TLS (SSL)
Important! SSL integration with NetFORUM is deprecated. SSL has been replaced with TLS 1.2.
Secure Socket Layer (SSL) is a protocol developed for securing data transmissions across the Internet. SSL is an integral part of virtually all web browsers and web servers and makes use of a public-and-private key encryption system.
In order to establish an SSL connection, the SSL protocol requires that a server have a digital certificate installed (SSL Certificate). A digital certificate is an electronic file that uniquely identifies individuals and servers. Digital certificates allow the client (Web browser) to authenticate the server prior to establishing the SSL session.
There are different kinds of SSL’s.
Abila usually orders the one that covers the credit card number only – secures/encrypts the number. This is done when we file for your iWeb domain name; e.g., ntmamembers/iweb. It takes from 2 days to 1 week; this depends on how long the domain name search takes.
There is one where you can secure the entire site, but that is different than what Abila usually orders.
Once the SSL certificate is installed on your server, we can configure your site to use it in a few ways. Because all of the pages on the site are dynamic, there is no option of setting it up as https for only certain pages. So the options are as follows:
Option 1 - Set the site (iweb\eweb\xweb) to require https:
Advantage – Every page of the site will always be secure. Even if someone tries to get to an inside page from an old bookmark or a link on another site that uses http, they will get an error and will be asked to use https in the URL. Disadvantage – Anyone who tries to find your site by just typing in ntma.org in their browser, will receive an error message directing them to use https
Option 2 – We don’t set the SSL to require https, but put a redirect on the site so the home page automatically goes to https://www.ntma.org.
Advantage – This will allow people to find your site by just typing ntma.org in their browser and still have security on all the pages of the site. The transition will be seemless to users.
Be sure to specify how you would like us to configure this for your site. The SSL will only be enforced on the sites you request. When requesting a new SSL, it will be best if you specify which option you prefer to secure your iweb and/or eweb site. We can also setup a redirect so visitors going to your root URL (www.abc.com) will be pointed to either your eweb (ww.abc.com/eweb) or iweb (www.abc.com/iweb) site.
SSL enables secure online transactions by combining the following three important elements:
- Authentication: A digital certificate is associated with a specific domain name. This connection between the certificate and domain name provides users with an assurance that they are interacting with a legitimate organization's Web site, not an imposter's.
- Encryption: Encryption is the process of transforming information to make it unintelligible to all but the intended recipient. An SSL certificate, a special kind of digital certificate, binds an identity to a pair of electronic keys that can be used to encrypt and sign digital information transmitted over the Internet via the "https" protocol.
- Message Integrity: After an SSL session has been established, the contents of all communications between client and server are protected from tampering on route. All parties to the transaction know that the information they have received is exactly what originated from the other side of the SSL session.
With a VeriSign SSL certificate installed on your Web site, visitors will be able to submit credit card numbers or other sensitive information to you, with complete assurance that they are really doing business with you (and not an impostor) and that the information they are sending to you can not be intercepted or tampered with during transmission.
For Hosted netFORUM Enterprise clients, we strongly recommend Secure Site Pro from Verisign
- Secure Site Pro
With a Secure Site Pro certificate installed on your server, you can guarantee that every Web site visitor will receive the strongest SSL encryption available to them, regardless of operating system or browser version. Secure Site Pro provides a minimum of 128-bit SSL encryption on almost all PCs+, including many Windows 2000 PCs# that would not otherwise be capable of receiving that level of security.
Client Tasks
You will need a unique certificate for each fully qualified domain per server instance. For example, "digitalid.verisign.com" and "www.verisign.com" each require a unique certificate. If you are using one fully qualified domain on multiple servers (e.g., in a load balancing environment) then you will need to purchase additional server licenses for each server.
In cases where our client has their own domain name registration, to get the Verisign certificate (SSL), Abila will need:
- Full name and title of the administrative contact. Including phone number and extension and e-mail address.
- Full name and address for the organization.
- The Organization’s Dunn & Bradstreet number. <- very important.
- The domain name must be registered under the specified organization. <- very important
The administrative contact will be contacted by Verisign at the specified phone number and extension to confirm the purchase and authorization.
If the client is using a sub-domain for netFORUM (e.g., members.abc.org/iweb) and has its own domain, it will need to register the sub-domain before Abila can request and setup the SSL certificate for the client.
Specify how you would like us to configure the SSL for your site based on the options we detail on the SSL help page given above.
If you will be maintaining an existing website with a third party vendor and will be integrating with eWeb, you must let the third party vendor know the SSL secured domain you selected for them to redirect website visitors to eWeb.
Abila Tasks
Once this is done, we’ll get the certificate and can install on the server.
To ensure the security of confidential data, Abila recommends that the iWeb, eWeb, and xWeb applications all be set to require SSL; doing so will render the site inoperable if accessed from a http (and not an https) URL address.