Creating A Secure Webpage


What are web site certificates?

If an organization or individual wants to have a secure web site that uses encryption, it needs to obtain a site, or host, certificate. There are two elements that indicate that a site uses encryption:

  • a closed padlock, which, depending on your browser, may be located in the status bar at the bottom of your browser window or at the top of the browser window between the address and search fields
     
  • a URL that begins with "https:" rather than "http:"

If a web site has a valid certificate, a certificate authority (CA) has taken steps to verify that the web address belongs to an individual or organization.


Obtaining SSL certificates

  1. Create your website as you would do normally.

    - Any standard web programming code will be fine, including HTML, PHP and ASP.
     
  2. Go to a website that offers what are called Secure Socket Layer (SSL) certificates.
    - Popular services include Godaddy SSL, VeriSign.com, Thawte.com or Comodo (see "Resources").
     
  3. Choose the length of time you would like to keep the SSL certificate active.

    - Most certificates need to be renewed annually. Some services will allow you to pay for the certificate five years in advance.
     
  4. Pay for your SSL service and then install the technology on the information-gathering pages of your website.

    - The provider will send a certificate along with specific instructions depending on the operating system and the file upload service being used.
     
  5. Test your information-gathering pages.

    - Enter the web address with "https://" instead of "http://"  to ensure that all links to that page on your site use the new "https://" URL.
     
  6. If taking online customer orders, use a trusted and secure website payment processing system as an added layer of assurance for your customers.

Reference

1. US-CERT