Difference between revisions of "SSL Certificate"

From docs.websky.tech
Jump to navigation Jump to search
(Created page with "'''SSL Certificate''' is an identification file required to use a secure SSL connection protocol. With its help, the contact between client browser and server is made in the s...")
 
m (See also)
 
(2 intermediate revisions by the same user not shown)
Line 38: Line 38:
 
== SSL Certificates in Websky ==
 
== SSL Certificates in Websky ==
  
In Websky, you can use secure connection technology. To do this, you need to purchase an SSl certificate, add it to [[server]] and switch the corresponding setting (see ''' "Site Management - "Domains and Protocols"- "Https Operation Mode'' ''').
+
In Websky, you can use secure connection technology. To do this, you need to purchase an SSl certificate, add it to [[server]] and switch the corresponding setting (see ''' "Site Management - "Domains and Protocols"- "Https Operation Mode" ''').
  
  
Line 74: Line 74:
  
 
== See also ==
 
== See also ==
*[[Secure connection]]]
+
*[[Secure connection]]
 
*[[Subdomain]]
 
*[[Subdomain]]
 
*[[GTA]]
 
*[[GTA]]

Latest revision as of 14:58, 28 November 2020

SSL Certificate is an identification file required to use a secure SSL connection protocol. With its help, the contact between client browser and server is made in the secure mode. Information is encrypted using an asymmetric cryptosystem and transmitted via HTTPS protocol. The encoding and decryption process is performed with two keys: the session initiator user accesses the public key of the certificate and uses it to encrypt the information sent, decryption is possible with a secret key. Thus, the data is protected and available only to the authorized recipient. The main users of SSL certificates are web-shops, banking, mail and payment systems.

History

The developer of SSL (Secure Socket Layer) cryptographic protocol is Netscape Communications. The first two versions of the product were unsuccessful, so the official year of the protocol creation is 1996, when the version 3.0 was released. Later it served as a basis for the development of the protocol TLS (Transport Layer Security), the development of which is engaged in the Internet Engineering Task Force (IETF).

The HTTP hypertext protocol has no tools to protect the information exchanged between the client and the server. Therefore, the emergence and active use of SSL has served to create the HTTPS (Hypertext Transfer Protocol Secure), also supported by all browsers. The information transmitted by HTTPS is converted into one of the secure protocols (SSL or TSL). When establishing a secure connection, the address bar changes the "http" prefix to "https".

How to obtain a certificate

SSL certificate can be created by yourself or purchased in one of the certification centers. In the first case, a digital signature is generated and signed by the site owner. Such certificate is called untrustworthy and in case of hacking the guilty party is the portal creator. In the second case, the certificate is issued by a special organization that guarantees the quality of connection security and takes responsibility in case of security problems. This certificate is called a trustworthy certificate and has an expiration date from 1 to 5 years.

Certificate is required to order (create) to work with the domain, which is the main one for the agency.

The certificate will be used on Apache web server + MOD SSL.

CSR can be generated by an agency on its own, for example, using the CSR generator ([[1]]).

Websky can also install the Let's Encrypt certificate with automatic prolonging.

How to install the certificate

  1. Create a ticket to install the certificate and assign it to SUPPORT RECEPTION.
  2. Apply the following to the ticket:
    1. certificate,
    2. key to the certificate,
    3. password to decrypt the key (if the key is encrypted),
    4. intermediate certificate (if any) and the list of domains for which it is created,
    5. the name of the domain to which the certificate should be attached.

If a new certificate was issued with last year's key, please specify this information in the ticket. ===How to check if the key is encrypted ===.

  1. Open the key file (file with extension .key')
  2. Check the text:
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,5DA11B8DC8885EEC

If the text matches the sample, the key is encrypted.

SSL Certificates in Websky

In Websky, you can use secure connection technology. To do this, you need to purchase an SSl certificate, add it to server and switch the corresponding setting (see "Site Management - "Domains and Protocols"- "Https Operation Mode" ).


Https operation mode.png


You can use this setting for all pages or set it for pages with personal data only.

Pages that contain personal data:

  • Registration
  • Customer data entry
  • Passenger data entry
  • View the itinerary receipt
  • View order data
  • Personal account page

If you plan to use more than one domain, you must purchase a certificate for each one. One for all certificate can only be used if it is wildcard and you plan to apply it to subdomains of one domain.

Support for SSL encryption

The following vendors have support for SSL over HTTPS encryption:

  • GTA;
  • MIKI;
  • Travco;
  • DOTW;
  • Tourico

The following do not have support:

  • Hotelbeds
  • Serhs
  • Academservice

See also