|
Secure Sockets Layer (SSL)
SSL technology is the industry-standard method for protecting Web communications. The SSL security protocol provides data encryption, server authentication, message integrity, and optional client authentication for a TCP/IP connection. Because SSL is built into all major browsers and Web servers, simply installing a digital certificate turns on their SSL capabilities. By convention, URLs that require an SSL connection start with https: instead of http: .
For additional information, please visit the following VeriSign websites:
Versign 40-bit SSL Certificates: Frequently Asked Questions or
Versign 128-bit SSL Global Server IDs: Frequently Asked Questions
How do I know if I need to secure my site?
Using SSL is a method of ensuring compliance with the policy on student privacy as specified by the Family Educational Rights and Privacy Act of 1974 (FERPA).
If your site captures or sends personal information, such as social security numbers or home addresses, you will want to secure that site with SSL.
People won't transact business at a Web site unless they are certain it is secure. They need to know your University service is real and that their communications with you are private. At the same time, you need to protect your electronic communications against improper access or other abuses, such as "spoofing" your site, fraudulent entries, or improper interception of your site’s electronic business.
What is the difference between a VeriSign 40-bit SSL Certificate and a VeriSign 128-bit Global Server ID?
SSL comes in two strengths, 40-bit and 128-bit, which refer to the length of the "session key" generated by every encrypted transaction. The longer the key, the more difficult it is to break the encryption code. Most browsers support 40-bit SSL sessions, and the latest browsers enable users to encrypt transactions in 128-bit sessions - trillions of times stronger than 40-bit sessions.
Keep in mind that only the 40-bit SSL is exportable; that is, if you will have people outside of the United States accessing your site, you must use 40-bit SSL.
What is UCit System and Operations Security Team’s Role?
Systems and Operations security will be assuming the role of Registration Authority (RA). This is an authority in a network that verifies a person's requests for a digital certificate and tells the Certificate Authority (CA - VeriSign) to issue it. Since the RA has an established trusted relationship with the CA, the turnaround time is much faster than a person buying a certificate directly from the CA.
What are the associated costs?
The costs reflect a 1 year renewal certificate. You have the option to select a 2 year certificate, but most server administrators opt to renew every year.
The cost for both a new and a renewal 40-bit certificate is $269.
The cost for both a new and a renewal 128-bit certificate is $769.
If you know your budget number, you may provide it in the Comments section of the Certificate Signing Request (CSR).
Obtaining an SSL Certificate at UC
To request an SSL certificate at UC, you must be a full-time UC employee and follow the steps below:
- To begin the process, if you don’t already have one, request a static IP and a domain name (common name) for your Web Server from the UCit Network Operations Center. Web server administrators must ensure the common name has been approved by the Web Advisory Committee. Also, on the same form, you will need to request that port 443 is open for SSL for any application that will be accessed from outside of the UC Intranet. It is the responsibility of the requestor to ensure the UCit Network Operations Center has opened port 443, if needed. To access the form required to begin this process, go to:
UCit's Request Static IP Address form
- Next, for 40-bit certificates, go to Managed PKI for SSL Enrollment for University of Cincinnati and follow the steps given to generate and submit the Certificate Signing Request (CSR).
For 128-bit certificates, go to Managed PKI for SSL Premium Edition Enrollment for University of Cincinnati Global Account and follow the steps given to generate and submit the Certificate Signing Request (CSR).
For questions, please email mainsec@uc.edu.
|
