What is SSL?

A Web Server Certificate, or Server ID, is a digital document containing unique codes that identify the holder of the certificate to the person accessing the site. On the Internet, website visitors usually have no reliable way to identify who owns the online store that they are doing business with. When customers visit a virtual store to make the purchase, their biggest concern is whom they will be paying and if the payment is conducted in a secure way. This is why you need SSL certificates to secure your server.

The Secure Sockets Layer (SSL) is a protocol originally developed by Netscape. It has become the universal standard on the Web for authenticating websites to Web browser users, and for encrypting communications between browser users and web servers. SSL is built into all major browsers and web servers, which means no matter where the protocol is implemented, the same implementation is operated. After a digital certificate, or Server ID, is installed, SSL capabilities are then enabled.

A Web Server Certificate is issued by a trusted third party called a Certification Authority (CA). CAs must audit the identity of the people or organizations to whom they issue certificates. Once the CA establishes an organization's identity, it issues a certificate that contains the organization's public key and signs it with the CA's private Key. SSL certificates hold information about web servers. They contain information about the owners of the certificates, the server to which the certificate was sold, when it was sold and when it expires. By checking the details of the certificate, your customers can assure themselves that the website they are dealing with is in fact the website they want to be dealing with. They also know that their credit card or personal details cannot be intercepted by a third party on Internet.

Who needs SSL?

If your website has online ordering facilities and you want to assure customers that they are not exposed to any of the risks associated with sending data over Internet, you should apply for an SSL certificate.

Please note currently Web Host Pro's hosting server (TigerShark) does not support SSL. You will need to use another hosting service for your domain if you wish to establish a secure site.

What type of Web Server Certificate does WebHostpro offer?

Currently, Web Host Pro offers SSL Certificate Authority Premium Server Certificates, a one-year certificate that is advanced next generation technology. These certificates offer true 128-bit SSL encryption that is compatible with 98% of all Internet browsers.

Features of a secure site

A page is secure if:

1) The URL changes from http:// to https://.

2) A lock symbol appears in the lower left-hand status bar in Netscape Navigator

3) A lock symbol appears in the lower right-hand status bar in Internet Explorer

A Web Server Certificate offered by WebHost.pro costs US$50. The certificate is valid for one year.

WebHostpro certificates support the following browsers:

AOL Browser 6.x and higher

Microsoft Internet Explorer 5.01 and higher

Netscape Navigator 4.51 and higher

Opera 5 and higher

Galeon

Konqueror

Mozilla

All other commonly used browsers may connect securely with web servers using our QuickSSL Premium certificates. However, some older browsers may display a dialogue box indicating that the certificate is not trusted. This means that the certificated is not located in the browser certificate store and, in most cases, the user will be prompted to install it with a few clicks of their mouse.

Server compatibility

Web Host Pro certificate supports all current releases of commercial and freeware web servers that support SSL v.3. Supported servers include:

Apache 2.x

Apache + MOD SSL

Apache + Raven

Apache + ApacheSSL

C2Net Stronghold

Cobalt RaQ3/RaQ4/XTR

Ensim

IBM HTTP

Jakarta Tomcat

IBM-Lotus Domino Go 4.6.2.6+

Lotus Domino 5.0x

Microsoft Internet Information Server 4.0

Microsoft Internet Information Server 5.0

Netscape Enterprise/Fast Track

Plesk

WebLogic 5.1

WebLogic 6.x

WebSTAR 4.0 and higher

Zeus Web Server v3

Certificate signing request

A CSR is a text file, generated through a web server that is submitted to the Certification Authority during the digital certificate application process and used to generate a signed digital certificate. It contains the following:

1. Identifying information about the company applying for the digital certificate

2. The company's public key

3. The type of web server on which the certificate will be installed

It is usually transferred via email, but formatted so that is unreadable (although it is not encrypted).

A CSR should look similar to the following example:

-----BEGIN CERTIFICATE REQUEST-----<br> MI711iCWRAwgZIxCzAJBgNVBNiiWlVTMREwDwYDItqIEwhOZXcgWW9yazERMA8GW1<br> UEBxMITmVZBgNVBWoTElJlZ2lzdwyLmNwgSW5jLjEZaWzQHJlZ2lzdGVyLmqhkiG9<br> w0lAQEYEWzMrdydBoI8K+5LEj/yLZ8YVsGasKIJ2rod8anVty9pzPKGxmWiUb2h2i<br> xd3d3LqGSIb3DQc3lzYWRtVvzWHkfMDq6q0jXQGI4yJKLFg8WMAcjJgzE5bopWybK<br> eofWL0ZNGcsImfy3WeR9cydfwrJ05mgPUzAwEMBsGCSqGSIbBzELEwl0ZXzdQADgY<br> EAgvJs5PTvo3O2OaUSdm+/58fG3Wcsy/OKivjPIVQ+Mot3HSchd04D++zBWn5Ih2/<br> QMCxzlq7oXQFwSFe0IDXPRhCLWcWkz991+CdGdmw25g=<br> -----END CERTIFICATE REQUEST-----

When entering the CSR in the appropriate field to copy and paste the entire CSR, the user should include the beginning and ending dash marks.

Reminder: Please do not set a password for the CSR. If you encrypt the Certificate Signing Request, we will email you to re-create the CSR since we will be unable to process the order.

Distinguished name

A user will be asked to enter the server's distinguished name when generating CSR. Distinguished names uniquely identify individual servers, and contain the following information:

1) Common Name: The Common Name is the fully qualified domain name used for DNS lookups of a server (such as www.Web Host Pro.com). This information is used by browsers to identify the website. Client browsers connecting to your host will check for a match between the certificate's common name and the URL. Do not include the "http://" or "https://" in the Common Name.

2) Organization or Company: This should be the organization that owns the domain name. The organization name (corporation, limited partnership, university, or government agency) must be registered with some authority at the national, state, or city level. Use the legal name under which your organization is registered. Do not abbreviate or use any of these symbols: ! @ # $ % ^ * ( ) ~ ? > < /

3) Organizational Unit: This is an optional field used to differentiate between divisions within an organization, for example, "Marketing" or "Research and Development." If the organization is doing business as ("dba") a trade name, you may specify the trade or dba name in this field.

4) City/Locality: This is an optional in most situations. Do not use abbreviations. For example, spell "New Orleans," instead of "N.O." If the organization is registered locally only, for example by virtue of having a business license registered with the City Clerk, the Locality/City field must contain the name of the city where registered. In this case, the State/Province field is required.

5) State/Province: U.S. and Canadian customers must enter a State or Province name. In the United States, if your organization is incorporated in the state of Washington, but is operating within Louisiana, use Louisiana. Do not abbreviate. International customers must enter either a State/Province or a City/Locality. Do not abbreviate.

6) Country: This is the 2-character ISO format country code. For example, AU is the code for Australia, and BR is the valid code for Brazil.

More on the Common Name

When generating a Certificate Signing Request (CSR) from the web server, a user will be required to enter Common Name.

The Common Name is typically composed of Host + Domain Name and will look like "www.mycompany.com" or "mycompany.com." Our Server IDs are specific to the Common Name that they have been issued to at the Host level. The Common Name must be the same as the Web address you will be accessing when connecting to a secure site. So please be careful when you decide the Common Name. This information cannot be changed after the certificate is issued. For example: If the user types in Common Name as xyz.com and is directing visitors to www.xyz.com or secure.xyz.com, as www.xyz.com and secure.xyz.com are different from xyz.com, the visitors will see the Certificate Name Check alert box when using their browser until the user either redirect or purchase a new certificate for the common name www.xyz.com or secure.xyz.com.

When the Server ID will be used on an Intranet (or internal network), the Common Name may be one word, and it can also be the name of the server.

We do not offer Wild Card Certificates such as: *.yourdomain.com

Troubleshooting FAQs

Can I use symbols when generating CSR?
The following characters can not be accepted: < > ~ ! @ # $ % ^ * / ( ) ?.

My CSR has been rejected during the application process. How can I proceed?
To apply for your Web Server Certificate, you must have a CSR that is valid and properly formatted. If your CSR has been rejected, please be sure that you have cut and pasted the entire CSR into the appropriate field, including the dash marks at the beginning and ending of the text area. If your CSR is still rejected, you will need to regenerate it using the web server on which you plan to host your secure website.

What should I do if the WHOIS information doesn't match the information generated by the CSR?
If the WHOIS information for your domain name doesn't match the information generated by the CSR, you can either change the WHOIS information or regenerate your CSR with the correct information.

What can I do if my application has been rejected?
The most common reason for a certificate application to be rejected is inconsistency with the WHOIS information, CSR information and contact information that you provided during the application process. If your application has been rejected, you can contact our Customer Support Department and we will assist you to find out what caused the application failure. When you resubmit your certificate request, please ensure that all of the information provided is correct and consistent.

I can't install my certificate. What do I do?
First of all, please check the web server software-specific installation FAQs listed on our website. If you've lost your key or password, and don't have a backup, then you will have to purchase a new certificate.

I am receiving an error “CA Unrecognized.” What does this mean? The reason for this error is that you did not complete the installation process. Please install the root certificate.

The security padlock is not displayed in my browser when accessing my secure page. What’s wrong? If your site is set up in a frame, then this can be the problem. Frames are usually located in a non-secure http directory on your server. When you access an SSL page, with non-secure frames, you will not see a padlock, even though the page is encrypted and secure. You can check the page information for details about that page. If you want the padlock displayed on your secure page, you can decide not to use frames.

How can I specify the frames I use on my website to be secure? Please make sure that you have scoured the frames from https in your HTML.

Managing certificates

Check the size of the certificate

After you have installed your certificate, connect to a secure page on your server using a Web browser.

1) If you are using Internet Explorer, click on File > Properties.

2) If you have OpenSSL, you can use the following command to check: opens x509 -noout -text -in

3) Some web servers will display key size information in the properties of your key/cert.

Keep the private key secret

Your digital private key is the critical portion of your online identity. Once you receive your own digital signing certificates, keep your private key as secure as possible. If another person got a hold of your private key, they would have the potential to distribute information on the Internet or intranet in your name. Specifically, do not place your private key on removable media, on shared drives, or send it in e-mail.

If your key was compromised, you could be held legally responsible for the actions of someone else. If the private key of your digital certificate has been compromised you should notify us and revoke the certificate at once. WebHostpro provides certificates, but you are the person who is responsible for key management.

Click here to apply for a SSL Certificate

We will need to make a request for you first,
To make a request please contact us here for details.