP operates at the highest layer of the TCP/IP Internet reference model, the Application layer; but the security protocol operates at a lower sublayer, encrypting an HTTP message prior to transmission and decrypting a message upon arrival.
HTTPS has also been known as "Hypertext Transfer Protocol over Secure Socket Layer", but now HTTPS may be secured by the Transport Layer Security (TLS) instead of Secure Sockets Layer (SSL) protocol.
To invoke HTTPS, one replaces "http://" with "https://" in the URI, or Web address.
HTTPS connections are often used for payment transactions on the Web and for sensitive transactions in corporate information systems.