Those who keep a close eye on the menu options in the customer management portal will have noticed that recently there was added an option under Security where you can now order SSL certificates. For those not familiar with SSL, a certificate is used by an application to establish identity and provide encryption services. Naturally you do not have to order your SSL certificates through us. Certificates ordered other places will work just fine on your server here. Certificates ordered here will work fine elsewhere.
So why order your SSL through SoftLayer? To me, its a convenience and security thing. Ordering with us is convenient because you can place and manage the order via the portal just like you manage aspects of your account already. Management includes being able to see when your certificates are going to expire and the ability to renew them. If the certificate file itself is deleted by accident you can get a copy of it e-mailed via the portal. From a security point of view you already have a billing arrangement with us so why give your credit card information to another party?
I can see someone thinking “But is that safe.. what if I leave SoftLayer?” Yes, it is safe. The only information you have to provide to us in doing the ordering is the Certificate Signing Request and some billing verification. Both of these are things that would be provided to any SSL vendor. The private key, which is the core of SSL security, is not kept or handled by SoftLayer. The private key is generated and remains with your administration staff on your server.
Let us chat about the private key for a moment. The private key is meant to be known only by the server applications to which it is assigned on your server. If it is lost, corrupted, deleted, whatever it will require a new certificate. What this all means is that you should only allow people you really trust access to the private key and above all you must keep a good, safe backup of the file. SoftLayer support can perform quite a bit of server voodoo but recreating a lost private key isn’t an option.
I’d invite anyone with a bit of time to experiment with the SSL functionality we offer. You might find something useful for your business.