• Home
• SSL Certificates
• FAQ
• SSL Definitions
• Blog
• About

News Feed

FAQ

Frequently asked questions about SSL and SSL Certificates.

Why is security required for the Internet?
E-commerce has inevitably attracted a breed of online criminals ranging from fraudsters and computer hackers to cyber terrorists. Online security and data protection is an essential factor for successful and credible e-business.

Online consumers now expect security to be integrated into all online services that transmit sensitive data. SSL security is essential to earn consumer confidence on the web. SSL provides visual proof of a site’s digital identity and also provides proof that the digital transaction will be confidential. SSL security is an essential f actor in gaining customer confidence while reducing the risks associated with sending sensitive data over the Internet.

What is SSL?
SSL protects data transmitted over the Internet from being intercepted and viewed by unintended recipients. SSL (Secure Sockets Layer) is a security technology that is commonly used for encrypting communications between users and e-commerce websites. The most common use of SSL is securing monetary browser to server transactions. The SSL protocol encrypts data during the transaction process to prevent eavesdropping and tampering of data and is also used to secure information passed by a browser (such as a customer’s credit card number or password) to a web server (such as an e-commerce shopping cart).

How do website visitors know if a website is using SSL?
When a website visitor connects to a web server using Secure Socket Layer Security the URL in the address bar will begin with https:// rather than the usual http://. A small golden padlock will also appear in the lower right corner of the browser.

What does a SSL Security Certificate look like?
SSL certificates can be viewed by double clicking on the gold padlock in the lower right corner of the browser.

A typical SSL certificate looks like this;

SSL Certificates are issued to companies or legally accountable individuals. Typically SSL Certificates contain the domain name of the site, the legal company name, and the mailing address. The certificate will also contain the expiration date and details of the Certification Authority responsible for issuing the SSL Certificate.

When a user connects to a secure site, the browser will review the site’s SSL Certificate for three things:

1. The site’s SSL Certificate to check that the certificate has not expired
2. The certificate has been issued by a Certification Authority the browser trusts
3. The certificate is being used by the website for which it has been issued.

If the certificate fails on any one of these, the browser will display a pop-up warning the end user.

What is a Certification Authority (CA)?
Certification Authorities, or CA’s as they are commonly known, are empowered to issue trusted SSL Certificates.

To become a certification authority, companies must invest the technology, support, legal and the commercial infrastructures associated with providing SSL certificates. Certification Authorities are mainly self-regulated but there is a regulatory body- the WebTrust compliancy program operated by AICPA/CICA. Most CA’s maintain the guidelines that WebTrust sets forth however not all companies have WebTrust compliance. CA’s that comply with WebTrust will display the WebTrust compliance seal as shown to the right.

Who are the most popular Certification Authorities?
Each month SecuritySpace publishes the market share of each Certification Authority. Market share figures are obtained by sampling over 100,000 domain names using SSL certificates.

Copyright © 2010, MonsterSSL.com All rights reserved