What are SSL and Digital Certificates?
Secure Socket Layer (SSL) is a protocol developed by Netscape in 1996 which quickly became the method of choice for securing data transmissions across the Internet. SSL is an integral part of most Web browsers and Web servers and makes use of the public-and-private key encryption system developed by Rivest, Shamir, and Adleman.
In order to make an SSL connection, the SSL protocol requires that a server should have a digital certificate installed. A digital certificate is an electronic file that uniquely identifies individuals and servers. Digital certificates serve as a kind of digital passport or credential which authenticate the server prior to the SSL session being established.
What is a CA?
Typically, digital certificates are signed by an independent and trusted third party to ensure their validity. A CA or Certificate Authority is the company that signs the certificate, such as Verisign, GeoTrust and Secure Business Services. The CA is also the ones that verify the information provided by the certificate purchaser before issuing it.
When should SSL be used and what can it secure?
There are two main online security problems that SSL certificates help solve:
- Authentication – proving a company’s (or server’s) identity online and in so doing create a sense of trust and confidence in using a Web site.
- Encryption – offering protection for the data submitted to a Web site (or between servers) so that in the event of interception, it will be unintelligible without the unique key used for decryption.
Solving these security problems allows online business to protect against the following scenarios:
- Spoofing – The low cost of Web site design and ease with which existing pages can be copied makes it all too easy to create illegitimate sites that appear to be published by established organizations. In fact, con artists have illegally obtained credit card numbers by setting up professional-looking storefronts that mimic legitimate businesses.
- Unauthorized Disclosure – when information is transmitted “in the clear”, making it possible for hackers to intercept the transmissions and obtain sensitive information from customers.
- Data alteration – the content of a transaction can be intercepted and altered en route, either maliciously or accidentally. User names, credit card, and social security numbers as well as currency amounts; indeed any information sent “in the clear” is all vulnerable to alteration.
So what are the practical applications of SSL certificates?
Firstly, looking at categories of data, the most common deployment is for securing transmission of financial information in ecommerce. However, with incidence of identity theft on the rise, protecting the transmission of a broad range of personally-identifiable information is becoming ever more important. This category of data would include identity and social security numbers, e-mail addresses and demographic information as well as account registration and login information.
In terms of applications and protocols, SSL Certificates can be used to secure Web Servers, Mail Servers, Databases, FTP Sites, Internet Chat and NNTP.
What is the difference between a domain validation certificate and higher assurance certificates?
Higher assurance certificates such as Organization Validation and Extended Validation require the certificate authority (the company issuing the certificate, such as GeoTrust or VeriSign) to verify the purchaser’s business and their authority to purchase a certificate on behalf of that company. Domain Validation certificates only verify the domain ownership of the purchaser, and thus have much faster turnaround times since none of the additional information needs to be verified.
What benefit is there to purchasing a higher assurance certificate?
Low assurance certificates that perform domain only verification only encrypt the connection. Higher assurance certificates perform the same encryption, with the addition of the peace of mind for your visitors knowing that the certificate authority has already validated your site as belonging to a legitimate business.
How many domain names does a certificate secure?
The SBS certificates support the domain name and the “www” record. For GeoTrust and Verisign, you can only secure one domain name per certificate. Wildcard certificates are an exception. A wildcard certificate will secure the root domain, and all sub-domains associated with that domain.
Do SSL certificates work in all web browsers?
SSL Certificates are compatible with 99.9% of all browsers, including all major web browsers.
What is a CSR?
CSR stands Certificate Signing Request. A CSR is a special key generated by a web server using that server’s unique private key. The CSR is then sent to the CA, which is then used to generate the final certificate.
What is SGC?
“Server Gated Cryptography” (“SGC”) was developed for legacy computers and browsers that only support 40 or 56-bit SSL encryption to “step up” to 128-bit SSL encryption. Without an SGC certificate, Web browsers and operating systems that do not support 128-bit strong encryption will receive only 40- or 56-bit encryption.
What does the green address bar do?
The green address bar is a quick and intuitive way to ensure visitors to your site that your business is legitimate and safe. The green bar is only available with Extended Validation (EV) Certificates. Major web browsers, including Internet Explorer and Mozilla Firefox, have integrated anti-phishing protection so that known phishing sites will display a red address bar, whereas sites secured with an EV SSL will display a green address bar – letting visitors know that your business is good to go! Studies have shown a strong, positive impact for businesses that adopt EV SSL – for more information, contact our Sales Department.
I changed web servers, and my certificate no longer works. Can I get the certificate reissued?
Yes. On your new web server, generate a new CSR for your certificate. For most CAs, you can contact them directly with the new CSR and they will provide you with a new certificate. Please see our knowledge base for specific details.
