SSL.com Knowledge Base

How do I install more than one Comodo CA bundle file (roots) on an Apache set up?

Administrator — Wed, 31 May 2006 07:59:38 GMT

Abstract:

Installing your Certificate on Apache Mod_SSL / OpenSSL
Step one: Copy your certificate to file
You will receive an email from Comodo with the certificate in the email (yourdomainname.crt). When viewed in a text editor, your certificate will look something like:
-----BEGIN CERTIFICATE-----
MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCAmowggHXAhAFUbM77e50M63v1Z2A/5O5MA0GCSqGSIb3DQEOBAUAMF8xCzAJBgNVBAYTAlVTMSAw(.......)E+cFEpf0WForA+eRP6XraWw8rTN8102zGrcJgg4P6XVS4l39+l5aCEGGbauLP5W6K99c42ku3QrlX2+KeDi+xBG2cEIsdSiXeQS/16S36ITclu4AADEAAAAAAAAA-----END CERTIFICATE-----
 Copy your Certificate into the directory that you will be using to hold your certificates. In this example we will use /etc/ssl/crt/. Both the public and private key files will already be in this directory. The private key used in the example will be labeled private.key and the public key will be yourdomainname.crt. It is recommended that you make the directory that contains the private key file only readable by root. 
Step two: Install the Intermediate Certificate
You will need to install the Intermediate CA certificates in order for browsers to trust your certificate. The Intermediate CA certificates are contained within the ca-bundle file that was attached to your email in the zip file (for this article renamed to SERVERNAME.ca-bundle). See the attachments section of this article if you do not have this file.  In the relevant Virtual Host section for your site, you will need to complete the following in get this file correctly reference: 

Copy the SERVERNAME.ca-bundle file to the same directory as certificate and key files.

Add the following line to the SSL section of the h

What port is recommended to use SSL over?

Administrator — Tue, 30 May 2006 18:02:42 GMT

Abstract: For maximum compatibility between SSL points, port 443 is the standard, thus recommended, port used for secured SSL communications. However, any port can be used.

After I purchase and install the SSL certificate do I need to put my files (jsp, html, asp, images, etc.) in a special directory to force the users to go through the "https" of my site?

Administrator — Tue, 30 May 2006 17:53:35 GMT

Abstract:

It depends on how your server software is set up. Most server software packages SSL enable an entire site as opposed to a specific directory. As a result, you usually do not have to place your web files in a special directory. However, if you do want a special directory to be SSL enabled, you should be able to create a "sub site" and SSL enable that site. Then you can turn on a setting on the server software that will force users to use https.

For instance, IIS has a setting that you can manipulate that will force users to type https. If they do not, then a page will appear telling the user that https is required. On the other hand, Resin will simply change http to https without the user having to do anything. in a nutshell, it all depends on the server software you are using.

What is spyware? How can I detect spyware on my computer?

Administrator — Wed, 12 Apr 2006 13:46:34 GMT

Abstract:

Generally speaking, spyware refers to any computer program that gathers information about a person without his or her knowledge. Spyware programs can track your Internet page views, allow someone else to read your email, and even record your keyboard strokes. They are obviously cause for alarm.

There are several resources to detect and remove spyware, such as 2-Spyware.Com and SpyChecker.Com, which offer information about the most common spyware programs, as well as anti-spyware downloads. Spyware Watch offers a general tutorial on detecting and removing spyware programs.

I can't access my online email inbox.

Administrator — Wed, 12 Apr 2006 12:54:07 GMT

Abstract:

I can't access my online email inbox. After I enter my username and password correctly and click on "Log In" it loads for a few seconds and says done and a lock appears next to the loading bar.When i highlight it it says SSL Secured 128 Bit. Whats wrong with my Internet Explorer?

Unfortunately, we have no relationship with your online email account. Access to your online email via Hotmail, Yahoo, Gmail, etc. is not determined by the SSL protocol. As a result, we cannot assist you in accessing your online email.

Install a Certificate on Microsoft IIS 5.x / 6.x

Administrator — Fri, 07 Apr 2006 07:06:46 GMT

Abstract:

1. Installing the Root & Intermediate Certificates:

You will have received 3 Certificates from SSL.com. Save these Certificates to the desktop of the webserver machine, then:

Click the Start Button then selct Run and type mmc
Click File (or Console, depending on what options are available) and select Add/Remove Snap in
Select Add, select Certificates from the Add Standalone Snap-in box and click Add
IMPORTANT! Select Computer Account and click Finish (if Computer Account is not selected, certificates will not be properly installed)
Close the Add Standalone Snap-in box, click OK in the Add/Remove Snap in
Return to the MMC
To install the GTECyberTrustRoot certificate (see Related Articles section below if you do not have the GTECyberTrustRoot certificate readily available):
Right click the Trusted Root Certification Authorities, select All Tasks, select Import.
click Next
Locate the GTECyberTrustRoot certificate and click Next.
W

The TLS Protocol Version 1.1

Administrator — Wed, 05 Apr 2006 07:34:48 GMT

Abstract: See Related External Links below:

How do I get SSL on my website?

Administrator — Wed, 05 Apr 2006 07:33:13 GMT

Abstract:

There are four steps involved in procuring and installing a SSL server certificate, thus enabling SSL to provide security to your site. These steps are: 1) Purchase SSL Certificate(s), 2) generate a CSR, 3) enroll for a SSL server certificate, and 4) install the SSL server cerificate.

1) Purchase SSL Certificate(s)
The first step is to purchase a SSL certificate. You have access to a wide variety of SSL certificates that differ from each other based on brand and features. To get started with the process of choosing the right SSL solution for you, click here. Once you have purchased 1 or more SSL certicates (discounts may apply for bulk purchases, ask for details) you can manage them through your SSL.com account. An SSL.com account is created for you automatically when you make a purchase on SSL.com. The purchased SSL certificates will appear as unused credits in your SSL.com account, and these credits can be used on demand. When you are ready to use a credit and implement SSL on your site(s), go to Step 2).

2) Generate a CSR
From the web server that will be SSL enabled, generate a CSR (Certificate Signing Request) and save the CSR to a text file. For detailed CSR generation instructions based on which brand of web server you are using, click the following link: CSR Generation Instructions.

3) Enroll for a SSL server certificate
Log into your SSL.com account, and find an unused SSL certificate credit and select "process certificate". (see figure below)

When prompted, copy and paste the CSR text that was created in Step 2) into the textbox and select the server software used to create the CSR. I

READ ME - IMPORTANT

Administrator — Tue, 04 Apr 2006 18:39:23 GMT

Abstract:

We have recently launched a new site to allow users with questions concerning SSL and SSL certificates to post those questions on an open discussion forum. This open forum will provide for a quicker response time in getting accurate answers in a timely manner.

This new site is the SSL.com Forums site located at http://forums.ssl.com. If you have an SSL or SSL certificate related question, please post it on the SSL.com Forums. Our staff answers questions on the forums on a reuglar basis, but other knowledgeable source might offer some assistance as well. It is open to everyone so please do take a moment to peruse the site to see what others might have posted in relation to your question(s).

The SSL.com Knowledge Base will continue to serve as a resource of articles and FAQs related to SSL technology, but we will also pull commonly asked questions from the SSL.com Forums to be posted here.

I need to correct a Common Name on a certificate you issued. The common name is clearly not a vaild URL, yet was accepted by a confused customer.

Administrator — Tue, 04 Apr 2006 18:34:52 GMT

Abstract: Simply log into your SSL.com and click the "reprocess certificate" link. When you are prompted for the new CSR, copy and paste it into the textbox, and submit it.

What is the Common Name?

Administrator — Tue, 04 Apr 2006 18:33:58 GMT

Abstract:

Understanding the Common Name
Before you can enroll for a SSL Server Certificate, you must generate a CSR from your webserver software. During the creation of the CSR, the following fields must be entered: Organization (O), Organizational Unit (OU), Country (C), State (S), Locality (L), and Common Name (CN). The Common Name field is often misunderstood and is filled out incorrectly.

The Common Name is typically composed of Host + Domain Name and will look like "www.yoursite.com" or "yoursite.com". SSL Server Certificates are specific to the Common Name that they have been issued to at the Host level. The Common Name must be the same as the Web address you will be accessing when connecting to a secure site. For example, a SSL Server Certificate for the domain "domain.com" will receive a warning if accessing a site named "www.domain.com" or "secure.domain.com", as "www.domain.com" and "secure.domain.com" are different from "domain.com". You would need to create a CSR for the correct Common Name. When the Certificate will be used on an Intranet (or internal network), the Common Name may be one word, and it can also be the name of the server.

I received a notice that my certificate is expiring. How do I renew?

Administrator — Tue, 04 Apr 2006 18:33:29 GMT

Abstract:

I received a notice that my certificate is expiring. How do I renew my certificate?

If you received an notice that your certificate is expiring or has expired, you will need to renew that certificate. To do this, log into your SSL.com account.

Once logged in, your certificates will be listed on the right side of the page. Any certificates that are expiring soon (or have already expired) will have a link to "Renew". Click this link and follow the instructions that follow.

Note: You will need to generate a new CSR from your web server to complete this process.

If you cannot remember your password, click the link "Lost Password?" to have a new temporary password emailed to you. Please remember to change your password once logged in.

If you cannot remember your username, email us at sales@ssl.com and we will help you.

What is your Replacement Policy for SSL server certificates?

Administrator — Tue, 04 Apr 2006 18:31:41 GMT

Abstract:

Depending on which SSL certificate you purchased, the reissue policy can range from 7 days to the lifetime of the SSL certificate. When you are ready to reprocess, simply log into your account, and click the "reprocess ssl certificate" link next to the SSL certificate that appears in you account. See the specific product for more details.

Install a Certificate on Ensim Webppliance 3.1.x

Administrator — Tue, 04 Apr 2006 18:15:12 GMT

Abstract:

Step one: Loading the Site Certificate

You will receive an email from SSL.com with the certificate in the email (yourdomainname.crt). When viewed in a text editor, your certificate will look something like:

-----BEGIN CERTIFICATE-----
MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCAmowggHXAhAF
(.......)
K99c42ku3QrlX2+KeDi+xBG2cEIsdSiXeQS/16S36ITclu4AADEAAAAAAAAA
-----END CERTIFICATE-----

Copy your Certificate into the directory that you will be using to hold your certificates. In this example we will use /etc/ssl/crt/. Both the public and private key files will already be in this directory. The private key used in the example will be labelled private.key and the public key will be yourdomainname.crt.

It is recommended that you make the directory that contains the private key file only readable by root.

Select Services, then Actions next to Apache Web Server and then SSL Settings. There should already be a 'Self Signed' certificate saved.

Select 'Import' and copy the text from the yourdomainname.crt file into the box

Select 'Save', the status should now change to successful.

Logout, do not select delete as this will delete the installed certificate.

Step two: Install the Intermediate/Root Certificates

You will need to install the Intermediate and Root certificates in order for browsers to trust your certificate. As well as your SSL certificate (yourdomainname.crt) two other certific

Install a Certificate on Website Pro 3.x

Administrator — Tue, 04 Apr 2006 18:14:19 GMT

Abstract:

When your certificate is issued you will receive 3 certificates:
Yourdomain.crt
ComodoClass3SecurityServicesCA.crt
GTECyberTrustRootCA.crt

Add the ComodoClass3SecurityServicesCA.crt certificate as Trusted Roots:
Then attach each certificate in turn to your website's Key Pair in the following order. At this point your Key Pair will be black.:
Yourdomain.crt
ComodoClass3SecurityServicesCA.crt
GTECyberTrustRootCA.crt
Your Key Pair will now turn green.
Stop and Start the server, your site can now be found using the https entry

Since Yahoo has added your feature to its site I cannot log into it. This is also the same problem I'm having with e-bay. Thank You

Administrator — Thu, 30 Mar 2006 15:51:32 GMT

Abstract:

This question has been answered. Please see the "Related Articles" Section for the corresponding answer to this question.

I lost the password to my SSL certificate. What should I do? How can I get my SSL password ?

Administrator — Thu, 30 Mar 2006 15:47:29 GMT

Abstract:

If you lost your SSL password that you used to create the SSL certificate, then you will have to create a new SSL certificate.

I cannot connect to a secured sight. It always says 'page cannot be found'. What should I do? Thanks in advance.

Administrator — Thu, 30 Mar 2006 15:35:01 GMT

Abstract: The mostly likely scenario is that the website is not SSL-enabled, or the SSL is not funtioning properly on the website. There is nothing you can do on the client end other than notify the site's administrator that there may be a problem with the site's SSL.

What is the protocol to follow if someone finds a website collecting credit card information without being in a secured environment? I've been searching the web everywhere to see if there is somewhere to report such sites.Thanks in advance for any info you may have!Susan Merrow

Administrator — Thu, 30 Mar 2006 14:01:46 GMT

Abstract:

There really is no law(s) that dictates the requirements to use of collecting sensitive information in an unencrypted manner. You should first contact the website that is in violation, and notify them that are not doing enough to protect consumers information. If the website is certified in any way, you may be able to report the website to the auditing organization that oversees the certification of that particular website.

If that fails, you should use your best judgement and simply consider if it's worth doing business with an online organization that you feel is not taking enough measures to earn your trust and protect your privacy.

Certain organizations are taking proactive steps to ensure that partner sites do incorporate certain measures to ensure protection of consumer trust and privacy. Visa and Mastercard require implementation of SSL on websites that accept Visa and Mastercard credit cards, and HIPAA compliance dictates that SSL be used on websites that accept sensitive patient information online. These are just a few examples of what is happening across many different industries doing business on the Internet.

My SSL has been disabled for some reason. How do I enable it again?

Administrator — Thu, 30 Mar 2006 13:48:27 GMT

Abstract:

If you are referring to when you view a site through your web browser, and your SSL session is terminated, then check to be sure that the URL you are using begins with 'https' as opposed to 'http'. If the page does not show up with a 'Page Cannot Be Displayed" error, and your URL does begin with 'https', then that page is no accessible through the SSl protocol.

If you are referring to your SSL certificate installed on your server, then there could be a number of reasons. Is the firewall allowing traffic through port 443? Did you delete the SSL certificate files? Is there a configuration change on your server software? There are too many possible reasons to list here. Do a refined search on this knowledge base to determine what the cause may be.

Why do I receive a pop-up box stating that some pages are secured when others are not, even though all of the pages reside underneath the domain using the SSL certificate. All of the pages are using relative links.

Administrator — Mon, 13 Mar 2006 07:50:20 GMT

Abstract: Be sure that all hyperlinks (ie <a href=""> and <img src="">) are using relative links or absolute links with "https:" set as the protocol. You must be referencing some absolute links with "http:" as the protocol instead of "https:".

"This page contains both secure and non-secure items."

Administrator — Mon, 13 Mar 2006 07:45:00 GMT

Abstract:

You are receiving the warning "This page contains both secure and non-secure items." when visiting your secure web site through Internet Explorer.

This is a client side message most likely caused by a reference in your HTML to a non-secured item.

All references in the secure page need to point to "https://". The easiest way to accomplish this is to use relative links instead of absolute links. Commonly overlooked items include:

Images
Linked stylesheets
Frames, iFrames
Objects (such as Flash, Shockwave,...)
Scripts

Any of these HTML elements can trigger the warning message. If you are using resources from a third party, you may need to contact them for instructions on using their product on a secured web page.

The most frequent cause of this message seems to be embedded Macromedia Flash movies. Simply change the "CODEBASE" attribute in the "OBJECT" tag to refer to "https" to solve this problem. For more information, follow this link:
http://www.macromedia.com/cfusion/knowledgebase/index.cfm?event=view&id=KC.tn_16588&extid=tn_16588&dialogID=19204476

IFrames can also cause this message. For more information on the IFrame issue follow this link:
http://support.microsoft.com/default.aspx?scid=kb;en-us;261188

Another source of this warning message is the use of "javascript:OpenURL();" in an anchor tag. For more information regarding the use of Javascript in anchor tags follow this link:
http://support.microsoft.com/default.aspx?scid=kb;e

Can only text data be encrypted using SSL? Can pictures can be also encrypted? How does SSl work?

Administrator — Fri, 10 Mar 2006 12:12:42 GMT

Abstract:

Yes you can encrypt all data including images, but that will increase response time due the fact that many calculations are taking place and using computing cycles. It's best to only encrypt when necessary.

SSL uses public key cryptography to provide authentication, and secret key cryptography and digital signatures to provide for privacy and data integrity.

How can I tell if a web page is secure?

Administrator — Fri, 10 Mar 2006 12:11:00 GMT

Abstract:

How can I tell if a web page is secure?

Anytime a web page asks you for sensitive information, you need to be able to identify if the page is secure or not. The ability to recognize a secure web connection is extremely important as online fraud cases have increased substantially from year to year. This FAQ is intended to guide you to safer online shopping.

What exactly do we mean by "secure"?

Anytime you view a web site information is sent from your computer to the web server and from the web server to your computer. The transmission of this information is normally sent in "plain text", meaning anyone would be able to read it should they see it. Now consider this. Each piece of information transmitted traverses many computers (servers) to reach its destination.

Try it! - Windows Users, to see just how many machines your information traverses, follow these steps:
1) On your computer, click Start, then Run
2) Type "cmd" and click "OK" (or press Enter)
3) Type this in exactly: tracert www.ssl.com
4) Press Enter
Each listing in the window is a different computer/router/switch (a "node" in networking terms). Each "node" represents a point at which any data you send might be recorded! It is not uncommon to see 20-30 listings.

Big deal, right? Consider this the next time you type in a password or your credit card number. Ah! Therein lies the problem. The solution to this problem is to encrypt this data for transmission. Secure Sockets Layer (SSL) was created for this very purpose.

SSL uses a complex system of key exchanges between your browser and the server you are communicating

I am getting error ssl 1011.How can solve this?Thanks

Administrator — Fri, 10 Mar 2006 11:57:42 GMT

Abstract:

Are you referring to Ctrix? If so, click here:

http://support.citrix.com/kb/entry.jspa?externalID=CTX736482

What is SSL?

Administrator — Fri, 10 Mar 2006 11:57:13 GMT

Abstract:

SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.

To be able to create an SSL connection a web server requires an SSL Certificate. When you choose to activate SSL on your web server you will be prompted to complete a number of questions about the identity of your website and your company. Your web server then creates two cryptographic keys - a Private Key and a Public Key.

The Public Key does not need to be secret and is placed into a Certificate Signing Request (CSR) - a data file also containing your details. You should then submit the CSR. During the SSL Certificate application process, the Certification Authority will validate your details and issue an SSL Certificate containing your details and allowing you to use SSL. Your web server will match your issued SSL Certificate to your Private Key. Your web server will then be able to establish an encrypted link between the website and your customer's web browser.

The complexities of the SSL protocol remain invisible to your customers. Instead their browsers provide them with a key indicator to let them know they are currently protected by an SSL encrypted session - the lock icon in the lower right-hand corner, clicking on the lock icon displays your SSL Certificate and the details about it. All SSL Certificates are issued to either companies or legally accountable individuals.

Typically an SSL Certificate will contain your domain name, your company name, your address, your city, your state and your country. It will also contain the expiration date of the Certificate and details of the Certification Authority responsible for the issuance of the Certificate. When

Why do I need an SSL Certificate?

Administrator — Fri, 10 Mar 2006 11:55:10 GMT

Abstract:

There are many security risks involved with conducting e-commerce. In today’s world security is expected to be provided on any website a consumer uses; as a result consumers expect any information they provide over the Internet will remain private and accurate. For most consumers, the only way they will ever consider buying your products or services online are when they are satisfied their personal information is secure.

Using SSL certificates to secure your online transactions will indicate to the customer that they are dealing with a reputable company or organization that has been authenticated by a trusted third-party. The customer will visibly see that their online transaction will be secure, from the lock icon on their web browser. This will give reassure them that you have removed the risk associated with making transactions over the Internet.

Can you use an alias for your webserver in an SSL Certificate?

Administrator — Fri, 10 Mar 2006 11:51:45 GMT

Abstract: Yes, you can use a server alias (or any other name that has characters which conform to the character requirements of the certificate issuer) in an SSL certificate, but it would only be useful in a local or intranet environment. Using a fully qualified domain name (FQDN) that you have registered with a proper domain name registrar will ensure that your SSL certificate will work on a global level on the Internet.

Is SSL only 128 bit?

Administrator — Fri, 10 Mar 2006 11:51:06 GMT

Abstract: No, there are other strengths such as 40 bit and 256 bit.

SSL Glossary Index

Administrator — Tue, 03 May 2005 10:21:21 GMT

Abstract:

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R |