How To Setup HTTPS Enabled Web Site

HTTP (Hypertext Transfer Protocol) is the normal web protocol that define how to browse a web site's content using its domain name. In HTTP data transmission between client machine and web server machine as means of plain text streams. Any person in between client machine and web server machine can read these information transfer through. If the data transmission should be secured and only authorized persons should be readable then it is needed to follow few steps further. There are several ways that can implement security for a website such as introduction of authorization/authentication methods, SSL (Secure Socket Layer), VPN (Virtual Private Network) etc. These methods have pros and cons with regards to the charasteristics. By implementing these techniques together we would be able to secure the site's contents further.

SSL (Secure Socket Layer) is used to transfer data between web server machine and client machine as encrypted data stream. SSL enabled websites should operated only on HTTPS protocol. These websites we called as HTTPS enabled or secured website. To implement SSL on our website we need to take security certificate from trusted third party organization. Verisign, COMODO, Thawte, Equifax, Go Daddy, Entrust and GeoTrust are leading SSL secure certificate providers. It is needed to select the correct secure certificate for your purpose and budget. You can concentrate on following while you are selecting a security certificate.
  1. Your budget
  2. Your purpose whether you need very high security or medium security
  3. Web server using
  4. Operating system that the web server is running
  5. Encryption algorithm
  6. Private Key size (normally 1024/2048)
  7. Warranty that they provided

Once you decided from which provider you are purchasing a certificate you need to follow few steps to complete the installation of certificate in the web server.

Step 1:

Before you install SSL security certificate you need to buy a commercial certificate or get a free test certificate. Free test certificates are only for testing purposes only and they are not allowed to use for commercial purposes. Before purchase or download test certificate you need to generate CSR (Certificate Server Request) from your web server. This request is contained all the necessary details to process a security certificate for your server. Please keep in mind that this certificate server request should generated only from the machine that your are going to install the certificate.

Open IIS Manager (Internet Information Services Manager) by browsing from Control Panel or run "inetmgr" command. Select the server name from left side pane. Double click on "Server Certificates" icon.


Fig 1: Server Certificate Icon


In "Actions" pane you will see few options such as Import, Create Certificate Request, Complete Certificate Request, Create Domain Certificates and Create Self-Signed Certificates.

Fig 2: Server Certificates window

If you have already installed security certificates are there it will down in server certificates list. To create new certificate server request click on "Create Certificate Request" link. It will open "Request Certificate" window.

Fig 3: Request Certificate window

Fill all the required details as of your domain and complete the form. At the end of the window it will asked a location to save your certification request. You can give any name for this file. Keep this file till you purchase your security certificate since it will ask the content of this file for certificate generation process.

Step 2:

Next step is to purchase your commercial certificate or download test certificate. Go to the site official web site of the security certificate provider you have been selected. Complete the security certificate apply forms and when it asks for CSR (Certificate Server Request) you should copy the content of CSR file you generated in step 1. When you are coping the content of this file, open that file only using plain text editors like notepad. Never use rich text editors like Ms-Word since it might add some additional characters. If everything success complete the certification application process and you will end up with the certificate generated for you by the certification authority. Final step is to install the purchased or downloaded certificate in your web server.

Step 3:
Fig 4: Complete Certificate Request window

From step 2 you will get a certificate file which is having extension as ".cer". Once you have this certificate file click "Complete Certificate Request" link in Actions pane. In "Complete Certificate Request" window browse your certificate and provide friendly name for easily identify the certificate among other installed security certificate in the server. Complete this window and you will get successfully installed your security certificate in your server.

Step 4:

Once you successfully installed security certificate in your web server next step is to bind the certificate with your particular web site. In one server there might have more than one certificates installed. You should specifically set which certificate should use by your web site. For that in IIS Manager select your particular web site and click on "Bindings" link in Actions pane. By default you will have only HTTP binding for a web site. You should add HTTPS binding and specify which security certificate or SSL certificate to use from the certificate drop down list.

If everything done you have successfully setup your HTTPS enables or Secured web site. Now browse your web site from your browser and see the progress of your work. Please make sure that you are typing "https://" not "http".

What is SSL?

SSL stands for Secure Socket Layer. It uses HTTPS (Hypertext Transfer Protocol Secure) protocol instead of general HTTP protocol. HTTPS is a combination of the Hypertext Transfer Protocol and a network security protocol.

HTTP operates at the highest layer of the TCP/IP Internet reference model, the Application layer; but the security protocol operates at a lower sublayer, encrypting an HTTP message prior to transmission and decrypting a message upon arrival.

HTTPS has also been known as "Hypertext Transfer Protocol over Secure Socket Layer", but now HTTPS may be secured by the Transport Layer Security (TLS) instead of Secure Sockets Layer (SSL) protocol.

To invoke HTTPS, one replaces "http://" with "https://" in the URI, or Web address.

HTTPS connections are often used for payment transactions on the Web and for sensitive transactions in corporate information systems.

1 comment:

  1. I've been involved in securing one of ur companys sites through the use of certification through a SSL Certificate Providers such as SSL247. But this is one of the simplest and jargon-free manuals I've come across. Thanks for sharing!

    ReplyDelete

LinkWithin

Related Posts with Thumbnails

Twitter Updates

    follow me on Twitter