SSL or Secure Sockets Layer is a protocol that keeps transmission of data over the internet private by encrypting and decrypting it. To use this security on the Web Hosting service you just have to browse to a hosted site with an https:// at the front of the sites domain name instead of an http://. You can even choose to force some or all traffic on your site to only use SSL. Notice that no matter how you come to this F.A.Q. site you are forced to https:// - secure traffic. (See this F.A.Q. for details: https://faq.oit.gatech.edu/content/how-force-http-https)
The good news is most sites on webhosting are covered by a default certificate allowing both secure and non-secure traffic. Try it out on your site to see if you are covered. How do we do this? We use a certificate that includes wildcard Subject Alternative Names. There are many on the certificate but most sites are covered by the '*.gatech.edu' Subject Alternative Name. It covers any site that has a single word followed by '.gatech.edu'. There are several large organizations on campus that have their own sub-domains in DNS and we provide them a wild card that goes up a level. Some examples of this are the student organization sites: '*.gtorg.gatech.edu'; The Office of Information Technology: '*.oit.gatech.edu' (this one covers this site); and '*.coe.gatech.edu'.
If you are not covered your site has a domain name that falls outside of the default service certificate. Your site will still work with an http:// but not with an https:// and all communication to and from the site will be un-secure. If you are a large organization with its own sub domain in DNS you may open a helpdesk ticket to request that a Subject Alternative Name be added to the default certificate. If we decline your request, or if you do not meet these criteria, you may purchase and install your own certificate. You will always need to do this if your site domain name ends in something other than ‘.gatech.edu’ – for example: ‘.org’
If you are not eligible to have your subdomain added to our wildcard certificate Subject Alternative Name list, you can use an individual certificate to fully secure your site and site alias(es) through one of the following options:
- Purchase an individual certificate through a verified Certificate Authority
- Create a certificate with the free Let's Encrypt tool now available in the Plesk control panel
- (Limited to IT staff) Sign up as an administrator for the Delegated Self-Service Provisioning service offered by EIS to be granted access to generate Incommon certificates for your department or team
In the Plesk control panel for your site, which you access from hosting.gatech.edu, you will notice two places that refer to SSL and Certificates:
- Hosting Settings
- 'This section is used secure transactions with your site, use SSL protocol, which encrypts all data and transfers it over a secure connection. To employ SSL, install an SSL certificate on the site, and then select it below.'
- There is an SSL support checkbox here
- This is on by default
- You can uncheck it if you want to disable SSL
- There is also a Certificate dropdown list here
- It is set to ‘Not selected’ by default
- Please don’t change this unless you purchase and install your own certificate.
- If you tested your site before you came here, you know you are covered with these default settings.
- If you click the dropdown you will see a certificate called ‘inCommon Wildcard…’ This is the default certificate for the service and covers your site as long as you leave the dropdown set to ‘Not selected’.
- If you ignore this F.A.Q. and select the default certificate you will find it deselected in the future. I must de-select it on all sites when I make changes to the default certificate.
- It is set to ‘Not selected’ by default
- SSL Certificates
- This section is used to generate your own CSR and Private Key to provide to a commercial certificate provider. It is also used to upload the Certificate and CA certificate they sell you.
- Once you have all the required parts in place you can click the Upload Certificate button and place the new certificate in your site’s repository. Then you can select it from the Certificate dropdown list under the Hosting Settings > Security section then click OK to enable it.
- You may notice the Self-Signed option here. Do not use it, as most browsers will not trust a self-signed certificate.