SSL Certificates

ssl certificates

What Is SSL?

SSL is a protocol developed by Netscape to provide encrypted channels to enable private communication over the Internet. SSL capability is provided by means of a certificate. SSL certificates are part of the Public-Key Encryption system, used to verify identity, and each certificate has a public and a private key. SSL certificates are either purchased or, in some cases, provided as part of a web hosting package, particularly for ecommerce and business use. Certificates are authenticated by agents called Certification Authorities (CA’s) and sold by certificate providers, which provide different levels of certificate at different price points. The certificate contains identifying information including the name of the certificate holder, the serial number and expiration date of the certificate; a copy of the public key that belongs to the certificate; the certificate issuing authority’s digital signature.

People who set up personal websites or blogs usually do not need an SSL certificate. An SSL certificate is useful to enable an ecommerce site to accept credit cards and debit cards through a merchant account and payment gateway, as well a for medium to large businesses to prove to customers conclusively that they have reached the website they were seeking and not a spoofed site.

Certification Authorities

Web browsers signal to users that websites can be trusted based on the websites’ SSL certificates. Browsers hold “root certificates” for the major certification authorities, and because they trust the authority, they will trust all the certificates issued by the authority. It is possible to find the list of root certificates for a browser. Mozilla’s is available here. It includes names that you may recognize, such as:

• DigiCert

• Entrust

• GoDaddy

• IdenTrust

• Network Solutions

• Thawte

• VeriSign

• Verizon/Cybertrust

• Wells Fargo

It also contains a number of other names which are likely less familiar.

Different Levels of SSL Certificate

When you go to the website of a Certification Authority to procure an SSL certificate, you will find that there are usually several levels offered. Though you may find some similarities between the various levels (such as showing the padlock icon of the website, a site seal, and the use of the https:// prefix in the URL, the levels are distinguished by several factors:

• EV or not—Extended Validation is a more searching authentication process and is marked by a green address bar, letting site visitors immediately know without further investigation that a strong level of security is in place. For example, while a standard SSL certificate may be issued after viewing electronic documents, an EV SSL certificate requires a fuller authentication, which may involve faxed documents, a verifying phone call, and the involvement of an outside party, such as an attorney to provide a legal opinion letter that confirms the requestor’s authority to request an SSL certificate on behalf of the submitting organization.

• #-bit encryption—The higher the number in this statement, the more secure the encryption. The entry level SSL certificate may offer encryption between 40-bit and 256-bit, while the EV certificate is more likely to have 128-bit to 256-bit encryption

• how many domains or subdomains the SSL certificates will work on

• a warranty amount

As with other Internet products, signing up for a longer period can reduce the cost. Other variables to check before purchasing are the support offered, which browsers the SSL certificates offered by the CA are compatible with, whether reissues are free in any cases.

Sources

mozilla.org

verisign.com

godaddy.com

digicert.com