Difference between revisions of "SSL FAQs"

From Support Wiki
Jump to navigation Jump to search
(11 intermediate revisions by 2 users not shown)
Line 10: Line 10:
 
SSL gives consumers confidence that sensitive information like their credit card numbers will not be intercepted.  Having an SSL certificate for your domain also has benefits in relation to search engine optimization and general consumer trust.  In addition, in January 2017 Google released [https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html Chrome version 56] which alerts users when they are on webpages that collect either credit card numbers or passwords that are not served over SSL. Eventually, Google will have a strong warning for all webpages not using the HTTPS protocol.
 
SSL gives consumers confidence that sensitive information like their credit card numbers will not be intercepted.  Having an SSL certificate for your domain also has benefits in relation to search engine optimization and general consumer trust.  In addition, in January 2017 Google released [https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html Chrome version 56] which alerts users when they are on webpages that collect either credit card numbers or passwords that are not served over SSL. Eventually, Google will have a strong warning for all webpages not using the HTTPS protocol.
  
==Where do I get an SSL Certificate?==
+
==How do I get an SSL Certificate?==
Note: Regardless of which option you select below, please contact support@micronetonline.com as your first step so that we can provide helpful direction in this process.
+
Contact support@growthzone.com so that we can provide helpful, personalized direction in this process. Your solution is determined by which website host and which Content Management System (CMS) you have.
  
Micronet has selected Cloudflare as the provider of choice for our customers’ SSL certificates. Two options exist for how you can go about getting setup.
+
'''SmartCMS Customers:'''
 +
* SSL certificate installed by GrowthZone that covers your entire domain
 +
* Domain-level Validation
 +
* No additional SSL certificate necessary (in most cases)
 +
* One time $99 fee
  
'''Option 1:''' (Recommended) Allow Micronet Customer Support to setup, install and manage your SSL certificate(s).  Once we have access to your domain configuration, we will take care of this for you. One time cost of $150.  If your website is managed by another party, you will also need to ask them to verify that the website is SSL-ready.
+
'''LiveEdit Aurora customers:'''
 +
* SSL certificate installed by GrowthZone that covers your subdomain (i.e. members.yourdomain.com or business.yourdomain.com)
 +
* An additional SSL certificate is required for your main domain and will be obtained from CloudFlare.com and installed by GrowthZone unless other arrangements are made
 +
* Domain-level Validation
 +
* One time $99 fee
  
'''Option 2:''' Use your own IT Services provider to setup the certificate from Cloudflare and verify your website is SSL-ready. This option is helpful in situations where your IT Services provider would like to be directly involved in all configurations of your domain.
+
'''All other customers:'''
 
+
* SSL certificate will be installed that covers your subdomain (i.e. members.yourdomain.com or business.yourdomain.com)
Note: If you are a customer using our eCommerce module, the certificate that will be provided by us (Option 1) provides PCI-compliance until June 30, 2018 at which time PCI compliance requirements may dictate that a different certificate be obtained. If you wish to get the June 2018 PCI compliant SSL certificate already now, please let us know. The cost is presently $200/month and would be easily setup instead of the version we will setup now. However, when viable options are re-evaluated in 2018, we expect there will be more plentiful, affordable options at that time. Your use of ecommerce may also change by then as well. Our Option 1 provides what you need for now at an affordable price.
+
* Domain-level Validation
 
+
* One time $99 fee
==What benefits are providing by going through Cloudflare?==
+
* An additional SSL certificate must be obtained for your main domain
 
+
* Recommend contacting your website host for info/cost of securing your main domain
Cloudflare provides additional key benefits including faster performance on website pages due to key features such as their global Content Delivery Network (CDN) and automatic static content caching.  Protection from Distributed Denial of Service (DDoS) attack is another benefit when implemented through this service.
 
 
 
==How do I decide between your setup option 1 and option 2?==
 
 
 
As noted above already, Micronet has two options for how you go about getting setup with an SSL certificate(s).
 
 
 
'''Option 1:''' (Recommended) Allow Micronet Customer Support to setup, install and manage your SSL certificate(s)
 
 
 
The benefits of having us take care of this for you is the simplicity.  No need to determine what domains need validation, whether you need a single certificate or a wildcard certificate or what validation level you should go with.  Our implementation will provide the requirements necessary for your site without all the questions and without the back and forth between your IT person, your Web Support, and our Customer Support.
 
 
 
'''Option 2:''' Use your own IT Services provider to setup the certificate from Cloudflare and verify your website is SSL-ready.
 
 
 
The reasons for having your IT Services provider take care of this would be if they are a key player in your infrastructure that is regularly involved in your website configuration.  This keeps them in the loop and able to play a continued everyday role in maintaining your site. 
 
 
 
Some customers prefer to have a discussion with their IT Services provider as to what type of validation they should have.  The solution we provide will implement Domain Validation which displays a lock in the URL.  Organization and Extended validation provides the same level of security as the other validation levels, but also displays the organization name in the URL. See info on validation levels here - http://supportwiki.micronetonline.com/SSL_FAQs#What_certificate_options_are_available.3F
 
 
 
==Are there any special considerations for eCommerce customers?==
 
 
 
Yes. If you are a customer using our eCommerce module, the certificate that will be provided by us (Option 1) provides PCI-compliance until June 30, 2018 at which time PCI compliance requirements may dictate that a different certificate be obtained. If you wish to get the June 2018 PCI compliant SSL certificate already now, please let us know. The cost is presently $200/month and would be easily setup instead of the version we will setup now.  However, when viable options are re-evaluated in 2018, we expect there will be more plentiful, affordable options at that time. Your use of ecommerce may also change by then as well. Our Option 1 provides what you need for now at an affordable price.
 
  
 
==What certificate options are available?==
 
==What certificate options are available?==
  
If allowing Micronet Customer Service to install, setup and maintain your SSL certificate, an understanding of the following information is not required but could helpful overall.  If you are obtaining the certificate on your own from Cloudflare, this information will need to be understood in order to make appropriate decisions.
+
With GrowthZone Customer Service providing the install, setup and maintenance of your sub-domain SSL certificate, an understanding of the following information is not required but could be helpful overall.   
 
 
'''Certificates needed:'''
 
Most SmartCMS customers will need an SSL certificate for a single domain (i.e. your main domain). Customers not using SmartCMS will need either a wildcard certificate (see below) or two single domain certificates, one for your module sub-domain and one for your main domain.
 
 
 
* Wildcard Certificate - Wildcard SSL certificates secures your domain name and an unlimited number of its subdomains. For example, a single Wildcard certificate can secure www.coolexample.com, member.coolexample.com, and store.coolexample.com.
 
 
 
Note:
 
* If purchasing a single domain SSL certificate on your own, you will want to verify with the Certificate Authority (CA) that both the www domain and the non-www domain (e.g. www.myorganization.com and organization.com) will be covered by a single domain SSL certificate.  A single domain certificate may be able to handle both domains, but it depends on which CA is issuing the certificate.
 
* If asked what type of server we are running - IIS is the correct answer.
 
 
 
 
 
 
 
  
 
'''Validation levels:'''
 
'''Validation levels:'''
The level of validation offered with SSL certificates (Domain, Organization and Extended validation) is not critical to our configuration. The Cloudflare solution provided by Micronet will provide Domain Validation. If you choose to provide your own Cloudflare solution, you and your web master may determine what validation level you wish to provide your website visitors.
+
The level of validation offered with SSL certificates (Domain, Organization and Extended validation) is not critical to our configuration. The solution provided by GrowthZone will provide Domain Validation. Organization or Extended Validation provide additional information about who owns the domain, often desired by larger corporations or business in the security industry. All validation levels provide the same level of security.  
  
 
* DV (Domain Validated) where the Certificate Authority (CA) checks the right of the applicant to use a specific domain name. No company identity information is vetted and no information is displayed other than encryption information within the Secure Site Seal.
 
* DV (Domain Validated) where the Certificate Authority (CA) checks the right of the applicant to use a specific domain name. No company identity information is vetted and no information is displayed other than encryption information within the Secure Site Seal.
Line 68: Line 45:
 
* EV (Extended Validation) where the Certificate Authority (CA) checks the right of the applicant to use a specific domain name PLUS it conducts a THOROUGH vetting of the organization. The issuance process of EV SSL Certificates is strictly defined in the EV Guidelines, as formally ratified by the CA/Browser forum in 2007, that specify all the steps required for a CA before issuing a certificate.
 
* EV (Extended Validation) where the Certificate Authority (CA) checks the right of the applicant to use a specific domain name PLUS it conducts a THOROUGH vetting of the organization. The issuance process of EV SSL Certificates is strictly defined in the EV Guidelines, as formally ratified by the CA/Browser forum in 2007, that specify all the steps required for a CA before issuing a certificate.
  
Contact [mailto:support@micronetonline.com support@micronetonline.com] if unsure of your configuration or the minimum requirements for your site.
+
==What does it mean to "verify that my website is SSL-ready?"==
 
 
==What is the cost of obtaining and installing the SSL Certificate?==
 
 
 
If you are having us do the setup, installation and management of your SSL certificate(s), there is a one time fee of $150.  Once you’ve obtained the certificate, installing the SSL Certificate on our server is free. If your website is managed by another party, you will also need to ask them to verify that the website is SSL-ready which may be a charge from them as well.
 
 
 
If you are obtaining the certificate on your own from Cloudflare, the cost will vary dependent on which certificate is chosen.  Note that a free certificate is available that meets the minimum requirements for our installation and is the certificate that we will install if you choose to go with our setup.  Your IT services provider may determine they want a different certificate or wish to be involved in the process.  If so, be sure to calculate the cost of charges they may have to you.  Your website will also need be made SSL-ready, for which your webmaster may charge.
 
 
 
 
 
==What does it mean when you say I need to "verify that my website is SSL-ready?"==
 
  
 
Before enabling SSL access to your site, URLs and all references on the website will need mapped from HTTP to HTTPS, which includes all internal website links, images, JavaScript, CSS and other elements.  Readiness varies on each site but is likely understood by your webmaster.
 
Before enabling SSL access to your site, URLs and all references on the website will need mapped from HTTP to HTTPS, which includes all internal website links, images, JavaScript, CSS and other elements.  Readiness varies on each site but is likely understood by your webmaster.
  
 
Also note, if your website has any widgets that were generated using the Internet Settings Control Panel (ISCP), they will need to be re-generated and updated on your website prior to enabling SSL.
 
Also note, if your website has any widgets that were generated using the Internet Settings Control Panel (ISCP), they will need to be re-generated and updated on your website prior to enabling SSL.
 
==How do I get the SSL Certificate installed on my website?==
 
 
If you are having us do the setup, installation and management of your SSL certificate(s), you do not need to do anything.  We will take care of this for you.
 
 
If you are obtaining the certificate on your own using Cloudflare, this will be taken care of by your IT Services provider.
 
 
If you are not obtaining the certificate from Cloudflare, you can email your SSL Certificate file to [mailto:support@micronetonline.com support@micronetonline.com] Your MicroNet contact will work with you on getting SSL in place for your website.
 
 
In all cases, once the SSL Certificate is installed and the site is SSL-ready, a security ‘lock’ icon is visible on popular website browsers, indicating the SSL Certificate is in place and the website is secure.
 
  
 
==Noteworthy Information==
 
==Noteworthy Information==

Revision as of 23:07, 28 November 2017


What is SSL?

SSL (Secure Socket Layer), commonly known as HTTPS, is a communication method for the internet which protects website visitors’ information from being stolen or modified while it is being sent from their computer to a website. This is done by verifying the server identity and encrypting the data.

Who can get SSL?

This is available for all customer websites - both SmartCMS sites and non-SCMS sites.

Why would I want SSL?

SSL gives consumers confidence that sensitive information like their credit card numbers will not be intercepted. Having an SSL certificate for your domain also has benefits in relation to search engine optimization and general consumer trust. In addition, in January 2017 Google released Chrome version 56 which alerts users when they are on webpages that collect either credit card numbers or passwords that are not served over SSL. Eventually, Google will have a strong warning for all webpages not using the HTTPS protocol.

How do I get an SSL Certificate?

Contact support@growthzone.com so that we can provide helpful, personalized direction in this process. Your solution is determined by which website host and which Content Management System (CMS) you have.

SmartCMS Customers:

  • SSL certificate installed by GrowthZone that covers your entire domain
  • Domain-level Validation
  • No additional SSL certificate necessary (in most cases)
  • One time $99 fee

LiveEdit Aurora customers:

  • SSL certificate installed by GrowthZone that covers your subdomain (i.e. members.yourdomain.com or business.yourdomain.com)
  • An additional SSL certificate is required for your main domain and will be obtained from CloudFlare.com and installed by GrowthZone unless other arrangements are made
  • Domain-level Validation
  • One time $99 fee

All other customers:

  • SSL certificate will be installed that covers your subdomain (i.e. members.yourdomain.com or business.yourdomain.com)
  • Domain-level Validation
  • One time $99 fee
  • An additional SSL certificate must be obtained for your main domain
  • Recommend contacting your website host for info/cost of securing your main domain

What certificate options are available?

With GrowthZone Customer Service providing the install, setup and maintenance of your sub-domain SSL certificate, an understanding of the following information is not required but could be helpful overall.

Validation levels: The level of validation offered with SSL certificates (Domain, Organization and Extended validation) is not critical to our configuration. The solution provided by GrowthZone will provide Domain Validation. Organization or Extended Validation provide additional information about who owns the domain, often desired by larger corporations or business in the security industry. All validation levels provide the same level of security.

  • DV (Domain Validated) where the Certificate Authority (CA) checks the right of the applicant to use a specific domain name. No company identity information is vetted and no information is displayed other than encryption information within the Secure Site Seal.
  • OV (Organization Validation) where the CA checks the right of the applicant to use a specific domain name PLUS it conducts some vetting of the organization. Additional vetted company information is displayed to customers when clicking on the Secure Site Seal, giving enhanced visibility in who is behind the site and associated enhanced trust.
  • EV (Extended Validation) where the Certificate Authority (CA) checks the right of the applicant to use a specific domain name PLUS it conducts a THOROUGH vetting of the organization. The issuance process of EV SSL Certificates is strictly defined in the EV Guidelines, as formally ratified by the CA/Browser forum in 2007, that specify all the steps required for a CA before issuing a certificate.

What does it mean to "verify that my website is SSL-ready?"

Before enabling SSL access to your site, URLs and all references on the website will need mapped from HTTP to HTTPS, which includes all internal website links, images, JavaScript, CSS and other elements. Readiness varies on each site but is likely understood by your webmaster.

Also note, if your website has any widgets that were generated using the Internet Settings Control Panel (ISCP), they will need to be re-generated and updated on your website prior to enabling SSL.

Noteworthy Information

  • The implementation of SSL on our servers uses a technology called Server Name Identification (SNI) which is not supported by older web browsers such as Internet Explorer version 7 and older, or for any users of IE that have the Windows XP operating system.
  • SSL is designed to protect only info in transit, not to be confused with protection for the server where the website is hosted.
  • Particularly sensitive information such as credit card information being sent from your website to our server is already secured on the ChamberMaster / MemberZone servers. Having an SSL certificate for your domain will secure ALL information (not just the sensitive information) while it is being sent to our server.
  • If you purchase the eCommerce module, we strongly recommend purchasing an SSL Certificate, which will secure all information (not just sensitive information). The security 'lock' will appear in main browsers for all pages, indicating a secure site to the consumer.