SSL, which stands for Secure Sockets Layer, is a protocol that allows traffic between a Web server and client (ie, the browser) to be strongly encrypted, using public key technology.
Access to a SSL-enabled server is made through URLs that begin with “https:” rather than “http:” The secure connection is made on port 443 rather than port 80, and all traffic in both directions is encrypted. The secure server must present a digital certificate before the connection will be trusted by the client.
At pair Networks, we operate dozens of secure servers. Most of them, known as ssl.pair.com, ssl2.pair.com, and so forth, are used for those who have requested the SSL add-on for their account.
Our secure services are provided by using the Apache Web server with the mod_ssl module.
Common Misconceptions About Secure Services
- SSL is for credit card purchases. – Although the submission of credit card information is one of the most popular uses of SSL, there is no special relationship between SSL and credit cards. SSL does not provide for credit card processing in any way; it merely encrypts data during transit.
- A secure certificate is required. – Our normal setup for SSL provides you with use of an area under https://ssl#.pair.com/ (or other pair URL),
which uses our own certificate. Certificates are specific to a host name.
If you need secure service under your own domain name, such as https://www.example.com/,
you will need to purchase your own certificate from a certificate authority.
pair Networks offers secure certificates through pairSSL.com.
- The secure server delivers encrypted data to your CGI script. – When data “comes out of” the secure server on the local side, it is unencrypted. As far as a CGI script can tell, there is no difference between secure and regular Web servers.
- Once the data has been delivered, it is “safe”. – One of the most common mistakes is to take secure data and re-send it through e-mail, or even to store it unencrypted on the server. To provide a reasonable degree of security, secure data should immediately be re-encrypted as soon as it is received from the secure server. We realize that many, many sites, including large corporate sites, do not take these precautions. But do you want to give that to your customers as an excuse when their information gets stolen?To provide for safe re-encryption of secure data once it is received from the secure server, we recommend the use of GnuPG (Gnu Privacy Guard). GnuPG version 1.4.5 is installed on all of our servers.