|
HOW DO I GET A SECURE SERVER
YOUR OPTIONS
You options are basically limited by how you run your site. If you are
virtually hosted, then you can see if your host provides SSL or secure
server hosting. If you have your own server, then you can either modify
or use your existing server software. Believe it or not, depending on
where your server is located also limits your options!
FOR THE VIRTUALLY HOSTED
If your web site is located on a server with a bunch of other sites,
then your site is a virtual one. Your best bet in this scenario is
to check with your hosting company to see if they can provide you
with a secure server. Please be advised that most hosts charge for
this service to at least offset their additional operating costs.
Since you are sharing the server with other users, please be sure
to have a look at the risks of SSL page.
FOR THOSE WITH THEIR OWN SERVER
If you own your own server, or have a dedicated server you have a
few different ways to set up a secure server.
THE FREE WAY
If you are technically competent, or at least able to compile the Apache
Server for your platform, here is the freeware solution:
Apache SSL from www.Apache-SSL.org
Here is where things get tricky! If you are a citizen of the United
States please read
this. Due to the RSA patent on the encryption method used by SSL,
you cannot legally deploy this server in the United States until the patent
expires in September 2000. The legal complexities outway the technical ones...
Of course, I would never do anything illegal, so if I had in fact tried
setting it up, I do not believe I would have run into any problems with it. ;-)
If you really want to use Apache, check out
Raven from www.covalent.net.
This is a module you can purchase for about $357.00 to use with Apache and
stay legal!
THE NOT SO FREE WAY
For those of us in the United States, there are commercial options available
to you. If you are outside the US, most of these companies have export versions
of their software available.
The servers I have personal experience in working with are:
- Stronghold from C2.NET
Based on the Apache Server, Stronghold is a snap to install and configure.
The documentation is better than 2" thick and very complete. I have used
this package on Sun UltraSparc II servers and have found it to be fast
and stable. The server also comes with a nice browser based administration
utility that helps with those various chores. Available for just about every
Unix variant including Linux. $995.00 (USD).
- RedHat Secure Server from Redhat
Available for Redhat Linux, Secure Server was originally sold as a standalone
product. Now with Release 6.1, the Secure Server 3.1 is included with the Professional
Version. Version 2.0 was easy to install and setup, but the documentation was
somewhat spartan. $179.00 (USD) including Redhat 6.1 Professional!
- Netscape Servers from
Netscape
I have worked with Enterprise on Solaris. The Java administration tool makes
managing this beast very easy. Available for a wide variety of Unix platforms
as well as Windows NT. Documentation is outstanding.
Pricing is concurrent connection based. Pricey, but hey,
this is what the biggest sites run on.
- Microsoft IIS 4.0 from Microsoft
Despite rumors to the contrary, I also use Microsoft products.
Internet Information Server is available with NT Server. It is easy to set up
and maintain. It is obviously well integrated with the rest of the MS product line,
but you can also do regular CGI scripting and SSI (server side include) pages.
Remote administration can be a hassle. Well supported and documented. If you
are on NT, or considering NT- this is the way to go. Last time I checked, free
with NT Server via Service Packs.
WHAT ELSE DO I NEED?
In order to really conduct e-commerce you will also need to obtain
a certificate from a Certificate Authority.
This allows you to prove your site is operated by who you say it is.
|
