SSL Comes to SoftLayer

September 2, 2009

Those who keep a close eye on the menu options in the customer management portal will have noticed that recently there was added an option under Security where you can now order SSL certificates. For those not familiar with SSL, a certificate is used by an application to establish identity and provide encryption services. Naturally you do not have to order your SSL certificates through us. Certificates ordered other places will work just fine on your server here. Certificates ordered here will work fine elsewhere.

So why order your SSL through SoftLayer? To me, its a convenience and security thing. Ordering with us is convenient because you can place and manage the order via the portal just like you manage aspects of your account already. Management includes being able to see when your certificates are going to expire and the ability to renew them. If the certificate file itself is deleted by accident you can get a copy of it e-mailed via the portal. From a security point of view you already have a billing arrangement with us so why give your credit card information to another party?

I can see someone thinking "But is that safe.. what if I leave SoftLayer?" Yes, it is safe. The only information you have to provide to us in doing the ordering is the Certificate Signing Request and some billing verification. Both of these are things that would be provided to any SSL vendor. The private key, which is the core of SSL security, is not kept or handled by SoftLayer. The private key is generated and remains with your administration staff on your server.

Let us chat about the private key for a moment. The private key is meant to be known only by the server applications to which it is assigned on your server. If it is lost, corrupted, deleted, whatever it will require a new certificate. What this all means is that you should only allow people you really trust access to the private key and above all you must keep a good, safe backup of the file. SoftLayer support can perform quite a bit of server voodoo but recreating a lost private key isn't an option.

I'd invite anyone with a bit of time to experiment with the SSL functionality we offer. You might find something useful for your business.

Comments

September 2nd, 2009 at 11:44am

Rather than login to the portal and check for myself, I'll ask here :). Would the resulting SSL Certificate require a "Chain Certificate" like the often frustrating certificates of other, unnamed providers?

September 15th, 2009 at 1:26am

Just saw your comment. The answer is yes and no. For example the GeoTrust Domain Validated certs don't chain.. they come directly off of a root server. However the Extended Validation do have an intermediate certificate between the root and the server. Actually this might make a good future blog. I'll have to think about that.

September 29th, 2009 at 12:59am

There is apparently a lot to experience just about this. I think you made some crucial tips in Features also.

Leave a Reply

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • You can enable syntax highlighting of source code with the following tags: <pre>, <blockcode>, <bash>, <c>, <cpp>, <drupal5>, <drupal6>, <java>, <javascript>, <php>, <python>, <ruby>. The supported tag styles are: <foo>, [foo].
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Comments

September 2nd, 2009 at 11:44am

Rather than login to the portal and check for myself, I'll ask here :). Would the resulting SSL Certificate require a "Chain Certificate" like the often frustrating certificates of other, unnamed providers?

September 15th, 2009 at 1:26am

Just saw your comment. The answer is yes and no. For example the GeoTrust Domain Validated certs don't chain.. they come directly off of a root server. However the Extended Validation do have an intermediate certificate between the root and the server. Actually this might make a good future blog. I'll have to think about that.

September 29th, 2009 at 12:59am

There is apparently a lot to experience just about this. I think you made some crucial tips in Features also.

Leave a Reply

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • You can enable syntax highlighting of source code with the following tags: <pre>, <blockcode>, <bash>, <c>, <cpp>, <drupal5>, <drupal6>, <java>, <javascript>, <php>, <python>, <ruby>. The supported tag styles are: <foo>, [foo].
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.