DRH Internet Inc.
Website hosting technical support library
First question: Briefly, how do I get at the secure server on my DRH hosting service?

To access the secure server on your website simply change the http:// prefix to https:// (notice the added "s" character). This instructs the browser to initiate a secure connection.

Second question: Do I need a secure server?

The most common reason people think that they need is a secure server is because they want to accept credit cards on their website. However, with the more popular methods of accepting credit cards you don't need to use SSL on your website, because the credit card information is submitted directly to your credit card processor's secure web server. Basically, you setup a form that collects the information for the user which them submits to your processor's secure web server. They process the request and then redirect the customer back to your web server once the transaction is completed.

This method works with both third party processors, such as PayPal.com or a merchant account processor such as Cardservice International (using their LinkPoint HTML service).

Usually you need to setup your own secure server if you are going to directly accept credit card information. For example, you want to setup your own CGI application which will then call your processor's back-end. Most people don't do this because it is more work to put together a custom solution like this and they don't need the advanced functionality provided. Another reason to setup your own secure server is if you are simply collecting orders and credit card numbers that you plan to process offline using a regular POS (point of sale) terminal. Brick-and-mortar stores that setup to take orders on the internet often operate this way.

However, what to do once you have securely collected the credit card information is problematic. You can't simply e-mail the credit card information since that is not secure. Most people store it in an online database or file for retrieval through a secure method later.

Third question: How does DRH provide SSL? Do I need my own server certificate? What about shared certificates?

SSL is included for free in our base service price. However for the SSL to be completely secure you need to purchase your own server certificate from a certificate agency. We generate an un-signed SSL certificate for your web site when we setup it up, but this will cause a warning to pop in a customer's web browser that looks like this .

To get your own signed certificate you need to use a certificate agency. We recommend:

  • www.thawte.com which charges $125 for the first year and $100/year thereafter, or
  • www.geotrust.com which charges $99 for their QuickSSL product (but don't buy directly from them; we can resell to you and make the process simpler)
Shared certificates are a way that many web hosting companies allow you to use a fully-secure SSL with a working certificate, without having to actually buy your own certificate. Currently, we don't offer shared SSL certificates, but we plan to add it to our offerings soon.

Fourth question: How do I get a certificate through Thawte or GeoTrust. Which one is easier to work with?

The process for getting a certificate is like this:

For Thawte:

  1. You ask us to generate a certificate request (CSR) that includes your organization address and information. We generate this and send it to you.

  2. You go to Thawte's website and pay them for the certificate registration service directly and provide the CSR.

  3. You the have to prove to Thawte that you are who you say you are ("Proof of Organizational Name") and that you have a right to use the domain name you are using ("Proof of Right to Use Domain Name").

    This is usually done by faxing Thawte your corporate charter or DBA registration in your state. They are picky; this information must exactly match your CSR and your domain registration! Sometimes this process can be painful. If you have a Dunn & Bradstreet number (www.dnb.com) you can provide that for the verification instead, bypassing most of paperwork hassle.

    Here is Thawte's information on the required documentation.

  4. Once verified (which usually happens quickly after sending your verification details as long as everything is correct), they send you the signed certificate. You send us a copy of the certificate and we install it in your server.

Thawte has a walk-through of the Web server certificate request process posted on your website that provides some more detail.

For a QuickSSL from GeoTrust:

  1. You order the certificate with us. You provide the organization address and information you want on the certificate and we charge you directly for the certificate.

  2. Within a few minutes of order processing you get an e-mail from GeoTrust to the administrative e-mail address of your domain name asking to verify that the certificate should be issued. You follow the instructions in this e-mail to approve the issuing of the certificate.

  3. Within a few minutes the signed certificate is sent to use and we install it on your server.
As you can see, it is much more simple to order a QuickSSL certificate.

This is because of two main reasons:

  • We can resell you the QuickSSL certificate which avoids a "back and forth" with another company and gives you a single point of responsibility.

  • The QuickSSL certificate verification procedure is much more simple because they avoid verifying your company name and only verify that the certificate purchaser has appropriate administrative rights to a Web server's domain.
Because of this we recommend using QuickSSL unless you require 100% browser recognition (see below question).

Fifth question: What is the difference between Thawte and GeoTrust certificates? What is browser recognition?

A big difference between QuickSSL and Thawte certificates is browser recognition.

The Thawte certificate is recognized in practically 100% of existing web browsers. The QuickSSL certificate is recognized in about 90% of existing browsers and growing.

When a certificate is not "recognized" the user is not blocked from accessing the website. Instead, this warning box is shown that looks like this. Once the user clicks "yes" on the warning box they may view the website.

This is what QuickSSL says on their website in their FAQ:

    What Web browser programs are compatible with QuickSSL?

    QuickSSL is compatible with Microsoft Internet Explorer 5.01 and higher and Netscape/AOL Web browsers version 4.51 and higher, comprising an estimated 90% or more of all Web browsers in use today. All other commonly used browsers may connect securely with Web servers using QuickSSL certificates. However, some older browsers may display a dialogue box indicating that the certificate is not trusted. This means that the certificated is not located in the browser certificate store and, in most cases, the user will be prompted to install it with a few clicks of their mouse.

    Will QuickSSL be compatible with more Web browsers in the future?

    QuickSSL browser compatibility is increasing at an estimated rate of 2% per month and we anticipate approximately 95% compatibility by the end of 2002.

Sixth question: Tell me how I get started with getting my own QuickSSL SSL server certificate.

Simply e-mail technical support with the following information:

  • The domain name
  • Country name (two letter ISO abbreviation)
  • Full state or province name
  • Locality name (your city name)
  • Organizational name (your company name)
  • Optional organizational unit name (section in your company)
Please also state that you recognize that we will charge you $95 for the certificate.

We will handle the rest.

Seventh question: Tell me how I get started with getting my own SSL server certificate from Thawte.

The first step of getting your own SSL server certificate through Thawte is generating a certificate request (CSR) which is a cryptographic chunk of information that is what the Certificate Agency actually "signs" to produce your working server certificate.

Generating the certificate request is something that we do for you. Simply e-mail us the following information:

  • The domain name
  • Country name (two letter ISO abbreviation)
  • Full state or province name
  • Locality name (your city name)
  • Organizational name (your company name)
  • Optional organizational unit name (section in your company)
This information has to match exactly with your domain name registration and your corporate documents (articles of incorporation or DBA registration in your state, etc). If this does not exactly match your corporate charter (now would be a good time to find that document) then you need to modify the domain registration to match.

Once we generate your certificate request, you enter the certificate request (CSR) into Thawte's website and interact with them to meet their vetting requirements (proving that you are who you say you are and that you are authorized to get the certificate issued).

In filling out the forms on the Certificate Agency's website they will probably ask what web server they should produce a certificate for. We are using Apache/mod_ssl, so this is what you specify for the type of web server.

Once you get the signed certificate, e-mail it to us and we will install it in the web server.