Employee Login

Login
 
Home arrow Support arrow FAQs arrow Web Hosting arrow What is SSL, TLS, or Secure Server, and how do I get it for my website?

What is SSL, TLS, or Secure Server, and how do I get it for my website?

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide secure communications on the Internet for such things as web browsing, e-mail, Internet faxing, instant messaging and other data transfers. There are slight differences between SSL and TLS, but the protocol remains substantially the same.

The TLS protocol allows applications to communicate across a network in a way designed to prevent eavesdropping, tampering, and message forgery. TLS provides endpoint authentication and communications privacy over the Internet using cryptography. Typically, only the server is authenticated (i.e., its identity is ensured) while the client remains unauthenticated; this means that the end user (whether an individual or an application, such as a Web browser) can be sure with whom they are communicating.

A TLS client and server negotiate a stateful connection by using a handshaking procedure. During this handshake, the client and server agree on various parameters used to establish the connection's security.

  • The "handshake" begins when a client connects to a TLS-enabled server requesting a secure connection, and presents a list of supported ciphers and hash functions.
  • From this list, the server picks the strongest cipher and hash function that it also supports and notifies the client of the decision.
  • The server sends back its identification in the form of a digital certificate. The certificate usually contains the server name, the trusted certificate authority (CA), and the server's public encryption key.

There are two options for purchase and configuration of a secure certificate through Chattanooga Online.

  1. Chattanooga Online purchases and installs a secure certificate and configures your site with a static IP address. Cost: $175 annually ($150 for the certificate, $2 per month for static IP address).
    or
  2. Your developer provides us with a certificate purchased from a 3rd party. We configure your site with a static IP address (necessary for TLS/SSL), and install the certificate. Cost: $25 one-time installation fee, $2 monthly fee for static IP address.

Before you purchase a cheaper certificate from another provider, we suggest you research whether the certificate meets your requirements.

A secure certificate does not prevent "hacking". The certificate itself does not restrict access to a site, or make the site itself any more secure. What a secure certificate does do is verify an encrypted transport protocol between a user's computer and a web server, and in some cases verify ownership of the website domain and/or location of the physical web server. This level of security prevents a malicious person or program from intercepting or redirecting data transmission between the user and the web server. If data is stored on the server, security is dependent upon the architecture of the web application and the server software, and upon user or administrator access restrictions.

For example, if your site stores a user's personal data on the web server, you would need to restrict user and administrator access to the site and to the server. If, for example, data were transported from the server to another computer via FTP, then the data security would be compromised because FTP is not a secure transport protocol.

Website and Server Configuration 

If you choose Chattanooga Online to provide the secure certificate, we will purchase and install the certificate for your domain. Because we must switch your site to a static IP address, this will be done after hours to minimize the effect of a brief downtime during the switch, because your website and email server may appear to be offline to some users.

Your designer should make all URLs (links) to the secure portion of your website point to https://www.yourdomain.com. All scripts, images, and files accompanying a secure page should use the https protocol, to avoid browser warnings.

Privacy Considerations 

Also, be aware that if your website uses session cookies to maintain a user's login state, your developer may need to implement a valid, P3P-compliant Compact Privacy Policy to avoid browser warnings and session disconnections. Implementing a valid, electronically-verifiable privacy policy can help prevent problems such as:

  • users being denied access to dynamic web applications, such as portals, e-commerce or  forums, due to restrictive privacy settings on their browser or their network
  • users having trouble logging in, or staying logged in during a session
  • legal issues regarding collection and use of data

 

 
< Prev   Next >

Search

Support Menu

FAQs - Hosting
FAQs - Email
FAQs - Dialup