Introduction to SSL certificates

A parent preparing a toddler for their first beach vacation and an experienced kayaker preparing for Zambia's Ghostrider Rapid do not use the same life jacket. In the world of digital security, the purposes and specifications of the various products are also of great relevance to the consumer, even if the differences between them may not be immediately apparent. In both cases it is important that the customer finds the right fit. Regardless of whether you are looking for the right SSL certificate for your own website as a business owner or as a domain provider who wants to create a solid SSL offer for your customers, here you will find information on TLS / SSL certificates and information on selecting certificate providers.

What are TLS / SSL certificates?

SSL is short for Secure Sockets Layer, and SSL certificates are used to secure communications between a website, host, or server, and the end users who are connecting (or between two computers in a client-server relationship). An SSL certificate verifies the identity of the domain name (e.g. Sectigo.com) that operates the site and enables the encryption of all information between the server and the visitor to ensure the integrity of all information transmitted.

Why are SSL certificates so important?

Identity theft and browser warnings are a growing concern for consumers. Failure to select the correct TLS / SSL certificate for your website can compromise customer confidence and lower the rate of transactions completed, which can negatively impact your bottom line.

Why should I use an SSL certificate?

If you e.g. Receive payments over the Internet, or when users enter confidential information on your website, the communication should be encrypted with an SSL certificate. Without SSL, there is a risk that unauthorized third parties will view the information entered.

In addition to the encryption of information, an SSL certificate has another and also very important function, namely to show the users of your website that your company actually exists and that the website belongs to your company. SSL certificates are only issued after an authentication process, which checks that your company can use the domain and that your company is listed in the commercial register. Finally, it is also checked that your company agrees to the certificate being sent to the applicant.

An SSL certificate thus creates the necessary security for the users of the application for two reasons: firstly because the user knows that no third party can read the information he has entered, and secondly because he knows that your company exists as such.

The user can see whether a page is SSL secured or not due to various features. With SSL, the URL begins with https instead of http in the address line, and you can also see a yellow lock at the bottom right or next to the address line (depending on the browser version). With EV SSL certificates, the address line in green browsers turns green, signaling the highest level of security.

How does SSL encryption work?

Encryption uses keys to lock and unlock your information. This means that you need the right key to open or decode secured information. Each SSL certificate is delivered with two keys. A public key that is used to encrypt (encrypt) the information and a private key that is used to decrypt (decrypt) the information and restore it to its original format so that it can be read. The process is seamless for the average user, but here's how it works in the background:

1 User access to a website that is installed with an SSL certificate
2 A secure SSL connection is requested from the website host
3 The host replies with the valid SSL certificate
4 A secure connection is established between the browser and host, enabling the transfer of encrypted data

Where are SSL certificates used?

SSL certificates should be used in all cases where information must be transmitted securely. This contains:

  • Communication between your website and the internet browser.
  • Internal communication on your corporate intranet.
  • Email messages sent to and from your network
  • Information between internal and external servers.

Information sent and received by the IoT and mobile devices.

How to determine if a site has a valid SSL certificate

On a website without an SSL certificate, "http: //" is displayed in front of the website address in the browser. This moniker stands for "Hypertext Transfer Protocol", the traditional way to transfer information over the Internet. Most internet users are aware that this is not secure on a website and has searched for https: // and a closed padlock symbol in your browser window in the past. This confirms that they are on the site of an authenticated organization:

For corporate websites, however, it is no longer enough to just activate HTTPS and display the standard padlock symbol for their visitors. Online consumers demand the certainty that the identity of the website they are visiting has been verified through authentication procedures, which are proven to be very trustworthy. And this assurance takes the form of an Extended Validation (EV) SSL certificate. EV certificates have a barely visible green marking in the URL Block and point out to the visitor that the website has been subjected to an in-depth inspection by the certification body. Consumers can be sure that they are on a reputable website, not a phishing website.

This does not mean that an EV certificate is required in every situation. However, they can generate a higher level of consumer confidence than with other options, e.g. B. Organization Validation Certificates (OV)

Domain Validation (DV) certificates that are checked far less.

How to choose the right SSL certificate type

What is a multi-domain certificate?

An SSL certificate is linked to the server and the general name of the site. Therefore, you need to have an SSL certificate for every common name you want to secure. Only one SSL certificate can be installed per installer. Server and thus via. IP address.

However, you may have a server with several different common names, but with only one IP address. In this case you can use a multi-domain certificate.

A multi-domain certificate is a certificate that allows you to secure different common names on the same server with just one certificate. This means there is no need to create an additional IP address pro. Common name, you are on the server. With a multi-domain certificate you can e.g. www.firma.dk, www.firma.com, shop.company.net etc. with a single certificate - provided the domains are on the same server.

Once the certificate is installed, only the common name will be displayed on the server you are on. Therefore, the other common names for which the certificate was issued are not displayed.

What is a wildcard certificate?

An SSL certificate is linked to the server and the qualified subdomain of the website to be encrypted. So you need one SSL certificate per subdomain that you want to secure. If the common name in the certificate does not match the common name on the website, users will receive an error message.

Some companies have structured their website so that they have a main domain such as www.unternehmen.de and a number of subdomains such as shop.unternehmen.de and secure.unternehmen.de have. A separate certificate is required for each subdomain that you want to secure.

Wildcard SSL is a certificate that can be used to secure an unlimited number of subdomains (and servers) with just one certificate. In the case mentioned above, you would use www.unternehmen.de, shop.unternehmen.de and secure.unternehmen.de with a wildcard certificate at * .unternehmen.de This not only saves time when administering the certificates, but also reduces the cost of ownership.

How to choose between an EV, OV or DV certificate

Domain Validation (DV) SSL Certificates

DV certificates are best suited for small and medium-sized businesses that are looking for cost-effective security without having to build the trust of site visitors. All that is required to issue a DV certificate is proof of ownership of the associated domain name, which is provided by a simple email validation process. These certificates can be issued within minutes, activate HTTPS and display a clear display like the lock symbol in Internet browsers.

However, DV certificates do not verify the legitimacy of the organization that the website represents, and should therefore not be used for e-commerce websites or websites that deal with confidential information. However, they are a great option for many internal sites, test servers and test domains.

DV SSL certificate security indicators:

Organization Validation (OV) SSL certificates

OV certificates offer the same protection as DV certificates, but they go a step further than just requiring proof of domain ownership. The issuing certification body uses an OV certificate to confirm that the company linked to the domain name is registered and legitimate by checking details such as the company name, location, address and information on the establishment or registration. This makes the OV certificate a more suitable option for publicly accessible websites that represent companies or organizations.

Extended Validation (EV) SSL Certificates

EV Certificates offer the highest level of trust by assuring consumers that they are doing business through a trusted website. For this reason, these certificates have become the industry standard for e-commerce websites. For highly secure web browsers, EV SSL certificates trigger a green address bar with the name of the company or organization to which the domain belongs. They also show the name of the issuing certification body:

The website's identity verification and organization validation are performed in accordance with the strict industry guidelines established by the CA / Browser forum and include a rigorous verification process that has proven effective over a period of more than ten years - world use ,

EV-SSL certificates are vital for large companies or e-commerce websites, as they increase credibility by showing discerning consumers that a potential transaction is with a legitimate recipient and that the website is protecting their customers' data takes seriously.

What should you look for when choosing a certification body?

As the world's largest commercial certification authority, Sectigo CA proactively monitors potential threats and attacks, working hand in hand with government agencies, browser providers and our customers to ensure that it keeps pace with the ever-changing market.

When evaluating a certification body, make sure that:

1. Follow the CA/B Forum basic requirements

This industry group, consisting of certification bodies and browser manufacturers, has developed standards that each certification body must meet so that its roots in browsers can still be trusted. These include:

  • All information contained in the certificate must be checked for accuracy by a strict, clearly defined authentication process.
  • Certificates must meet certain minimum encryption strength requirements to protect the integrity of the certificate and private key from new threats.
  • Certificates may not exceed the maximum duration specified.
  • Certification bodies must follow guidelines for the security of certification bodies, mechanisms for certificate revocation, examination requirements, liability, data protection and confidentiality, and the transfer of powers.

2. Conducts annual audits - both WebTrust and SOC 3

Annual audits are critical to CA security, but not every CA has priority. Your certification body should at least meet these test standards.

3. Maintain membership in the WebTrust program for certification authorities

The WebTrust for Certification Bodies program was developed to strengthen consumer confidence in the Internet as a tool for e-commerce and to strengthen consumer confidence in the use of PKI technology. For example, Sectigo CA undergoes an annual Ernst & Young audit that confirms:

  • The certification body (CA) discloses its practices and procedures for SSL certificates and its obligation to provide SSL certificates in accordance with the applicable requirements of the certification body / browser forum.
  • Subscriber information has been properly collected, authenticated, and verified.
  • The integrity of keys and certificates is ensured and protected throughout their life cycle.
  • Logical and physical access to CA systems and data is reserved for authorized persons.

4. Submit to publish an annual service organization review

The SOC3 report is released to confirm that the security controls for this cloud service have been verified by an independent accountant. Again, Sectigo CA will undergo an annual audit by Ernst and Young to confirm that Secorio has maintained effective controls over its system as it relies on four core principles: security availability, processing integrity, and confidentiality.

Next steps

Trust is everything in the world of online business. Investing in technology to protect customers and ensure their trust is a critical success factor for any company that does business online or hosts an e-commerce website. The effective implementation of TLS / SSL certificates is a proven tool to build customer trust.

Which SSL certificates does Secorio offer?

Secorio's product portfolio includes a wide selection of SSL certificates. You can find out more about the various SSL certificates using the links in the menu on the left. Among other things, you can Read about the difference between standard certificates and SGC-activated certificates, and you will receive information about the brand new and revolutionary EV SSL certificates, which maximize customer trust in your website through a green address bar in the browser. You also get an overview of our wildcard certificates, with which you can encrypt an unlimited number of subdomains. You will also find information about our Mobile SSL and Intranet SSL certificates.

About Secorio & Sectigo

Sectigo offers web security products that customers can use to protect, monitor, restore and manage their web presence and connected devices. As the largest trade certificate

Sectigo has been a trusted authority worldwide for more than 20 years. With more than 100 million SSL certificates issued in over 200 countries, Sectigo has proven performance and experience to meet the growing need to secure today's digital landscape. For more information see www.secorio.com

Would you like to learn more? Visit www.secorio.com

Useful information about SSL certificates:

The authentication process takes an average of one working day. Validation for EV SSL certificates takes longer - typically 2–5 working days. If you have an urgent need for SSL certificates, please contact us before ordering.
Trust is the currency of the internet. Perhaps the biggest obstacle to communication via the Internet is the uncertainty of who the other person is. Unfortunately there have been too many cases where third parties have pretended to be someone else on the Internet. Our strictest authentication processes and their regular audits by KPMG ensure that Internet users do in fact communicate with the organization from which they originate.

SGC certificates allow more Windows 2000 users (without installing Service Pack 4 or High-Encryption-Pack) connections with 128 bit encryption. If all SSL certificates were SGC-enabled, tens of millions of Internet users would also benefit from strong 128-bit encryption.

This statement was also confirmed by the Yankee Group as part of an investigation in September 2005. In the study, security experts evaluated 23 combinations of client configurations and four typical web servers in 368 tests.

Non-SGC certificates establish connections between 40 and 256 bit, depending on the browser, operating system and server software. Visitors with certain older browsers and some with the Windows 2000 operating system only receive 40 bit encryption - unless the site has an SGC certificate. SGC-enabled SSL certificates guarantee a minimum of 128 bit for 99.3% of Internet users, in some cases also a 256 bit connection.

What is server compatibility?

Our certificates are compatible with all web servers that support the SSL standard SSL version 3.

Browser compatibility is over 99.3% - and it's increasing every day! This means that more than 99.3% of the Internet population trusts our certificates, which makes the certificates just as trustworthy as more expensive certificates on the market.

Compatible browsers:

  • Internet Explorer 5.0 and newer
  • all versions from Firefox
  • Netscape 4.0 und höher
  • Opera 5 and newer
  • all versions from Mozilla
  • AOL 5.0 and newer
  • alle Versionen from Safari
Secorio has the privileged status of a registration authority (RA) within the Comodo network. This authorizes us to authenticate applicants for certificates before issuing certificates.

When Comodo issues a certificate, it acts as a certificate authority (CA). Browsers contain a list of trusted CAs. When establishing an SSL connection, the browser checks whether the certificate has been issued by a trusted CA. If the CA is not listed in the browser, a warning appears in the browser. If the security browser identifies an "Extended Validation" SSL certificate, it shows the name of the organization and the name of the CA in addition to the green address line. Comodo is one of the most trusted CAs on the Internet.

SSL certificates contain information such as the qualified domain name for DNS calls to your server, the name and address information of your organization. This information is called "Distinguished Name". When generating a CSR on the web server, you will be asked to enter the “Distinguished Name”, which identifies your server.

When renewing an SSL certificate, the "Distinguished Name" used for the new CSR to be generated must exactly match the "Distinguished Name" of the certificate to be renewed.

During the ordering process for an SSL certificate you will be asked for a CSR ("Certificate Signing Request"). This CSR is a text file generated by your server that contains the information of the "Distinguished Name". On our Support pages you can learn more about CSR generation also download or installation of your certificate.