With PowerWeb's integrated access control model, settings apply across all services, so if you specify that SSL must be used to access a Resource then an FTP session (for example) will also be required to use SSL to access that Resource.
To set SSL security levels for a Resource, load the Authentication page for that Resource, or click upon the "SSL" column within the "User Permissions" page.
Part of security is authentication of each party - the client and the server. The PowerWeb server will always authenticate itself, so clients can be assured of the true identity of the server. This is achieved by the server being given its own certificate. A certificate is an electronic document that is cryptographically signed by another party and attests to the identity of your server.
PowerWeb can also force the client to authenticate itself, by presenting its own certificate. This can be enforced on a per-Resource basis, allowing some parts of your system to be open to anonymous users, while other parts are controlled so that only clients with valid certificates signed by a Certification Authority acceptable to the server will be allowed access.
To enable checking of client certificates, click on "yes" for the SSLAuthenticateClient setting for the Resource. You may also wish to use the client's name within the certificate as the user name, in which case you select "yes" for SSLGetClientName too.
PowerWeb implements SSL across all its protocol services: HTTP, FTP, SMTP and POP3. The names of the secure protocols are HTTPS, FTPS, SSMTP and SPOP3. The naming convention is not consistent through various accidents of history. The IANA has standardised SSL with HTTP, SMTP and POP3, but not FTP so far. PowerWeb supports SSL with FTP for secure file transfer, we are waiting for the IANA to assign an official port number to this service.
CompuSource operates its own Certification Authority to which you can submit your certificate requests. Click on this hyperlink to load the root CompuSource CA Certificates into your browser (not all browsers support this feature as yet) so that you can connect more easily to sites which have been certified by CompuSource.
This free certificate is not an affidavit from CompuSource attesting to your true identity and is not based upon physical documentary evidence. The certificate supplied by CompuSource is a valid certificate that will allow all SSL-compliant client browsers to connect securely to your site.
You can obtain your > free server certificate by loading this URL on your site which will create a pair of keys and submit your public key to CompuSource for signing, while storing your private key in encrypted format on your hard disk.
If you wish to have your server certificate signed by another Certification Authority (such as VeriSign), you must choose the "Offline Request" button and e-mail your encoded request to your chosen Certification Authority who will then contact you with further details on their procedures to follow.
Once you have obtained your server certificate, use the import option of the Certificate Manager to load the new certificate, using the filename "LICENSE". PowerWeb performs this step automatically for you if you obtain your certificate from CompuSource.
You can manage your Certificates from within the Certificate Manager which lists all Certificates known to PowerWeb and lets you import new ones, as well as managing the existing ones.
You can make > multiple applications for Server Certificates, so long as you give each certificate its own filename and inform PowerWeb which certificate to use for each IP address by using the Host Certificate Mapping settings page.
This is achieved by loading the Authentication settings for the Admin template, and changing the SSLRequired field. You should then "Save and Restart" your server.
CompuSource is offering Free Class 1 Personal Certificates which validate the identity of an individual according to that person's Internet e-mail account.
You will need to subscribe as a BankGate Merchant and then apply for a BankGate certificate for your server, after which you can open your storefront!