Transcript SSL Security with Alpha Five App Server

SSL Security with
Alpha Five App Server
Protecting sensitive or personal data.
Alpha Five User Group, Bill Parker, SSL
Security and WAS, July 2007
Types of Web Pages


Unsecure
Plain Text
http://
Secure – SSL (secure sockets layer)
TLS (transport layer security)
Encrypted between browser and server
https://
Alpha Five User Group, Bill Parker, SSL
Security and WAS, July 2007
Other Types of Secure Web
Communications in Alpha



Email – digitally signed and encrypted. Must
use routines external to Alpha.
Encrypt a Zip attachment to email.
SSL/TLS Email – from web server to mail
server only. Not to recipient’s inbox.
Alpha Five User Group, Bill Parker, SSL
Security and WAS, July 2007
SSL Decisions




What Certification Authority
What Type of Certificate
What Encryption Level
What Type of Browsers and Web Servers
Alpha Five User Group, Bill Parker, SSL
Security and WAS, July 2007
Certification Authority



Trusted 3rd Party
They do the verification of the SSL
application
GoDaddy
Thawte
GeoTrust
Verisign
others
Alpha Five User Group, Bill Parker, SSL
Security and WAS, July 2007
Types of Certificates




Self-Signed – free
Turbo – ($20 - $149)
High Assurance – ($90 - $400)
Extended Validation – gets a green address
bar in Vista. – ($500 - $1,500)
(low rates are for GoDaddy)
Alpha Five User Group, Bill Parker, SSL
Security and WAS, July 2007
Encryption Level




40-bit
512-bit*
1024-bit* - used by most financial institutions
2048-bit*
* supported by Alpha Application Server
Alpha Five User Group, Bill Parker, SSL
Security and WAS, July 2007
Browser and Web Server




Export restriction on 128-bit encryption lifted
in 2000.
Modern browsers (IE 5.5+) support 128-bit
encryption.
Modern web servers support 128-bit
encryption.
Notes on older operating systems and SGC
(Server-Gated Cryptography)
Alpha Five User Group, Bill Parker, SSL
Security and WAS, July 2007
How to do it
1)
2)
3)
4)
Create a certificate request from the Alpha
Application Server settings screen.
Send the request to a Certification Authority
and get back a certificate file
Install the key (created in #1) and certificate
files in the Alpha App Server
Insure that port 443 is open in firewall and
router
Alpha Five User Group, Bill Parker, SSL
Security and WAS, July 2007
How to do it (cont.)
5)
URL links must use https://
Alpha Five User Group, Bill Parker, SSL
Security and WAS, July 2007
If a Security Warning Pops Up
in the Browser


Insure that the URL specified in the CSR
matches exactly
Always happens with a Self-Signed certificate
Alpha Five User Group, Bill Parker, SSL
Security and WAS, July 2007
Using a Self-Signed Cert or if
info does not match
Alpha Five User Group, Bill Parker, SSL
Security and WAS, July 2007
Demo – before Cert request
Alpha Five User Group, Bill Parker, SSL
Security and WAS, July 2007
Demo – Certificate Signing
Request (CSR)
Alpha Five User Group, Bill Parker, SSL
Security and WAS, July 2007
Demo – CSR Result
Alpha Five User Group, Bill Parker, SSL
Security and WAS, July 2007
Demo – Cert Installed
Alpha Five User Group, Bill Parker, SSL
Security and WAS, July 2007
Demo - live
Alpha Five User Group, Bill Parker, SSL
Security and WAS, July 2007
Links



http://luxsci.com/info/about_ssl.html - See
section on SSL in Action
Wikipedia – more technical
GoDaddy Certs – describes different Cert
levels
Alpha Five User Group, Bill Parker, SSL
Security and WAS, July 2007