What Does SSL Certificates Actually Do for You?
SSL certificates are the Internet standard security technology used to establish an encrypted (or safe) link between a web server (website) and your browser (i.e. Internet Explorer, Chrome, Firefox, etc…). SSL is the acronym for Secure Sockets Layer.
This secured link ensures that the data/information that is passed from your web browser to the web server remain private; meaning safe from hackers or anyone trying to spy/steal that info. SSL certificates are being used by millions of websites around the world.
They are used to protect and secure any sensitive or private information being sent through their website. SSL has evolved into the industry standard. One of the most common things SSL is used for is protecting a customer during an online transaction.
In order to establish a protected SSL connection on a web server, it needs an SSL Certificate to be effectively set up. When completing the process to activate SSL on your web server you will be asked to finish a number of questions to confirm the identity of your domain and your company.
When effectively completed, your web server will produce 2 types of cryptographic keys. These keys are better known as your Public and Private keys.
Your Public Key is not a secret at all and it’s placed into a Certificate Signing Request or better known as the CSR. The CSR is a file that contains all the data of your details. Once this CSR is created, you can start the SSL application process.
During this process of validation, the Certification Authority (CA) will go through and verify your submitted details. Once they’ve verified the requested information, they will issue an SSL Certificate with your details and allow you to use the SSL certificate.
Now your web server will automatically match the CA issued SSL Certificate to your Private Key. You are officially ready to establish an encrypted and secure link between your website and your customer’s web browser.
SSL protocol is a complex matter, but all the technical stuff behind the scenes always remain unseen to your customers. Instead, the browser they are using provides them with a key indicator letting them know that their session is currently protected by an SSL encryption.
At times it’s the lock icon in the upper left-hand corner, or the adding of an “s” in https rather than just http. On high-end SSL Certificates, a key indicator is the green address bar in the browser.
Clicking on the indicators will display all the details about it. Any trusted Certification Authority will issue SSL Certificates to either legit companies or legally responsible individuals.
In general terms, SSL Certificates can include and display at least one or all of the following items: your company name, your domain name, your address, your city, your state and your country.
The certificate will have an expiration date on it and of course the details of the Certification Authority responsible for issuing the certificate. Browsers connect to a secured site and then retrieves the site’s SSL Certificate to check for a few things.
First, it makes sure that it has not expired, then it checks to see if it was issued by a known Certification Authority that the browser trusts. Then finally, it makes sure the SSL certificate is being used by the website that is was actually issued to.
If anyone of these parameters does not check out properly, the browser will display a warning to the user to let them know that this site is not secure by SSL. It says to leave or proceed with extreme caution. That is the last thing you would want to say to your potential customer.
That is why in these exciting yet vulnerable times, SSL is of extreme importance to any successful company doing business on the web.
What Type Of SSL Certificates Are Available?
As we move farther into the digital age, the number of businesses that use SSL has increased tremendously over the past few years and the reasons for which SSL is used has also increased extensively, for example:
- Some organizations need SSL to simply provide confidentiality (i.e. encryption)
- Other companies like to use SSL to add more confidence and trust in security and identity. These companies want you to know that they are a legitimate business and can prove it.
As the reasons companies use for SSL have become broader, three main yet different types of SSL certs have been established to address these needs:
- Extended Validation (EV) SSL Certificates
- Organization Validation (OV) SSL Certificates
- Domain Validation (DV) SSL Certificates
Extended Validation (EV) SSL Certificates are issued only when a Certification Authority checks to ensure that the applicant truly has the right to the specific domain name and the CA conducts an extensive vetting of the organization.
The process of issuing EV Certificates is standardized and is strictly outlined in the EV Guidelines. These guidelines were created at the CA/Browser Forum in 2007, and outline the necessary steps that a CA must do before issuing an EV certificate:
- Must verify the legal, physical & operational existence of the entity
- The identity of the entity will be verified and has to match official records
- Verify that the entity has the exclusive right to use the domain specified in the EV Certificate
- Must verify that the entity has properly authorized the issuance of the EV Certificate
EV Certificates are used for all kinds of entities, consisting of federal government entities and both unincorporated and incorporated organizations. This process takes around 10 days to issue.
A second set of guidelines are for the actual CA and it establishes the criteria to which a CA needs to be audited before being allowed to issue an EV Certificate. It’s called, the EV Audit Guidelines, and they are always conducted every year to ensure the integrity of the issuance process.
Organization Validation (OV) SSL Certificates are issued only when a Certification Authority (CA) checks to make sure that the applicant does, in fact, have the right to the specific domain name plus the CA does some investigating of the said organization.
This additional company info is displayed to customers when the Secure Site Seal is clicked on and gives enhanced visibility to who is behind the site. The extra info gives enhanced trust in the site itself and the process takes just about 2 days to issue.
Domain Validation (DV) SSL Certificates are issued when the Certification Authority checks to make sure the applicant also has the right to the specific domain name in question. None of the company’s information is validated, and no data is displayed other than encryption information within the Secure Site Seal. DV certs can be issued immediately in most cases.