Chapter 15 - Secure web serving with SSL

 

By Kurt Seifried, [email protected], Copyright Kurt Seifried


Secure web serving is a relatively easy task due to the huge number of available servers and clients that all can communicate via SSL. Almost every web browser in has SSL support, even lynx, and the vast majority are free. The server side is a little bit trickier, for patent reasons in the US you typically have to buy an SSL enabled web server, although outside the US you can use a number of free ones (Apache and ROxen for example). Alsofor performance reasons you probably want to go with a commercially licensed secure web server, the OpenSSL implementation is solid, but but as fast as RSA's implementation. Additionally most of the commercial secure servers support hardware crypto accleration. There is a two part series on the various secure web servers available:

Web Server Round-up, Part 1, availability ***************

Web Server Round-up, Part 2

Once you have installed the server you will need a server certificate, this contains information like your server name (www.example.org), organization name (Example Inc.), and so on, and the public key, this bundle of information is then signed by a trusted party such as Verisign (which has 99% or so of the server certificate market). You will need to provide proof of identity (person or corporate), along with the data, they then verify your identity, sign the data and send it back to you. Most SSL based sites typically are used to protect information stored on the site or transfered to the site, which involves tracking and authenticating users.

WWW Authentication paper

 

[ Back | TOC | Forwards]