Welcome to the next three-part Coolhousing data center manual that will introduce you an SSL certificate and advise you how to secure your webserver using this certificate through Webmin or ISPConfig. Let's take a look at it!
Introduction
Security is nowadays one of the key issues addressed by both providers of web services and servers and especially by their users. The safer the web, the better it is ranked by Google-type search engines, and it is thus positioned far above competitive sites without similar security.
If you don’t understand anything in the manual, don’t hesitate to contact us and our technicians will be happy to assist you. At the same time, we will be glad to receive your ideas and feedback in order to for us to further improve this manual, so that it is as understandable for all users as possible.
What Is SSL?
To stick with the most accurate definition, then SSL (Secure Socket Layer) is a protocol or layer inserted between the transport layer (TCP/IP) and the application layer (HTTP). Its main task is to secure two-way communication through encryption and authentication of communicating parties.
Does it sound complicated? Don’t worry; it is not so hard to understand. The purpose of SSL is – in our case (because SSL can be deployed in many other types of applications) – ensuring secure communication between your website and the visitor who comes to the site.
So you can be confident that the information sent from your site will reach the relevant visitor, and the visitor can be confident that he or she is communicating with your site and not an attacker who, for example, diverted the communication between you or tries to “listen” to it.
It is perhaps clear, that the importance of SSL is particularly evident in e-shops, payment gateways, password administration, or personal data processing. In short, everywhere, where safety is the main criterion.
You can tell the site is protected with the SSL certificate by the lock icon that your browser will display next to the URL. Clicking on it will also give you more detailed information. For example:
Browser security information
However, as we have already said in the introduction, HTTPS, i.e. “HTTP over SSL” (the SSL certificate protected websites) finds its use virtually everywhere. Search engines and catalogues favour secure websites and also the users themselves become more and more accustomed to them. The reason is obvious – everyone wants to be sure he or she is communicating with whom they really want to communicate. Not only when it comes to sensitive data, but even in totally banal cases.
Therefore, we can definitely recommend you to install your own SSL certificate on the web server. After all, its acquisition is now very easy and trouble-free.
Principle of SSL Functioning
If you belong among the inquisitive types, you might want to know how SSL principally works. If you are not interested in these technical details, just skip to the next section.
The entire SSL connection works on the asymmetric cipher principle, when each of the communicating parties has a pair of keys – private and public. The public key is, as the name suggests, publicly available and serves to encrypt the message from the other party. To decrypt this message, the recipient must use the private key, which is the only one capable of decrypting the message (this key is therefore not publicly available).
The SSL connection itself, so-called SSL handshake, proceeds as follows:
- The client sends the SSL connection request to the server
- The server provides the client with the answer along with the certificate
- The client verifies authenticity of the server according to the certificate (the certificate also includes the public key of the server)
- Based on this, the client generates the basis of the encryption key that will be used to encrypt subsequent communication. It encrypts it with the public key of the server and sends it to the server
- The server decrypts the basis of the key with its private key, and both the server and the client generate the master encryption key from it
- Both the client and the server confirm to each other that the communication will be encrypted using this key (this is the end of the handshake phase)
- A secure connection between the client and the server is established using the encryption key and they both communicate via an encrypted connection
This whole process will happen automatically, of course – the visitor’s web browser will take care of it in a fraction of a second.
About SSL installation via Virtualmin/Webmin you can read in part 2
