Process for security certificates

Posted on 2004-11-06
Last Modified: 2010-04-11
just a few general(ish) question I was hoping some one could answer regarding security certificates used on web sites...

What is the process for getting a certificate for a comercial website

What information (if any) is provided to the certificate issuer when someone on the web enters teh site for purchases, transactions etc...

When some one enters the site what is the process that happens in regard to the certificate (i.e. how is a certificate "verified as being trustable")

any other information would be appreciated...

this is due to me hunting around on google (for a bit) but need to get a specific answer to these Q's but not enough time to hunt...


Question by:Murray_S
    LVL 8

    Accepted Solution


    When you apply for a certificate all your basic info has to be given to the certificate issuer, your info as an individual, or the info about your company.... Depends if your incorperated or not...... After you submit your info along with payment to a company like verisign or thawte, over about a 48 hour period they attempt to verify you are who you claim to be.

    There are several types of certificates that are sold, there is the code signing certificate which you would need to use activex controls on your website, then there is just the basic SSL certificate which I suspect you need.

    The only info I'm aware of that is sent to the issuer when a client enters the secure site is the certificate itself where it is checked against the revocation list. The basic process of verification is the webbrowser authenticates the web address (URL) and the server match the info contained in the certificate and also the certificate has not been revoked.

    If you go to verisigns' website, they will email a pdf manual to you that explains in detail how all this works. Verisign is the largest certificate vendor, so therefor I belive the info in their guide to be accurate and crediable.


    Author Comment



    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Join & Write a Comment

    How to sign a powershell script so you can prevent tampering, and only allow users to run authorised Powershell scripts
    Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now