SSL Certification

The Secure Socket Layer protocol was created by Netscape to ensure secure
transactions between web servers and browsers. An SSL certificate is a digital
certificate that authenticates the identity of a Web site and encrypts information
that is sent to the server using Secure Sockets Layer (SSL) technology. SSL
certificatesbuilt around stringent, industry-leading authentication measures
allow Web site owners to secure all online transactions with up to 256-bit
encryption. An SSL certificate on a Web site ensures that sensitive data is safe
Steps in the process :
1. A browser requests a secure page (usually https://).
2. The web server sends its public key with its certificate.
3. The browser checks that the certificate was issued by a trusted party
(usually a trusted root CA), that the certificate is still valid and that the
certificate is related to the site contacted.
4. The browser then uses the public key, to encrypt a random symmetric
encryption key and sends it to the server with the encrypted URL required
as well as other encrypted http data.
5. The web server decrypts the symmetric encryption key using its private
key and uses the symmetric key to decrypt the URL and http data.
6. The web server sends back the requested html document and http data
encrypted with the symmetric key.
7. The browser decrypts the http data and html document using the
symmetric key and displays the information.
HTTP vs. HTTPS
HTTP, or hypertext transfer protocol, is the way a Web server communicates with
browsers like Internet Explorer and Mozilla Firefox. HTTP lets visitors view a site
and send information back to the Web server.
HTTPS, hypertext transfer protocol secure, is HTTP through a secured connection.
Communications through an HTTPS server are encrypted by a secure certificate
known as an SSL. The encryption prevents third-parties from eaves dropping on
communications to and from the server.

Browsers and devices compatible with SSL certification
Browsers
AOL 5 and higher
Google Chrome All versions
Firefox All versions
Internet Explorer 5.01 and higher
Konqueror All versions
Mozilla All versions
Netscape 4.7 and higher
Opera browser 7.5 and higher
Safari Mac OS 10.3.4 and higher
Devices
ACCESS NetFront 3.3 and higher
Android All versions
AT&T WAP Gateways All AT&T phones that use WAP version 1.X
BlackBerry 4.1 and higher
iPhone All versions
iPad All versions
Kindle All versions
Motorola phones Manufactured in 2009 and later
Nokia devices Manufactured in 2007 and later
Nook All Color and Tablet Versions
Palm OS 6.1 and higher (also Treo 650)
Sprint devices Manufactured in 2010 and later
Sony PlayStation Portable 2.5 and higher
Sun Java Runtime (JRE) 1.4.2_07 and higher and 1.5.0_02 and higher
Windows Mobile 2005 AKU 2 and higher
Installing an SSL Certificate in F5 BIG-IP Loadbalancer(
with Go Daddy)

To Install SSL Certificates

1. Launch the F5 BIG-IP Web GUI.
2. Under Local Traffic, select SSL certificates.
3. Select the name you assigned to the certificate under General Properties.
4. Browse to the user_domain_name.crt file that user received from go
daddy.
5. Click Open and then Import.
Enabling Intermediate Certificate Using BIG-IP
Loadbalancer v.9

1. In the Web GUI, select Local Traffic, then SSL certificates, and then Import.
2. Under Import Type, select Certificate, and then Create New.
3. Enter "GoDaddy" as user certificate name.
4. Browse to the gd _bundle.crt file that user received from us, click Open,
and then click Import.

To Enable SSL

1. Create or open the SSL Profile for the certificate.
2. Under Configuration, select Advanced.
3. Select the SSL certificate (public/private key pair) that has been installed at
the beginning of these instructions.
4. Under the Chain, browse to the "GoDaddy" (gd_bundle.crt) file that has
been imported in the previous step, then Save and Exit the configuration.

Encryption strength of SSL Certification
The actual encryption strength on a secure connection using a digital
certificate is determined by the level of encryption supported by the user's
Web browser and the Web server that the website resides on. For example,
the combination of a Firefox browser and an Apache server normally enables
up to 256-bit AES encryption with our SSL certificates. This means that
depending on the browser and server that combine to establish the secure
connection through one of our SSL certificates, the encryption strength of the
secure connection may be 40, 56, 128, or 256 bit.

Working of SSL Certificate
An SSL certificate ensures safe, easy, and convenient Internet shopping. Once
an Internet user enters a secure area by entering credit card information,
email address, or other personal data, for example the shopping site's SSL
certificate enables the browser and Web server to build a secure, encrypted
connection. The SSL "handshake" process, which establishes the secure
session, takes place discreetly behind the scene without interrupting the
consumer's shopping experience.
By contrast, if a user attempts to submit personal information to an
unsecured website (i.e., a site that is not protected with a valid SSL
certificate), the browser's built-in security mechanism triggers a warning to
the user, reminding him/her that the site is not secure and that sensitive data
might be intercepted by third parties. Faced with such a warning, most
Internet users will likely look elsewhere to make a purchase.

Premium Extended Validation SSL Certificate
A Premium Extended Validation (EV) SSL certificate is a digital certificate issued in
conformance with the extended validation guidelines defined by the CA/Browser
Forum.
The introduction of Premium Extended Validation (EV) SSL certificates will tighten
the security of Internet transactions as certificate requestors will be subject to a
thorough, standardized vetting process which all issuing Certification Authorities
(CAs) must adhere to.
The Premium Extended Validation (EV) SSL certificate standard provides an
improved level of authentication of entities that request digital certificates for
securing transactions on their websites. The latest generation of Internet
browsers will display Premium Extended Validation (EV) SSL-secured websites in a
way that allows visitors to instantly recognize that the organization that operates
the site has been authenticated in accordance with the CA/Browser Forum's
uniform vetting standard.
Premium Extended Validation (EV) SSL certificates are particularly useful for
companies whose Internet domains are considered at a high risk of being targeted
by phishing schemes and other types of Internet fraud. High-risk domains include
domains owned by high-profile online financial services, banking sites, auction
sites, popular retailers and other sites that conduct Internet transactions likely to
be targeted by Internet fraud.

Using SSL Using an Earlier Version of BIG-IP
Loadbalancer
1. Inside the SSL account, download the primary (user_domain_name.crt) and
intermediates bundle ( gd_bundle.crt ) certificate files.
2. Move primary and intermediate certificates to the BIG-IP device. This can
be done via FTP.
3. Rename the primary certificate from user_domain_name.crt to
user.domain.name.crt and copy it to the /config/bigconfig/ssl.crt/ folder.
4. Copy the intermediates bundle (gd_bundle.crt ) to
the /config/bigconfig/ssl.crt/ folder.
5. Restart the proxy using these commands:
ICANN new Gtld Program affecting SSL Certification
In 2011, the Internet Corporation for Assigned Names and Numbers (ICANN)
launched the New gTLD Program. In 2012, public and private organizations
applied for new generic top-level domain names (gTLDs). Instead of about
two dozen TLDs, such as .com and .org, there could soon be hundreds.
The New gTLD program could affect you if you request an SSL certificate for
an intranet name, such as .local or .intranet, that is pending registration as a
new gTLD. If ICANN approves the new gTLD, you must provide further
validation to prevent revocation of the certificate.
In other words, if you request a certificate for an intranet name that you do
not own, we will be forced to revoke it per ICANN's guidelines.

Expiration of Certificate

If one allow a certificate to expire, the certificate becomes invalid, and one
will no longer be able to run secure transactions on your website. The
Certification Authority (CA) will prompt to renew your SSL certificate prior
to the expiration date.
Wild Card SSL Certificate
A Wildcard SSL certificate secures your website URL, and an unlimited
number of its sub domains. A single Wildcard certificate can secure
both www.coolexample.com, and blog.coolexample.com.
Wildcard certificates secure the common name and all subdomains at the
level you specify when you submit your request. Just add an asterisk (*) in
the sub domain area to the left of the common name.
Examples
If one configure *.coolexample.com, one can secure:
coolexample.com
www.coolexample.com
photos.coolexample.com
blog.coolexample.com
If one configure *.www.coolexample.com, one can secure:
www.coolexample.com
mail.www.coolexample.com
photos.www.coolexample.com
blog.www.coolexample.com
Wildcard certificates secure websites the same as regular SSL certificates, and
requests are processed using the same validation methods. However, some
Web servers might require a unique IP address for each subdomain on the
Wildcard certificate.
Benefits Of SSL Certification
Encrypts Information- The major purpose of an SSL certificate is to
encrypt information so that it can only be read and understood by the
intended parties. Information submitted on Internet forms often passes
through more than one computer before reaching its final destination, and
the more stops it has to make, the higher the chance that a third party
could obtain access. An SSL certificate inserts random characters into the
original information, rendering it incomprehensible to anyone without the
proper encryption key. If the information does somehow wind up in the
wrong hands, it will be unreadable and therefore useless.

Provides Authentication- If one want to be sure that the information
on his website, including customer information, goes to the correct server
without being intercepted. When obtaining an SSL certificate, another type
of protection called a server certificate is also issued. This certificate acts as
a mediator between browsers and SSL servers to show that the SSL
certificate provider can be trusted. Customers can view these documents to
validate that the SSL certificate of your site is up to date and that the page
theyre about to enter information on is really yours and not an imitation.

Necessary for Accepting Payments- In order to meet Payment Card
Industry compliance, an online business needs an SSL certificate with the
proper encryption of at least 128-bit. PCI standards verify that the SSL
certificate is from a trusted source, uses the right strength of encryption
and provides a private connection on any page that requires customers to
enter personal information.

Guards Against Phishing - Phishing emails often contain links that
lead unsuspecting customers to a convincing replica of an otherwise
reputable site. Often disguised as advertisements or shipping
confirmations, these emails attempt to gather credit card information for
malicious use. However, the people who build these fake sites will have a
hard time obtaining an authentic SSL certificate. When customers dont see
the signs of security on a site, theyre more likely to navigate away without
entering any information.

Added Brand Power - Companies that provide SSL certificates often offer
site seals and other images that indicate well-trusted encryption is in use.
Displaying these branded icons gives customers an added level of assurance
that their information is safe as it travels.

Improves Customer Trust - All of these elements work together to
create trust between a customer and a business. Providing your customers
with security for all of their information and giving them ways to verify that
security improves confidence and helps to ensure a positive buying
experience.