Which type of SSL Certificate plan covers FTP and give Secure FTP certificate?

Please tell the company and the plan Providing SSL Certificate plan that covers FTP and give Secure FTP certificate. Please refer me to a company which provides SSL certificates at low costs….

Any CA can issue you SSL certificates. Verisign, Thawte, Geotrust,Comodo, etc. Unless you are planning on doing this for a lot of clients you don’t necessarily need a public CA. Most FTP servers these days can generate their own certificates. Generating your own would obviously be the lowest cost but it wouldn’t be in the trusted root by default of your clients.

Secure Sockets Layer = E-commerce Security

It is not so hard to make a webpage, find something to sell and start making e-commerce! These days it is really easy, but much harder is to find customers and get their trust, because any business plan, even the most perfect, can totally fail without trust.

How to get this trust? How make webpage safe? How to know, that a webpage is dependable? That you can find out in this article!

How SSL works?!

SSL encrypts data, like credit cards numbers (as well other personally identifiable information), which prevents the hackers or identity thiefs from stealing your information for malicious intent. SSL encrypts data, like credit cards numbers (as well other personally identifiable information), which prevents the hackers or identity thiefs from stealing your information for malicious intent.

There are 5 steps, who describe SSL encryption:

1. A customer contacts your site and accesses a secured URL: a page secured by a Server ID (indicated by a URL that begins with “https:” instead of just “http:” or by a message from the browser).

2. Your server responds, automatically sending the customer your site’s digital certificate, which authenticates your site.

3. Your customer’s Web browser generates a unique “session key” (like a code) to encrypt all communications with the site.

4. The user’s browser encrypts the session key with the your site’s public key so only your site can read the session key. Depending on the browser, the user may see a key icon becoming whole or a padlock closing, indicating that the session is secure.

5. A secure session is now established–all communications will be encrypted and can only be decrypted by the two parties in the session. It all takes only seconds and requires no action by the user.(support.acmeinternet.com)

What is site digital certificate?

A digital certificate is an electronic file that uniquely identifies individuals and servers. Digital certificates serve as a kind of digital passport or credential which authenticate the server prior to the SSL session being established.

A digital certificate contains an entity’s name, address, serial number, public key, expiration date and digital signature, among other information. When a Web browser like Firefox, Netscape or Internet Explorer makes a secure connection, the digital certificate is automatically turned over for review. The browser checks it for anomalies or problems, and pops up an alert if any are found. When digital certificates are in order, the browser completes secure connections without interruption. A digital certificate is an electronic file that uniquely identifies individuals and servers. Digital certificates serve as a kind of digital passport or credential which authenticate the server prior to the SSL session being established. A digital certificate contains an entity’s name, address, serial number, public key, expiration date and digital signature, among other information. When a

Web browser like Firefox, Netscape or Internet Explorer makes a secure connection, the digital certificate is automatically turned over for review. The browser checks it for anomalies or problems, and pops up an alert if any are found. When digital certificates are in order, the browser completes secure connections without interruption. Typically, digital certificates are signed by an independent and trusted third party to ensure their validity. The “signer” of a certificate is known as a Certification Authority (CA).

How to known, that this webpage is dependable?

You know that you’re on an SSL protected page when the address begins with “https” instead of “http” and there is a padlock icon at the bottom of the page (and in the case of Mozilla Firefox in the address bar as well). You know that you’re on an SSL protected page when the address begins with “https” instead of “http” and there is a padlock icon at the bottom of the page (and in the case of Mozilla Firefox in the address bar as well).

SSL is just one of the ways how to make web page safer, but for now it is the most popular! Also hackers didn’t sleep and all the time try to find ways how to pass round this system and get data.To get the newest information about information security awareness there is special training courses. So better be ready!

Article source: infosecuritylab

InfoSecurityLab
http://www.articlesbase.com/security-articles/secure-sockets-layer-ecommerce-security-95832.html

What is an Equifax Secure Certificate Authority? I get this message now when I log into Facebook.?

Not only Facebook, but often when I visit yahoo web pages or other. It only recently starting showing up. How do I get rid of this annoying message?

Equifax SCA is a "Root Certificate" authority.
These are trusted companies that are recognized as being legitimate ‘regulators’ of certificates that a website may use for verifying secure connections; (like a bank, or other Internet website) when using "https://" or ‘secure’.
For some reason, yours are showing up, but what setting you have to do this I can’t find.
What browser are you using?
It is not anything bad, unless the window you are seeing is telling you more than just what certificate is being used for that particular website (often a ‘log-in’ page uses this).
Post more info.
Do NOT delete this Root Certificate; it may be needed on another site.

SSL Certificates – Secure Server Certificates

What is SSL?

SSL certificates are generally used with ecommerce shopping carts, or anywhere you want to collect information from a user securely on your website. If you use a secure server certificate with a form; and that form emails the results to you; keep in mind that the email is not secure.

SSL (Secure Sockets Layer): Creates an encrypted link between a web server and a browser. CA (Certificate Authority): The vendor you will get the secure server certificate from CSR (Certificate Signing Request): A text file generated by a web server. A CSR looks like this:

——-BEGIN NEW CERTIFICATE REQUEST——-

MIIDGgBNAGkAYwByAG8AcwBvAGYAdAAgAFIAUwBBACAAUwB

AG4AZQBsACAAQwByAHkAcAB0AG8AZwByAGEAcABoAGkAYwl

L0ygNwwNIvKLMPq4/LcUkZ9Oo4AssXW5mvvhHWGz2RWYRhrw8o

——-END NEW CERTIFICATE REQUEST——-

First, you need to decide whether to use your hosting shared SSL certificate if they offer it. The URL to your store will look something like:

https://theirserver.com/youruserid/your/path/to/store.html

Or do you want to get your own SSL certificate? The URL will look like:

https://yourdomainname.com

If you decide to use your hosts’ shared secure server certificate, then all you need to do is find out the path you need to use to call your files securely, and you will be on your way.

If you decide to get your own SSL certificate, this is generally what happens.

You first need to decide who you are going to get your SSL certificate from. It is a good idea to make sure your host supports your particular vendor. Some certificate authority vendors are:

* Thawte

* Verisign

* Comodo

* You can also review several vendors at a glance at WhichSSL

Before getting your own SSL certificate, you will need to do some reading on what your chosen Certificate Authority requires for a secure certificate, and you’ll also need to come up with some documentation. There are several steps to buying a secure server certificate, once you have decided on a vendor.

This is an overview, not written in stone. Each CA is different, so make sure you read their documentation and what they require. Here is an idea of what they want:

All documentation that is requested must match exactly. Secure certificate authorities will verify that your organization actually exists, so they know they are issuing to the correct company. You will need to prove that the Organization Name and the Domain name are in fact yours to use.

Steps you’ll be taking:

* Gather required documentation

* Have your host generate a CSR

* Complete certificate authority online application

* Certificate authority will process your request

* Pickup and install your SSL certificate (usually an URL is emailed to you to download the secure server certificate)

* Depending on the vendor, it can take a few hours to a few days.

* Send secure certificate to host for installation. (Send in plain text)

Once your web hosting provider receives this information; they will generate the CSR and send it back to you in plain text. You then send it on to Verisign or Thawte, or whoever you have chosen as your secure certificate authority. They will then generate a SSL certificate for you which you will send back to your host for installation. Your web host may charge a fee for installation in addition to what your SSL certificate vendor charges.

Something to think about:

If you’ve decided to purchase your own SSL certificate, you will need to decide how you want your URL to be called. If you, as a rule, call your domain name in your coding as www.yourdomainname.com, then make sure you indicate this to your host when you request a CSR from them. If you don’t, and you get the certificate for yourdomainname.com (without the www), this will cause browser errors, making the certificate seem insecure, and you will need to change your coding.

Always use yourself or your company as technical contact.

How to tell if a site is secure?

After you’ve browsed to a site securely; using https:// in the URL, look on the lower right hand side of your browser. You should see a closed lock. This will tell you the site is secure.

Elizabeth Ramer
http://www.articlesbase.com/advertising-articles/ssl-certificates-secure-server-certificates-76709.html

How to do FTP over SSL using secure certificates in PEM format using PERL?

Can someone provide hints as to which modules to be used to achieve this and if possible some sample code.

Creating a Self-Signed CA Certificate
The first step in creating a Certificate Authority (apart from designing the management, administrative and legal framework) is to create a self-signed certificate for the Certificate Authority. This is done in SSLeay by running the req command (see Example 5 in the Appendix). This command produces a certificate file (CAcert.pem) and key file (CAkey.pem). The CA certificate and key files must remain in $SSLDIR/private, which is where SSLeay will look for them by default (as specified in the ssleay.cnf CA default section), both when acting as a certificate authority, and also when used by the server to implement SSL and validate client certificates signed by the CA.
Install the self-signed certificate in a browser so the browser will recognize server certificates signed by the Certificate Authority. Installing a CA certificate in a browser is somewhat dangerous, unless you trust that certificate and the security of the Certificate Authority. Once installed, the browser accepts any certificate signed by that authority.

To install the CA certificate, load it using HTTP Content-Type application/x-x509-ca-cert. To do this in a manner which does not depend on the server, use the cgi-script (Example 6 in the Appendix), or save the certificate in a file with a cacert suffix and define this suffix in the server configuration file to correspond to the application/x-x509-ca-cert MIME type. For the Apache server, for example, add the line AddType application/x-x509-ca-cert cacert to srm.conf. The certificate and key files must also remain available to SSLeay for the server to be able to use the public key, and the certificate authority to use the private key.

b. Creating a Server Certificate
A server certificate authenticates the server to the client. To make a server certificate, create a certificate request, sign it with the self-signed CA certificate, and then install the certificate as follows:
Use the "req" command to create a new certificate request with SSLeay (See Example 8 in the Appendix). This command creates files containing a certificate request and the private key.
Sign the request using the "ca" command (see Example 11 in the Appendix). This will produce a file containing the certificate.
Copy the certificate and key files to the server certificate directories.
cp newcert.pem $certdir/sitecert.pem
cp newkey.pem $certdir/sitekey.pem

Create hashes for the certificates in the server directory:
CD $certdir
ln -s sitecert.pem `$SSLDIR/bin/x509 -noout -hash < sitecert.pem`.0

Create the DER format server certificate file:
$SSLDIR/bin/x509 -in CAcert.pem -out CAcert.der -outform DER

Update the server configuration file to specify that this is the server certificate to use.
In order to easily find certificates, SSLeay uses hashes of the certificate subject names. Thus, when looking for the certificate of the issuer of a certificate, it looks for a file named with the hash value of the issuer name. The avoids opening files and examining certificates to find a match. The SSLeay x509 command may be used to manipulate certificates; one option is to create a hash of the subject name.
Once these steps have been completed, an SSL connection may be established if the server does not require client certificates.

b. Creating a Client Certificate
A client certificate is used to authenticate a client to a server. Creating and installing a client certificate is more difficult than creating a server certificate because the client must generate a key-pair, keep the private key to itself, and send the public key to the certificate authority to be incorporated into a certificate request. Once a signed certificate has been created using the Certificate Authority, this client certificate must be installed in the client so that the client may present it when needed.
Different clients such as Netscape Navigator 3.01 Gold and Microsoft Internet Explorer 3.02 support different mechanisms for creating client certificates. In this section, we demonstrate a technique for creating and installing a client certificate for each, using SSLeay certificate routines to sign certificate requests (Back up the Windows NT registry before creating client certificates with Internet Explorer).

The procedure for creating a client certificate involves HTML forms; these forms include client specific features such as special tags or JavaScript programs, and Perl CGI scripts that call SSLeay certificate handling applications. The procedures do not rely on special server features, other than the ability to run Perl CGI scripts. The examples completely automate the process, causing a client certificate to be installed once the request form is submitted. (In a production environment the Certificate Authority would need to perform validation instead of automatically issuing the certificate.)

The general steps for creating a client certificate are as follows:

User requests HTML page that displays form on client
User enters identification information
Submission of the form causes the following sequence to occur:
Browser generates a key pair (public and private key)
Private key is stored in browser
Public key is sent with identification information to the server
Server CGI script creates certificate and loads it into the client
The HTML form includes fields (containing defaults) for the different distinguished name attributes which are to be used in the client certificate, information allowing the browser to generate a key-pair, and a hidden field used to return this information to the CGI script. This hidden information is browser dependent.

In Netscape Navigator, the form contains an additional FORM tag, the <KEYGEN> tag. This tag creates a key pair, and causes the public key to be returned as a form value when the form is submitted (see Example 12 in the Appendix for source of a sample form). The <KEYGEN> tag causes the browser to display a choice of security grades, depending on the version of Navigator