SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant.
Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like a customer’s personal and credit card information.
The Fundamentals of SSL Certificates and Certificate Authorities (CA)
By adding an SSL certificate, Experts Exchange members not only protect their business, but also increase customer confidence by safely encrypting their customers’ most sensitive data.
For online transactions, an SSL certificate turns sensitive data into an encrypted secure code. The web browser then checks the SSL certificate to make sure that the website is legitimate. Once verified, the web browser and server processes the encoded information.
This helps to ensure that the sensitive data delivered between the web browser and server is handled safely, securely, and that the website is PCI (Payment Card Industry) compliant.
Certificate Authorities (CA) play an integral role in the entire SSL process because they’re the ones issuing these digital certificates. In essence, digital certificates, such as an SSL, are small verifiable data files containing identity credentials that help authenticate the online identity of people, websites, and devices.
Each digital certificate includes valuable information like the expiration date of the certificate, the owner’s name and other important information, along with a public key – a value provided by some designated authority as an encryption key.
As a trusted entity issuing these digital certificates, the CA must meet strict and detailed criteria before being accepted as a member. Once accepted, the CA is authorized to distribute SSL certificates. The longer the CA has been operational, the more browsers and devices will trust the certificates issued by the CA. One important thing to note is that for certificates to be transparently trusted, it must have “ubiquity” where it’s capable of being backwards compatible with older browsers, including mobile devices.
Overall, CAs play a vital role in how the Internet operates today by protecting information, encrypting billions of online transactions, and enabling secure communication. Without CAs, the Internet would not be as transparent and trustworthy as it is and online transactions would be more susceptible to hacking, data breaches, and phishing.
Not All SSL Certificates are Created Equal - How to Tell You Got the Right SSL
Of course, not all SSL certificates are created equal. To ensure that Experts Exchange members pick the right SSL certificate(s) for their needs, it’s important to understand the main differences in regard to its validation level:
Server Gated Cryptography (SGC) SSL Certificates
To begin, let’s start with one of the original secured digital certificates - the Server Gated Cryptography (SGC) SSL certificate. SGC SSL certificates were made available from the mid 1990’s as a means to increase the cryptographic strength of the SSL connection from 40, or 56 bits, to 128 bits.
At that time, the goal was to force weakly encrypted browsers to use the stronger 128-bit encryption method for online financial transactions. Of course, times have changed and SGC browsers, such as Netscape, are obsolete. The once reliable, and unbreakable 128-bit encryption, is now susceptible to new vulnerabilities and are unable to support the ongoing revisions of SSL protocols.
Today, the standard SSL encryption is 256-bit and we recommend anyone with an SGC SSL certificate to replace it immediately with one of the other types of SSL certificates below based on their validation level and security requirements.
Domain Validated (DV) SSL Certificates
Domain Validated (DV) SSL certificates are used on public websites and are one of the cheapest certificates to get. The validation process is very simple and is typically performed via email or DNS to confirm that the domain is registered and that someone with admin rights is aware of, and approves, the certificate request.
Since no company information is vetted, the entire process can be complete almost immediately. If the certificate is valid and signed by a trusted authority, the browsers would indicate a successfully secured “Hyper Text Transfer Protocol Secure (HTTPS)” connection in the address bar.
DV certificates are ideal only for those wanting a quick and low cost SSL where organization validation is not a concern. With this in mind, an informed user may acknowledge that DV certificates do provide encryption and security as other certificates, but they may still not trust the site with their personal information because no company information has been vetted as part of the validation process.
Organization Validated (OV) SSL Certificates
Organization Validated (OV) SSL certificates are more trusted because the validation process, not only requires for the domain to be authenticated, but also additional information and documentation to certify the company’s identity.
The CA must authenticate the company against the business registry databases held by the local government to confirm information, such as the entity’s name, city, state, and country to ensure that it’s a legitimate business. Because of this, the entire process can take anywhere from a few hours, to a few days to complete depending on the CA’s validation process.
OV certificates are considered the standard type of certificate for any commercial website because it contains all the necessary information for company validation. By giving people more visibility into who is actually behind the site when they click on the Secure Site Seal (lock icon) located on the address bar, visitors feel more comfortable sharing their personal information with the site.
Extended Validated (EV) SSL Certificates
If Experts Exchange members are looking to go the extra mile in keeping their website(s) safe, secured, and compliant, then Extended Validated (EV) SSL certificates is the perfect solution. Unlike the validation process for DV and OV certificates, getting an EV certificate is more difficult because of its strict and stringent authentication procedure that requires domain ownership and additional company documentation, along with other steps and checks. Overall, there are two main phases to the authentication process.
The first phase requires the CA to conduct thorough research to identify the legal entity that controls the website. This is done by verifying the legal, physical, and operational existence of the company. In addition to verifying that the organization’s identity matches official records, the CA must also ensure that the organization has exclusive rights to use the domain specified in the EV certificate and that it has properly authorized the issuance of the EV certificate. Typically, the CA will also obtain an attorney’s legal opinion on the validity of not only the business, but also the information provided to obtain the EV certificate.
The second phase assists with enabling encrypted communication of information over the Internet between the website and the user of an Internet browser. By having processes for facilitating the exchange of encryption keys to prevent hacking, phishing and malware, organizations with EV certificates have a vehicle in place to properly address online identity fraud.
Since the validation process for EV certificates are much more in-depth, the entire process can take a few days, to even a few weeks to complete. Plus, CA’s issuing EV certificates must undergo recurring audits to ensure the integrity of the SSL certificate issued.
EV certificates are an ideal solution for businesses that wish to assert the highest levels of authenticity and security. By adhering to the strictest authentication process, any company with an EV certificate is rewarded with a visible “Green Bar” that’s clearly noticeable on any modern browser. This gives visitors and customers the utmost confidence that the site is extremely secure and compliant.
Wildcard (*) SSL Certificates
Wildcard SSL certificates secures websites similar to standard SSL certificates and the requests are processed using the same validation method. These types of SSL certificates are available for most of the validation levels (DV, OV, EV) mentioned above and can help protect an unlimited number of subdomains for a single domain.
One of the key differences is that Wildcard SSL certificates use “Subject Alternative Names (SANs)” to secure a domain and all of its first-level subdomains. Whereas, a standard SSL certificate will only secure the domain that you bought the SSL certificate for and any subdomains will be left unprotected unless you purchase a Wildcard SSL certificate or additional SSL certificates for each subdomain.
For instance, let’s take www.SSL.com
as an example. By purchasing a Wildcard SSL certificate for this domain, all you would have to do is add an asterisk (*) in the subdomain area located left to the common domain name and they can secure an unlimited number of subdomains for *.SSL.com, such as the following:
Overall, Wildcard SSL certificates is a great solution for those with multiple subdomains who want to save time, money, and to make the SSL administration process easier for securing their site. However, the drawback with Wildcard SSL certificates is that each subdomain is not individually protected. So if a certificate is revoked on one subdomain, other subdomains will be compromised and revoked as well.
Keeping an Eye on Your Website(s) Will Help You Sleep Better at Night
Having an SSL certificate is an essential part in protecting sensitive data in transit. And while SSL certificates provide additional layers of security, it can still be vulnerable and susceptible to attack. This is where SSL certificate management comes in.
Proper SSL certificate management requires knowing the status of each certificate across sites, browsers, and networks. Through careful monitoring of these certificates, website owners can prevent major incidents from occurring. Phishing and data breaches are not only be expensive to resolve, but also cause long-term damage to a person's reputation with customers.
Let Us Safeguard Your Website(s), Customers, and Business
Thinking about getting an SSL certificate for your website? Let Superb Internet Corporation help keep Experts Exchange members website safe, secured, and compliant.
Whether you’re thinking about getting an SSL certificate to encrypt sensitive information, authentication, PCI compliance, to gain your customers trust, or to prevent phishing and data breaches, we have a wide-array of trusted brands to choose from.
Start now, and Expert Exchange members can easily compare
SSL certificates from major global CA’s like GeoTrust, Comodo, and Symantec.