Things to know before purchasing a SSL certificate
1. Name your website’s classification - low volume, professional or development?
The most important differentiation between SSL is the strength of the brand powering the SSL technology. SSL technology ensures a secure transmission of data providing online consumers with security confidence.
Well-known brands are the most expensive SSL certificates on the market. If you maintain a low volume website and believe your customer’s confidence is not eroded by an unknown brand - it makes sense to purchase a more affordable SSL Certificate form a lesser-known brand. If your website does 5 or more transactions per day it makes sense to choose a well-known SSL company.
2. How credible and stable are the CA issuing the SSL certificate?
For your SSL certificate to be trusted it is important for the Certification Authority to be established and credible. To determine the credibility of a Certification Authority establish if the CA owns its own Trusted Root and whether the Trusted Root is already integrated into the popular Internet browsers.
How can you determine Trusted Root ownership?
Simply establish an SSL connection and double-click the lock in the lower right hand corner of the browser. When the SSL Certificate pops up, click the “Certification Path” tab to view the trusted root Certification Authority issued with the SSL certificate.
3. What degree of ubiquity is required for your website?
Ubiquity is the estimated percentage of Internet users that trust an SSL Certificate. Certification Authorities that own a root maintain Root CA Certificates. Root Certification Authority certificates are bundled into the major browsers such as Internet Explorer, Netscape and Opera. Internet browsers reply on a designated group of root CA certificates the browser vendor deems trusted and credible.
SSL certificates issued by trusted root CAs will cause the gold padlock to appear during secure sessions. If a browser encounters a website using a SSL certificate issued by a CA root that is not trusted, the browser will display security warning messages. The lower the browser ubiquity, the less people trust a SSL certificate. SSL certificates exceeding 95% browser ubiquity are acceptable for commercial sites.
Why is browser recognition important?
If a website visitor is using a web browser that does not contain the root CA certificate used to issue the SSL certificate, they will view a security warning:
The graphic warns that the SSL Certificate has been issued by a Certification Authority the browser does not trust.
4. Does your website require a single root or intermediate SSL certificate?
SSL certificates are issued directly by a Trusted Root CA certificate. The Trusted Root CA certificate is contained within all popular browsers and trusted. Some Certification Authorities do not maintain a Trusted Root CA certificate in browsers and require a “chained root” for their certificates to be trusted.
Certification Authorities that own the roots are long-time security providers who have solid relationships with browser vendors. For this reason, CAs that own a root is more credible than chained root certificate providers.
5. What certificate strength is required?
There are generally two strengths of SSL certificate available - 40 bit & 128 bit. Bit size indicates the length of the key size used for encryption during a secure SSL session. To view the strength of encryption hover your mouse over the gold lock and the strength will be displayed.
Why is SSL encryption strength important?
While 40-bit encryption is computationally feasible to crack a 128-bit key is computationally unfeasible to crack. All banking infrastructures use 128-bit encryption. 128-bit is recommended to secure commercial websites.
6. What type of validation is required?
Companies that issue SSL certificates verify entities are who they claim to be. In the “real world” we use identification protocol like photo ids, telephone calls and articles of incorporation to verify the identities of those we choose to do business. In the “online world”, companies wishing to purchase SSL certificates must prove to the certificate authority that they hold the legal interest to which they do business.
Manual Validation
Involves the validation of domain name ownership and business legitimacy using humans. This process is traditionally slow and takes up to two working days, sometimes longer. A manually validated certificate usually contains the following information within the certificate:
Auto-Validation
Computers and automated routines validate domain name ownership and business legitimacy thru a process called auto-validation. The process takes minutes compared to days. The GeoTrust QuickSSL product use automated procedures to issue SSL certificates within 10 minutes. The validation processes are WebTrust compliant and use Domain Control validation and ChoicePoint (equivalent to Dun & Bradstreet) to validate the applicant before issuing the certificate.
What is a SSL certificate?
What is SSL?
SSL protects data transmitted over the Internet from being intercepted and viewed by unintended recipients. SSL (Secure Sockets Layer) is a security technology that is commonly used for encrypting communications between users and e-commerce websites.
The most common use of SSL is securing monetary browser to server transactions. The SSL protocol encrypts data during the transaction process to prevent eavesdropping and tampering of data and is also used to secure information passed by a browser (such as a customer’s credit card number or password) to a web server (such as an e-commerce shopping cart). A digital certifcate makes all this possible by verifying the sites credentials against whom they say they really are and the verfied database of certificate holder information.
Identifying a Secure Session
Customers have two ways of identifying whether they have established an SSL session while browsing your web site;
1. A small gold padlock will display in the lower right corner of the users browser status bar
2. And, the address in the address bar will begin with https:// instead of http://
SSL certificates can be used on web servers for Internet security and mail servers such as pop3 and smtp for mail security when collection and sending.
