Securing Transferred Data through SSL
SSL (Secure Sockets Layer protocol) is a standard for transmitting confidential data such as credit card numbers over the Internet. Most true business sites support this feature which allows more security in data transmitted over the WWW. This is the standard minimum security level for true business on the Internet. SSL works by using a private key to encrypt data that is transferred over the SSL connection. To read more about what is SSL and how it works, go to http://www.modssl.org/docs/2.8/index.html
You can secure transfer of the confidential data on your site through:
Get your own certificate for $99 installed HERE
or use the free shared SSL certificate.
Using the Key and Certificate You Already Have
SSL requires a dedicated IP, because name-based hosting does not support data encryption in HTTP requests. To enable SSL, do the following:
Creating a Temporary Certificate
The only difference between temporary and permanent certificates is that temporary certificates are generated by your control panel, not trusted Certificate Authorities. Thus, when visitors enter your site, they will get the "unknown certification authority" warning window.
To generate a new temporary SSL private key and certificate, do the following:
These data will be used to generate the certificate. Don't make changes to the data if you are not sure about the purpose of these changes.
Acquiring a Permanent Certificate
To get a permanent certificate, do the following:
Note: For Equifax, also enter the certificate authority file; for COMODO.NET, also enter the rootchain certificate (Certificate Chain File).
Using Your Provider's SSL Certificate (Shared SSL)
If your provider offers a Shared SSL certificate, you can use it instead of purchasing a certificate of your own. Unlike a regular SSL certificate, it costs less, doesn't require a dedicated IP, and belongs to an equally trusted Certificate Authority. The disadvantage of shared SSL is that it can be used only with third level domains.
To secure your site with Shared SSL, do the following:
Now the site is available both at the non-secured second level domain name (e.g. http://example.com) and at the secured third level domain alias (e.g. https://example.victor.psoft). Note that Shared SSL certificates work only within one domain level, i.e. for user1.example.com and not for www.user1.example.com. In the example above, the certificate will not work for www.example.victor.psoft, and your visitors will get the warning: "The name on the security certificate does not match the name of the site".
NOTE: When designing your pages set any internal links to images or frames as <a href='https://user.domain.com/images/example.jpg'> or simply <a href='/images/example.jpg'>. If you use the <a href='http://...> link, your visitors will get the message: "The page contains both secure and non-secure items". This isn't much of a problem in terms of security, since visitors may simply choose the "do not display nonsecure items" option, but no graphics will be displayed.