How to securing a website with client SSL certificate

							
Reason to Implement SSL in Website..

    

    
If you have sensitive data on your site, or the site is intended for a limited audience, you may want to implement user certificate authorization, which requires SSL.
    
    

    
You may want to use password authentication, but you don't want the passwords going over the network in the clear; use SSL to encrypt them. Similarly, use SSL if you want to upload/download any sensitive data .
    
    

    
You can use SSL to hide the identity of individuals looking at particular pages.
    

Many web authors are not server administrators, are not familiar with the configuration of the hosting server and in fact do not even know if it runs Apache or IIS. The web author and the server administrator need to cooperate in order to implement SSL (and user certificate authentication, if desired).

To find out if the server is configured for SSL, go to the URL in question, and replace the http with https. If that works, then SSL is set up. If not, your server admin will either need to set it up or ask you to move your site to a different server.

To contact the server admin, create a helpdesk ticket stating that you wish to have SSL (and optionally client authentication via certificates) set up on your site.
						

							
Here are some guidelines for the ticket problem description:


    
 



    
Provide your site address (URL and path)
    
Is the server Apache or IIS?
    
If the server is not SSL-enabled, can the server admin set it up? (Note that this is more likely to get a positive response if you're asking about a "fnal.gov" server as opposed to a ".org" server, for reasons of cost and convenience; ".org" sites require purchasing a certificate from a commercial CA.)
    
If so, which CA(s) are trusted, KCA, DOEGrids, or some other?
    
List the CA(s) you require, if already determined.

    (If you want to implement user certificate authorization) Has the server been configured for inbound access by individuals via client certificates?
    
If not, request that it be configured for this, if needed.

						

							
Secure Sockets Layer (SSL): How It Works
Secure Sockets Layer (SSL) technology protects your Web site and makes it easy for your Web site visitors to trust you in three essential ways:
1. An SSL Certificate enables encryption of sensitive information during online transactions.

2. Each SSL Certificate contains unique, authenticated information about the certificate owner.

3. A Certificate Authority verifies the identity of the certificate owner when it is issued.
Why need SSL
* you have an online store or accept online orders and credit cards

* you offer a login or sign in on your site

* you process sensitive data such as address, birth date, license, or ID numbers

* you need to comply with privacy and security requirements

* you value privacy and expect others to trust you.
How Encryption Works

Imagine sending mail through the postal system in a clear envelope. Anyone with access to it can see the data. If it looks valuable, they might take it or change it. An SSL Certificate establishes a private communication channel enabling encryption of the data during transmission. Encryption scrambles the data, essentially creating an envelope for message privacy.
Each SSL Certificate consists of a public key and a private key. The public key is used to encrypt information and the private key is used to decipher it. When a Web browser points to a secured domain, a Secure Sockets Layer handshake authenticates the server (Web site) and the client (Web browser). An encryption method is established with a unique session key and secure transmission can begin. True 128-bit SSL Certificates enable every site visitor to experience the strongest SSL encryption available to them.
Why Authentication Matters

Like a passport or a driver’s license, an SSL Certificate is issued by a trusted source, known as the Certificate Authority (CA). Many CAs simply verify the domain name and issue the certificate. VeriSign verifies the existence of your business, the ownership of your domain name, and your authority to apply for the certificate, a higher standard of authentication.
VeriSign Extended Validation (EV) SSL Certificates meet the highest standard in the Internet security industry for Web site authentication as required by CA/Browser Forum. EV SSL Certificates give high-security Web browsers information to clearly display a Web site’s organizational identity. The high-security Web browser’s address bar turns green and reveals the name of the organization that owns the SSL Certificate and the SSL Certificate Authority that issued it. Because VeriSign is the most recognized name in online security, VeriSign SSL Certificates with Extended Validation will give Web site visitors an easy and reliable way to establish trust online.