1 / 18

SSL Security with Alpha Five App Server

SSL Security with Alpha Five App Server. Protecting sensitive or personal data. Types of Web Pages. Unsecure Plain Text http:// Secure – SSL (secure sockets layer) TLS (transport layer security) Encrypted between browser and server https://. Other Types of Secure Web Communications in Alpha.

grant-henry
Download Presentation

SSL Security with Alpha Five App Server

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SSL Security with Alpha Five App Server Protecting sensitive or personal data. Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007

  2. Types of Web Pages • UnsecurePlain Texthttp:// • Secure – SSL (secure sockets layer)TLS (transport layer security)Encrypted between browser and serverhttps:// Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007

  3. Other Types of Secure Web Communications in Alpha • Email – digitally signed and encrypted. Must use routines external to Alpha. • Encrypt a Zip attachment to email. • SSL/TLS Email – from web server to mail server only. Not to recipient’s inbox. Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007

  4. SSL Decisions • What Certification Authority • What Type of Certificate • What Encryption Level • What Type of Browsers and Web Servers Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007

  5. Certification Authority • Trusted 3rd Party • They do the verification of the SSL application • GoDaddyThawteGeoTrustVerisignothers Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007

  6. Types of Certificates • Self-Signed – free • Turbo – ($20 - $149) • High Assurance – ($90 - $400) • Extended Validation – gets a green address bar in Vista. – ($500 - $1,500)(low rates are for GoDaddy) Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007

  7. Encryption Level • 40-bit • 512-bit* • 1024-bit* - used by most financial institutions • 2048-bit** supported by Alpha Application Server Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007

  8. Browser and Web Server • Export restriction on 128-bit encryption lifted in 2000. • Modern browsers (IE 5.5+) support 128-bit encryption. • Modern web servers support 128-bit encryption. • Notes on older operating systems and SGC (Server-Gated Cryptography) Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007

  9. How to do it • Create a certificate request from the Alpha Application Server settings screen. • Send the request to a Certification Authority and get back a certificate file • Install the key (created in #1) and certificate files in the Alpha App Server • Insure that port 443 is open in firewall and router Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007

  10. How to do it (cont.) • URL links must use https:// Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007

  11. If a Security Warning Pops Up in the Browser • Insure that the URL specified in the CSR matches exactly • Always happens with a Self-Signed certificate Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007

  12. Using a Self-Signed Cert or if info does not match Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007

  13. Demo – before Cert request Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007

  14. Demo – Certificate Signing Request (CSR) Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007

  15. Demo – CSR Result Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007

  16. Demo – Cert Installed Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007

  17. Demo - live Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007

  18. Links • http://luxsci.com/info/about_ssl.html - See section on SSL in Action • Wikipedia – more technical • GoDaddy Certs – describes different Cert levels Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007

More Related