Secure Sockets Layer (SSL) is a protocol for securing communication on the Internet. It provides a way to encrypt data before sending it to users. A public key exchange provides a way to send encrypted messages that are decrypted at the opposite site.
When SSL is enabled on a webpage, the URL will have an “https” prefix instead of an “http” prefix. Https uses a different port (see appendix).
SSL certificates are issued through Certificate Authorities (CAs), which are entities entrusted with selling and distributing SSL certificates. CA`s form the backbone of SSL, providing new certificates and verification of existing certificates. To make your web browser with Web encryption of the Ayrix publicly accessible to need to execute the following steps:
- The first step is to choose a Domain name at a domain registrar, and you choose a CA. Fees may apply for both.
- The next step is to generate in the tab “Request Certificate” a private key and the certificate signing request (CSR).
- The generated information needs be sent to the CA,
- CSRs contain information that will be used in the certificate such as the location of the organization, the domain name, and the email address of the administrator.
- When the CA verifies the CSR, they will send the certificate along with several additional certificates. These additional certificates are known as intermediate certificates.
- With the tab “Add Certificates” you install the private and private key, the SSL certificate as well the SSL Bundle
- Once these certificates are installed, the server is SSL-ready,
- Reload the webpage to access now the HTTPS://IP_addres_or_FQDN.
Request Certificate: That SSL service generates such a “self-signed” certificate Request (CSR). The Administrator certificate signer is the 1est administrator registered in the User authorization.
|Request Certificate||Create a self-signed certificate|
|Location||your companies location/address|
|Organization||Your Organization name|
|Organization Unit||Your department|
|SSL Domain||Your (unique) Domain name|
Most probably, your company have already valid certificates by an earlier registration. In the Tab “Add Certificates” you can
This certificate data is downloaded to the operating system. Now the webserver has also access to that.
|Add Certificate||Paste a self-signed certificate or add a signed certificate from the certification authority.|
|Private Key||The private key. Copy & paste your private key in a complete file from: —–BEGIN PRIVATE KEY—– to —END PRIVATE KEY—–|
|SSL Certificate||The certificate received from the CA|
|SSL Bundle||The bundle file of both, private and public certificate to verify the entries .|
In an upcoming release VoIP security this Certificate generation can be applied for VoIP encryption (see SRTP).
Important security notice: Private keys should not be accessible in normal operation, As the public and private key is displayed on the web page, we strongly advice to restrict the SSL page access only to the IT Administrator(s). That can be restricted in the User Authorization settings.
What is CA bundle?
CA bundle is a file that contains root and intermediate certificates. The end-entity certificate along with a CA bundle constitutes the certificate chain. The chain is required to improve compatibility of the certificates with web browsers and other kind of clients so that browsers recognize your certificate, and no security warnings appear. Comodo may send you a complete CA bundle in a zip file with a *.ca-bundle extension or root and intermediate certificates separately.