SSL how to install

[nm2002]

I want to install SSL security on my web site but i dont know how??? If its really hard then I will pay someone to do it but i installed the whole website myself and if someone can explain how to do it in simple steps.

 

thnks

[♥Vger]

Make your website IP based (your own ip address, not shared). Then go to your hosting control panel and generate a CSR (Certifcate Signing Request). Copy and the past the text generated into a plain text file in Notepad. Go buy your certificate (for which you'll need the text of the CSR), and when you've done that then in the same place as you generated the CSR there should be a place to import the actual certificate text. After that's done your hosting company has to reboot the httpd files for the installation to be complete.

 

I think the best value for full (not chained ssl's) at the moment is the Geotrust Express SSL at $49 a year from ev1servers.net

 

Vger

[siavash]

are you asking how to activate SSL on a osc shop or how to install a certificate?

[bglkk]

Installation is not terribly difficult, but specific instructions will vary depending on your webserver software. For example, are you running Apache, Microsoft IIS, WHM/cPanel, Plesk...? You'll have to know that. Any reputable certificate provider will have detailed instructions for your platform.

[nm2002]

I dont even know if I have one by my hosting company but Ill check, is it possible to try to activate it and see if it works, and if yes how, i really dont know much about this but am lerning, I read for about 2 weeks and installed oscommerce website, but am still confused with some of the stuff....

 

THaks for all the help and if someone can answer the question.

[stevel]

Make your website IP based (your own ip address, not shared).

This is irrelevant to use of SSL - I'm unsure why you keep repeating this when people ask about SSL. You can implement full SSL on a shared host site, as long as you have your own domain name and your host supports installing an SSL certificate for your domain. Having your own IP address doesn't matter a bit.

 

 

Your host may also offer something called "shared SSL", usually at no charge. If you can install your own SSL certificate, that is preferable, but not all hosts let you do this. Setup for use of shared SSL varies by host.

[♥Vger]

Steve

I'm unsure why you keep repeating this when people ask about SSL

 

I'm unsure why you keep jumping in to contradict me. You were wrong (twice) about a workaround for Force Cookie Use on a shared SSL. First in saying it didn't work, and secondly in summizing that it involved a .htaccess command.

 

On the question itself, the reason I say this is that every hosting company I have used (and there have been a few) insists upon the site being IP based if you want to install a full ssl. I'm not saying that you absolutely have to have one, that will depend upon your hosting company. However, like having a shared or full ssl, I do think it is preferable to have your own ip address rather than using a shared one. What does it cost? $12 a year!

 

With regard to shared ssl, yes most companies do provide that facility (though not all - sadly).

 

However, the shared ssl provided by some companies is better than the shared ssl offered by other companies. Especially if the shared ssl is just one shared ssl for all sites hosted by that company, instead of an ssl certificate installed on each and every server. Remember that ssl provides encryption which slows down the delivery of pages, and if your hosting company provides only one certificate for all sites on all servers then your shared ssl is going to be somewhat slow.

 

Vger

[stevel]

Few hosting companies nowadays, at least the less expensive ones, give you your own IP address. Nevertheless, you are still wrong to say that having your own IP matters at all regarding installation of an SSL certificate. I know of many hosts which support installation of SSL but which use shared IP addresses.

[♥Vger]

You must be reading something different to me Steve. Didn't I say it wasn't required, but that it depended upon your hosting company? Your experience is different from mine ..okay ...let's move on.

 

By the way, if you want to know how to use Force Cookie Use on a shared ssl, you can always get in touch.

 

Vger

[ozcsys]

Few hosting companies nowadays, at least the less expensive ones, give you your own IP address.  Nevertheless, you are still wrong to say that having your own IP matters at all regarding installation of an SSL certificate.  I know of many hosts which support installation of SSL but which use shared IP addresses.

<{POST_SNAPBACK}>

 

Steve

 

Do you have any documentation for this. It has been my understanding in everything I have read and been told that if you want to have a private ssl certificate that a dedicated ip address is needed. If you know where there is some info to the contrary I would like to see it.

 

Thanks

 

Richard

[ozcsys]

Here is an example of what I have been thinking is true.

 

Benefits of Having a Dedicated IP Address

Although, shared IP is usually easier and cheaper, there are a few advantages to having a dedicated IP address. Besides looking ?cool? for fellow webmasters, a dedicated IP is needed for three specific reasons:

 

 

Using your own Private SSL Certificate. This applies only if you need to have your own SSL certificate. SSL certificates are needed for accepting credit cards online. Web hosts that offer SSL usually offer a shared SSL certificate where users can share the web host?s SSL. If you are using your web host?s SSL you don?t need a dedicated IP.

 

Anonymous FTP for some web hosts. Anonymous FTP is a method of sharing files on the Internet. Anonymous FTP means a computer will allow anyone using the FTP software access a special directory for files on its disk drive. This service is called Anonymous FTP because the user name used to sign in is "anonymous." To enable anonymous FTP certain web hosts require dedicated IP for the anonymous FTP function to work properly. Check with your web host if this is an issue for you.

 

Setting up your own Domain Name Server. A name server looks like this: ex. NS1.yoursite.com, NS2.yoursite.com. Since all web hosts provide you with their DNS servers, you don't need to have your own. But if you choose to have your own name server you will need to have a dedicated IP address to do so.

[stevel]

You said "Make your website IP based (your own ip address, not shared)." And you've said this many times when people ask about SSL. It's incorrect and confusing - you may as well tell people to dye their hair blue.

 

As for Force Cookie Use, your post on that is here. Yes, I misremembered that it had to do with .htaccess, but now that I refresh my memory, it's even less "tidy" (your word in another post) than I remembered, and I doubt that anyone would find it preferable to simply not using Force Cookie Use.

 

For myself, if I chose to use Force Cookie Use, I'd fix the bug in osCommerce that prevents it from working right rather than trying to paper over it.

[burt]

It is possible to install SSL on a shared IP address, but it leads to all sorts of issues.

 

It's pretty simple - it just takes some finagling of the conf files - however it does clog up 443 for other hosting accounts on the same IP - thus if a second Hosting Account on that IP requires to use SSL (on their own Cert), they can't.

 

Thus it is always preferable to give a dedicated IP when installing an SSL Cert.

 

I suppose you could configure so that each SSL vHost uses a different Port, but what an awful lot of work.

[stevel]

Richard,

 

Having your own IP address has no bearing on whether or not you can install an SSL certificate. SSL certificates are domain name based, not IP based. If your host allows you to install a certificate, and many shared-IP hosts do, you can use a full SSL cert with shared IP.

 

Re: Anonymous IP - again, this has nothing to do with dedicated IP. Perhaps some hosts don't let you use anonymous FTP with shared IP hosting, but that's their own choice, not a technical requirement.

 

You can have your own name server with shared IP too - I don't see how this is relevant. All a name server has to do is translate the host name to an IP address - as long as something at the destination can resolve the reference, it doesn't matter if it's shared IP or dedicated. But few people really need or want "their own" name server. They use the one of their host or that of their registrar.

[stevel]

burt, I don't think that is the case. The shared IP server can redirect requests on port 443 the same as it does for port 80. I know of several hosts that do this.

[burt]

burt, I don't think that is the case.  The shared IP server can redirect requests on port 443 the same as it does for port 80.  I know of several hosts that do this.

<{POST_SNAPBACK}>

 

This has always been my findings - up until just a few months ago I was a server admin for a large(ish) UK host...I never found a way to use multiple SSL vHosts on 443 - but that's not to say that it isn't possible!

 

It's something that I would like to do on my development box as I can't get extra IPs from my ISP (but I do host a number of experimental domains [on the normal port 80] from my office). Any chance you can PM me the name of the Host ?

[stevel]

PM sent Apparently it does require some complex configuration of the server - I am not familiar with the details. My own host is in the process of offering this, but it is pending installation of something they call an "SSL accelerator".

[♥Vger]

In summary then:

 

Burt - It is possible to install SSL on a shared IP address, but it leads to all sorts of issues.

 

It's pretty simple - it just takes some finagling of the conf files - however it does clog up 443 for other hosting accounts on the same IP - thus if a second Hosting Account on that IP requires to use SSL (on their own Cert), they can't.

 

Thus it is always preferable to give a dedicated IP when installing an SSL Cert.

 

I suppose you could configure so that each SSL vHost uses a different Port, but what an awful lot of work.

 

Steve - I know of several hosts that do this

 

Steve - Apparently it does require some complex configuration of the server - I am not familiar with the details. My own host is in the process of offering this, but it is pending installation of something they call an "SSL accelerator".

 

Now? What was it that I said originally? Mmmm?

 

Vger

[ozcsys]

PM sent  Apparently it does require some complex configuration of the server - I am not familiar with the details.  My own host is in the process of offering this, but it is pending installation of something they call an "SSL accelerator".

<{POST_SNAPBACK}>

 

I just did some searching and everything I read says you need a dedicated ip address to use a private ssl certificate. Now if a hosting company can do it on a shared only when using the ssl acceleator then that is one thing and looking up prices for them they seem to run between $5k and $10k so I would then say it is safe to say that in most instances you someone will need a dedicated ip address to use a private ssl certificate. I suppose the best thing to tell people is to talk to their hosting company but as a rule it looks like most will say yes they do.

[stevel]

Dunno - three out of the first three shared-IP hosts I looked at allowed SSL certificates to be installed. One of the hosts charges only $4.99/mo for a package that allows (for $49.99 additional fee) installation of an SSL certificate. (I don't use this host myself, so I am not promoting it - just mentioning that it was easy to find.)

 

The smaller hosts probably can't afford what it takes to do this, so I can understand that you may find it difficult to do on your home server.

 

The hosting service I use has some 50,000 customers and spends a lot on infrastructure, including redundant, load-sharing web and file servers, redundant network switches, as well as front-end equipment to enable additional services. And it costs me only $7.99/mo. (But no private SSL yet... I'm waiting for it.)

[♥Vger]

If someone had their site hosted (for example) with EV1 Servers they'd get their dedicated ip address for just $1 extra per month, plus the $49 a year for the SSL cert.

 

Don't know why anyone should have to wait more than a few hours to have their site switched from name based on a shared ip to ip based with their own dedicated ip address.

 

Anyway, back to the original post - it looks like (in most instances) I was right in saying to get a dedicated ip address to install a full ssl cert when you're on a shared server.

 

Vger

[siavash]

IR freaked out! with due respect it'd be better if we focused on IR's question! rather than having this discussion here why not propose a general discussion on SSL in the forum? or an entry in the knowledge base? lots of people want to know more about it including myself!

 

IR:

 

if you host your site on your own server you have an IP, etc. follow the instructions on seting up a the SSL and certificate...you can get full installation guide by your certificate issuer (hopeflly!).

 

if your site is hosted on a third party server then they should take care of the certificate installation and server configuartion etc. you will only place a piece of code on your site to show the certificate and connect to the issuer to verify the site security. just in case you have to do it yourself using your control panel, ask your host for support. also, do ask your host if they provide you with a shared SSL. it will cost you less.

 

always google the net and you will be amazed at what you can find!

 

i'm still learning; feedbacks very welcome. cheers