Tips for Purchasing and Installing an SSL Certificate
Written By: Nazifa Alam
The Importance of SSL Certificates
An SSL (Secure Sockets Later) certificate is highly important as it assures internet users that a given site is authentic and enabled with encrypted connection. The purpose behind an SSL certificate is to also confirm the ownership of the domain. These certificates are frequently used by e-commerce sites that require customers to provide their personal and financial details.
By securing the data that is transferred between the two parties, SSL encryption can serve as a method for preventing hackers from extracting and selling personal information such as bank details and personal details. SSL certificates provide trust among users by providing verification for websites which serve as e-commerce sites.
The information that SSL certificates help to secure include:
- Login details.
- Financial details
- PII (Personal Identifiable Information) including name, address, date of birth and telephone number.
- Medical records
- Legal documents
Different Types of SSL Certificates
The different types of SSL certificates can be divided into the following categories:
Validation Level – Domain Validation, Organisation Validation and Extended Validation.
Domains – Single Domain, Wildcard and Multi-Domain.
Listed below are the different types of SSL certificates that are available for purchase, each of which offer different degrees of protection:
- Domain Validated (DV) Certificates: These certificates only verify the owner of the site. Registration is simple and consists of the CA (Certification Authorities) sending an email to the registered email of the website to confirm it’s identification. Additional information about the company is not necessary. This form of certificate offers the lowest levels of trust and are frequently obtained by cybercriminals as they are easy to receive. This certificate is fine for small businesses to use which do not conduct transactions online.
- Organisationally Validated (OV) Certificates: To receive this certificate, the purchaser must provide information regarding their organisation, physical location and its domain name. Waiting time typically spans several days. These types of certificates offer an average level of trust and are a good option for public serving websites that do not handle more sensitive transactions.
- Extended Validation (EV) Certificates: This type of certificate is required for websites that receive and process sensitive information. This type of certificate offers the highest level of security. The process of acquiring one consists of the CA completing further review of the applicant. Official documents of the organisation must be provided as well as the applicant’s identity.
- Single Domain Certificate: This type of certificate can be applied to a single subdomain and that subdomain only.
- Wildcard Domain Certificate: This type of certificate provides security to all subdomains part of a single domain.
- Multi-Domain Certificate: This SSL certificate can be used to provide security and verification for up to 100 domains.
Browsing for an SSL Certificate
The Certificate Authorities can be divided into two parts, regional and global. There are approximately 50 global CAs however only a certain number of these are established in the market.
The following is a list of the largest CA authorities in the market:
- Comodo
- Symantec
- GoDaddy
- GlobalSign
- Digicert
- StartCom
- Entrust
- Certum
You will need to keep in mind the services that your platform intends to provide for example, general information your organisation offers or financial transactions. In addition to this, prior to purchase, company budget will need to be considered before a final decision regarding the type of SSL certificate that is required. You will also need to decide if you need certain SEO services before purchasing from one of these CAs.
Aside from the listed CA authorities, you can order your chosen SSL certificate(s) from Hivelocity and place the files onto your Ubuntu web server. Required information that needs to be provided prior to authenticating a purchase can be found here.
Configuring the Web Server
At a minimum level, your SSL configuration will need to consist of the commands:
LoadModule ssl_modules/mod_ssl.so
Listen 433
<VirtualHost *:433>
ServerName www.example.com
SSLEngine on
SSLCertificateFile “/path/to/www.example.com.cert”
SSLCertificateKeyFile “/path/to/www.example.com.key”
</VirtualHost>
Creating an SSL server which only accepts highly secure encryption:
The following command will ensure that only the strongest cipher is accepted:
SSLCipherSuite HIGH: !aNULL: !MD5
Commands to highlight a preference for particular speed-optimised ciphers:
SSLCipherSuite RC4-SHA:AES128-SHA:HIGH: !aNULL: !MD5
SSLHonorHipherOrder on
Creating an SSL Server which requires strong ciphers to enable access to a certain URL:
To do this, mod_ssl can be reconfigured in LOCATION components to provide per-command solutions. This can automatically result in a renegotiation of the SSL domains/confines to match the new configuration.
The following can be implemented:
# be liberal in general
SSLCipherSuite ALL: ! aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL
<Location “/strong/area”>
#but https://hostname/strong/area/ and below
#requires strong ciphers
SSLCipherSuite HIGH: !aNULL: !MD5
</Location>
Conclusion
It is a necessity for your website to be fitted with an SSL certificate to provide your users with secure browsing and purchases. In addition to this, depending on the type of SSL certificate you choose, additional beneficiaries include improved SEO and business alignment regarding industry standards.