To succeed with eCommerce on the web, your site should provide visitors with SSL security. In this article, I will describe how to create a request for an SSL digital certificate. He will also describe how to install the certificate once it is received.One of the limiting factors that can make or break an e-commerce web site is how secure it is. The main buzzword for security on the web is SSL. SSL, or Secure Socket Layer, is a request/response protocol that involves public and private keys, as well as a digital certificate. These days, a 128-bit security certificate is considered standard on any web server, and most newer client web browsers (version 4 or above) are capable of working with a 128 bit public key. For older browsers, the encryption level is simply lowered to a level that the browser can handle, which is 40 bits. Keep in mind though, that a 128-bit certificate is literally trillions of times hard to crack that a 40-bit one!

In this article, I will describe how to create a request for an SSL digital certificate. I will also describe how to install the certificate once it’s received. To receive a digital certificate, you must request one from a certificate provider, such as Verisign or Thawte. We will create a SSL certificate request for a Windows 2000 web server running IIS 5.

To create our certificate request, we will use the certificate wizard built into Microsoft Internet Information Services (IIS) 5. Start by loading the Microsoft Management Console (MMC). Click on Start -> Administrative Tools -> Internet Service Manager.



Next, right click on the site node that requires SSL security (this will be the “Default Web Site” most of the time), and click the properties menu item. Select the “Directory Security” tab and then click on the “Server Certificate…” button. This will load the certificate wizard, as shown below:



Click on the next button to continue. Choose the “Create a new certificate” option and click on the next button again. Select the “Prepare the request now, but send it later” option and click next.

You will now be asked to enter a name and select the bit-length of your certificate. The name of the certificate can be anything you like, but should be easy to remember (“devArticles.com SSL key”, for example). The bit-length should be 1024. Leave the SGC certificate option un-checked and click on next.

Over the next three steps, you will need to enter the details of your company and its location. You should make sure these are exact, as described below:

• Organization Name: The full, registered name of your company as it appears on any legal documents or letterheads, such as Company XYZ Pty. Ltd.
• Organizational Unit: The section of your company that is requesting the certificate. This should usually be something like “eCommerce”, “web development”, or “research”, etc.
• Common Name: The fully qualified domain name of your web server, such as mysite.com, company-xyz.com or someurl.com.au. Do not prefix the command name with www.
• Country/Region: The two-letter ISO abbreviation of the country in which the web server requesting the certificate is located.
• State/Province: The state/province in which the web server requesting the certificate is located.
• City/Locality: The city/locality in which the web server requesting the certificate is located.

Once you have entered all of your company’s details, you will need to enter the filename where the wizard will export the details of the certificate to. The default filename, c:\certreq.txt is fine. Click on next to confirm the details of your certificate and then click next again. Your certificate has been generated and exported to c:\certreq.txt (or whatever filename you entered in the last step).



Click on the finish button. To make sure your certificate was generated successfully, use notepad to open c:\certreq.txt. It should look something like this:

-----BEGIN NEW CERTIFICATE REQUEST-----

MIIDDDCCAnUCAQAwdzEPMA0GA1UEAxMGc2VydmVyMRIwEAYDVQQLEwllQ29tbWVy

Y2UxGDAWBgNVBAoTD2RldkFydGljbGVzLmNvbTEPMA0GA1UEBxMGU3lkbmV5MRgw

FgYDVQQIEw9OZXcgU291dGggV2FsZXMxCzAJBgNVBAYTAkFVMIGfMA0GCSqGSIb3

DQEBAQUAA4GNADCBiQKBgQCpCEsLVsA3cKpUfZ/FE4GDaPoRfIuxPJC7JHDblgSU

4SM/N0WSpsmJqC3SdWdVSyCps4mGSJM7jOO5a8qfUyDxvz0o7WUz5xdohkQeILwU

m6QNQUMNE9/Oya+XVZweJKfPr2srAEJTnfetsvFA0/rmLUC6Fam4RRjfUj6kEMWH

4QIDAQABoIIBUzAaBgorBgEEAYI3DQIDMQwWCjUuMC4yMTk1LjIwNQYKKwYBBAGC

NwIBDjEnMCUwDgYDVR0PAQH/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMIH9

BgorBgEEAYI3DQICMYHuMIHrAgEBHloATQBpAGMAcgBvAHMAbwBmAHQAIABSAFMA

QQAgAFMAQwBoAGEAbgBuAGUAbAAgAEMAcgB5AHAAdABvAGcAcgBhAHAAaABpAGMA

IABQAHIAbwB2AGkAZABlAHIDgYkA0jwwllPCwtmzxrLJ/2/rpGCvHrqzYzASmxr2

ltdVP4OJogQKKcWQz5vkwdEPmEY23Ivam+3jSC5oZ6+I54thine5YzNLyHZ5lZK1

1nalKu/dN6hbwBhBemxUoi4NpIFfdw6MIxm1bmlcLFxaI4jtJ7UDIg+pMMiMraSA

o4zAaBMAAAAAAAAAADANBgkqhkiG9w0BAQUFAAOBgQCHOMrQkqjOTQsgI435mjc1

7SDFh++vQmG+VgYal6x8mBLoRwHHqBngJU/SpX41bziA9nKQ/5lD9nFGZqJt6mjU

gkTDcwlBxzctuzrwdN6/7+1dgobpYi8VbaJfQvOrHH+UBFaDgDjBErOBBPLNTiti

3zH4768KUxi5Lf3ALywtZw==

-----END NEW CERTIFICATE REQUEST-----

We will now submit our certificate request to Verisign.

To submit your certificate request to Verisign, visit http://www.verisign.com/products/site/secure/index.html. Choose from either a 40-bit or 128-bit (recommended) strength certificate. Follow the steps to easily submit your request and pay online. At the time of publishing this article, a 128-bit SSL certificate was USD $895.

Within one week, you will receive your certificate via email. To install your certificate, load the Internet Information Services snap-in, right click on the site that requires the certificate (this site should be the same site used to generate the certificate), and click on properties.

When the property pages dialog loads, select the “Directory Security” tab and then click on the “Server Certificate…” button. This will load the same certificate wizard that we used to request a certificate, however, as you will notice, this time the wizard will allow us to process our pending certificate request.

Click on the next button. Select the “Process the pending request and install the certificate” option and click next. You will now need to enter the filename of the certificate that was provided by Verisign, as part of your confirmation email. The wizard will load and process the certificate. Lastly, a certificate summary is displayed. Click next to continue. Lastly, click on the finish button to complete the certificate installation. Your certificate is now ready to test.

Testing your new SSL certificate is simple. Simply create a new HTML/ASP page in a directory under your web site. Next, fire up your favorite web browser and load the page that you have just created. Instead of using the normal http://www.myserver.com/page.html syntax, change the http:// to https://. This tells the web server that a secure connection is being requested. If your certificate is installed correctly, you will notice a padlock in your browsers’ status bar. Double click on the padlock to view the details of your web servers’ certificate.

Congratulations, you have successfully installed a SSL certificate on your web server! If you received a configuration error in your browser, visit msdn.microsoft.com and search for the error number you received. The search should find several knowledge base articles that will help you remedy the problem(s).

Now that you have successfully installed a SSL certificate on your web server, you can modify your site to use SSL encryption by simply changing any links that reference your pages via http:// to https://. Having a SSL certificate installed will boost the credibility of your site, and will put any fears of security that your customers have to rest.