Options for configuring SSL support on the Application Server.
The Application Server optionally supports SSL for secure, encrypted transmissions. This support is particularly valuable in e-commerce applications.
The Application Server responds on the port specified on the General tab of the Control Panel. If you use port 81 and enable SSL, your URL would be https://:81. If you run SSL on port 443 instead, you can simplify your URL to https://.
- Enable SSL
Enables or disables SSL on the server.
- Server Port
The default SSL port is 443. Any other port will require tha you use a URL including the port number (e.g. https://mysite.org:444
The minimum TLS protocol version supported by the Standard Application Server can be specified using the Minimum Protocol Version. This setting allows TLS 1.0 and TLS 1.1 to be completely turned off, if desired.
TLS 1.2 is the most recent protocol and generally considered to be the most secure. Setting the minimum TLS version to 1.2 will disable TLS 1.0 and TLS 1.1 and provide what is currently considered the highest level of security. Note however that not all older web browsers or operating systems support TLS 1.2. Site administrators should evaluate the needs of their users before modifying this setting.
The following TLS protocols are available:
- TLS 1.0
Default setting. Prevents unexpected client connectivity issues.
- TLS 1.1
Disables TLS 1.0.
- TLS 1.2
Disables TLS 1.0 and TLS 1.1. TLS 1.2 may not be supported on older browsers.
- SSL Certificate File
The file containing the SSL certificate.
- Private Key File
The private key file that matches the specified SSL certificate.
- Private Key Password
The password for the private key file, if required.
- Certificate Chain File
The certificate's chain file, if required or provided by the Certificate Authority. This is sometimes also referred to as the "intermediate certificate" or "intermediate bundle".
- SSL Cipher List
A list of SSL ciphers to use.
- Generate a Self-Signed Certificate
Creates a self-signed certificate for the server. A self-signed certificate is useful for testing intranet applications.
- Generate a CSR (Certificate Signing Request)
Used when purchasing a certificate from a Certificate Authority (CA).
- HTTP Strict Transport Security
Configure how HTTP Strict Transport Security is used on the server.
Enable or disable HTTP Strict Transport Security.
- Maximum Age
A certificate enables a web server to tell its web clients its name and its public key, to be used for encrypted (SSL) communications. There are two types of certificates.
- Self-signed - good for testing and internal private applications, but not suitable for external public applications
- Issued by trusted companies, such as Thawte and Verisign - good for public applications
To get a certificate from a trusted company:
Generate a Certificate Signing Request (CSR) for the server where the certificate will be installed. Be sure to keep the private key created as part of the CSR generation. It will be needed when you receive your certificate.
Send this information to one of the trusted companies. Typically, you will paste it into a web form, but the methods vary.
When you receive your certificate: