SSL Security with Alpha Five App Server
-
Upload
grant-henry -
Category
Documents
-
view
35 -
download
0
description
Transcript of SSL Security with Alpha Five App Server
Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007
SSL Security with Alpha Five App Server
Protecting sensitive or personal data.
Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007
Types of Web Pages
UnsecurePlain Texthttp://
Secure – SSL (secure sockets layer)TLS (transport layer security)Encrypted between browser and serverhttps://
Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007
Other Types of Secure Web Communications in Alpha
Email – digitally signed and encrypted. Must use routines external to Alpha.
Encrypt a Zip attachment to email. SSL/TLS Email – from web server to mail
server only. Not to recipient’s inbox.
Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007
SSL Decisions
What Certification Authority What Type of Certificate What Encryption Level What Type of Browsers and Web Servers
Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007
Certification Authority
Trusted 3rd Party They do the verification of the SSL
application GoDaddy
ThawteGeoTrustVerisignothers
Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007
Types of Certificates
Self-Signed – free Turbo – ($20 - $149) High Assurance – ($90 - $400) Extended Validation – gets a green address
bar in Vista. – ($500 - $1,500)
(low rates are for GoDaddy)
Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007
Encryption Level
40-bit 512-bit* 1024-bit* - used by most financial institutions 2048-bit*
* supported by Alpha Application Server
Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007
Browser and Web Server
Export restriction on 128-bit encryption lifted in 2000.
Modern browsers (IE 5.5+) support 128-bit encryption.
Modern web servers support 128-bit encryption.
Notes on older operating systems and SGC (Server-Gated Cryptography)
Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007
How to do it
1) Create a certificate request from the Alpha Application Server settings screen.
2) Send the request to a Certification Authority and get back a certificate file
3) Install the key (created in #1) and certificate files in the Alpha App Server
4) Insure that port 443 is open in firewall and router
Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007
How to do it (cont.)
5) URL links must use https://
Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007
If a Security Warning Pops Up in the Browser
Insure that the URL specified in the CSR matches exactly
Always happens with a Self-Signed certificate
Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007
Using a Self-Signed Cert or if info does not match
Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007
Demo – Certificate Signing Request (CSR)