For SSL Certificate Installation On Windows
The Internet has created many new global business opportunities for enterprises conducting online
commerce. However, the many security risks associated with conducting e-commerce have resulted in security becoming a major
factor for online success or failure.
Over the past years, consumer magazines, industry bodies and security providers have
educated the market on the basics of online security. The majority of consumers now expect security to be integrated into any online
service they use, as a result they expect any details they provide via the Internet to remain confidential and integral. For many
customers, the only time they will ever consider buying your products or services online is when they are satisfied their details are
This guide explains how you can utilize SSL certificates
activate the core security technology available on your existing web server. You will also learn how
allows you to protect your customer's transactions and provide
visitors with proof of your digital identity - essential factors in gaining confidence in your services and identity.
certificates from Bummer Hosting Solutions
to secure your online transactions tells
your customers you take their security seriously. They will visibly see that their online transaction will be secure, confidential and
integral and give them the confidence that you have removed the risk associated with trading over the Internet.Using
security helps you realize the benefits of online commerce:
- Open global markets - gain customers from all over the world
- New and exciting ways of marketing directly to your customer
- Offer new data products and services via the Web
Only if you have visibly secured your site with SSL security technology will your customers have confidence in your online operations.
Read on to learn how SSL helps you achieve the confidence essential to successful e-commerce.What is SSL?
Secure Sockets Layer
, SSL, is the standard security technology
for creating an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and
browser remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online
transactions with their customers. In order to be able to generate an SSL link, a web server requires an SSL Certificate.
you choose to activate SSL on your web server you will be prompted to complete a number of questions about the identity of your
(e.g. your website's URL) and your company's name
plus it's location. Your webserver then creates two cryptographic keys - a Private Key and a Public Key. Your Private Key is so called
for a reason - it must remain private and secure. The Public Key does not need to be secret and is placed into a Certificate Signing
Request (CSR) - a data file also containing your details. You should then submit the CSR during the SSL Certificate application
process Bummer Hosting Solutions
, who will validate your details and
issue an SSL Certificate containing your details and allowing you to use SSL.
Your web server will match your issued
SSL Certificate to your Private Key. Your web server will then be able to establish an encrypted link between the website and your
customer's web browser.Displaying the SSL secure padlock
The complexities of the SSL protocol
remain invisible to your customers. Instead their browsers provide them with a key indicator to let them know they are currently
protected by an SSL encrypted session - the PadlockAs seen by users of Internet Explorer
Clicking on the Padlock displays your SSL
Certificate and your details:As seen by users of Internet Explorer
All SSL Certificates are issued to either companies or
legally accountable individuals. Typically an SSL Certificate
will contain your
domain name, your company name, your address, your city, your state and your country. It will also contain the expiry date of the
Certificate and details of the Certification Authority responsible for the issuance of the Certificate.
When a browser connects
to a secure site it will retrieve the site's SSL Certificate and check that it has not expired, it has been issued by a Certification
Authority the browser trusts, and that it is being used by the website for which it has been issued. If it fails on any one of these checks
the browser will display a warning to the end user.Bummer Hosting Solutions benefits summary:
Hosting Solutions SSL certificates are the most cost effective SSL certificates you can buy including:
Step by step instructions to set up SSL on your Microsoft IIS webserver
- Full validation
conducted quickly - in many cases, within an hour
- Over 99.3% browser compatibility
- 128 bit strong encryption
- Backed by warranties ranging from $50 to $10,000
- Bummer Hosting Solutions certificates allow you to
successfully use SSL on your webserver.
There are four stages to setting up
SSL on your Microsoft IIS webserver:
1. Generating a Certificate Signing Request (CSR)
- Create a Certificate Signing Request (CSR)
- Apply online
- Displaying your Secure Site Seal
A CSR is a file containing your certificate application information,
including your Public Key. Generate your CSR and then copy and paste the CSR file into the web form in the enrollment process:
Generate keys and Certificate Signing Request:
- Select Administrative Tools from the Start Menu
- Start Internet Services
- Open the
Properties window for the website the CSR is for. You can do this by right clicking on the Default Website and selecting Properties
from the menu
- Open Directory Security by right clicking on the Directory Security tab
Click Server Certificate. The following Wizard will appear:
Click Create a new certificate and click Next.
Select Prepare the request now, but send it later and click
Provide a name for
the certificate, this needs to be easily identifiable if you are working with multiple domains. This is for your records only.
your server is 40 bit enabled, you will generate a 512 bit key. If your server is 128 bit you can generate up to 1024 bit keys. We
recommend you stay with the default of 1024 bit key if the option is available. Click Next
Organization and Organization Unit, these are your company name and department respectively.
Common Name field should be the Fully Qualified Domain Name (FQDN) or the web address for which you plan to use you
Certificate, e.g. the area of your site you wish customers to connect to using SSL. For example, a Certificate issued for
bummerhosting.com will NOT be valid for secure.bummerhosting.com or www.bummerhosting.com. If the web address to be used for
SSL is www.bummerhosting.com, ensure that the common name submitted in the CSR is www.bummerhosting.com. Note that
preceding the FQDN with https:// is NOT necessary.
Enter your Country, State and City. Click Next.
Enter a filename and location to save your CSR. You will need this CSR to enroll for your Certificate. Click Next.
Check the details
you have entered. If you have made a mistake click Back and amend the details. Be especially sure to check the domain name the
certificate is to be Issued to. Your Certificate will only work on this domain. Click Next when you are sure the details are absolutely
correct.2. Applying for your Bummer Hosting Solutions Certificate Online
Bummer Hosting Solutions
and order your SSL certificate. Once you do,
the tech support department will tell you what you need to do. When you make your application, make sure you include the CSR in its
entirety into the appropriate section of the enrollment form. When you view your CSR it will appear something like:
-----BEGIN NEW CERTIFICATE REQUEST-----
NEW CERTIFICATE REQUEST-----
Be sure to copy the entire CSR text including the text below when sending it to Bummer Hosting Solutions Tech Support.
-----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST-----
3. Installing your
Bummer Hosting Solutions SSL Certificate
When you SSL Certificate has been issued you will receive 3 Certificates
via email from Bummer Hosting Solutions
. Save these certificates to the desktop of
the webserver machine, then:
- Click the Start Button then select Run and type mmc
- Click File and select Add/Remove
- Select Add, select Certificates from the Add Stand alone Snap-in box and click Add
- Select Computer
Account and click Finish
- Close the Add Stand alone Snap-in box, click OK in the Add/Remove Snap in
- Return to the
A. To install the GTECyberTrustRoot Certificate:
Right click the Trusted Root Certification Authorities, select All Tasks,
Locate the GTECyberTrustRoot Certificate and click Next.
When the wizard is completed, click Finish.
To install the Bummer Hosting Solutions CA Certificate:
Right click the
Intermediate Certification Authorities, select All Tasks, select Import.
Complete the import wizard again, but this time locating
the Bummer Hosting Solutions CA Certificate when prompted for the Certificate file.
Ensure that the GTECyberTrustRoot
certificate appears under Trusted Root Certification Authorities
Ensure that the Bummer Hosting Solutions CA appears
under Intermediate Certification Authorities
C. Installing your SSL Certificate
Select Administrative Tools
Start Internet Services Manager
Open the properties window for the website. You can do this by right clicking on the Default Website and
selecting Properties from the menu.
Open Directory Security by right clicking on the Directory Security tab
Click Server Certificate. The following Wizard will appear:
Choose to Process the Pending
Request and Install the Certificate. Click Next.
Enter the location of your certificate (you may also browse to locate your
certificate), and then click Next.
Read the summary screen to be sure that you are processing the correct certificate, and
then click Next.
You will see a confirmation screen. When you have read this information, click Next.
You now have
a server certificate installed.
Important: You must now restart the computer to complete the install
Properties of the default website and ensure that SSL port contains the number 443 (it should default to this number automatically).
You may want to test the Web site to ensure that everything is working correctly. Be sure to use https:// when you test connectivity
to the site.