In this section you will find answers to the most frequently asked questions about SSL/TLS encryption, SSL certificate, https and how all this is used to secure communications on the Internet.
What is SSL/TLS?
Both SSL and TLS are cryptographic protocols used to secure communication over both internal computer networks and over the Internet. The abbreviations of the both mean the following:
- SSL means Secure Sockets Layer
- TLS means Transport Layer Security
Still both of them are frequently referred to as SSL, as it was the first protocol with this function. The primary goal of the protocols is to ensure the privacy and integrity of the transmitted data, for example between a server and a web browser or an application.
Due to this technology the client and the server determine the most suitable encryption algorithm and public keys before the communication session. As it makes a part of security standards, all modern web browsers and operating systems support this technology. In order to turn on encryption for a website you should install an SSL certificate on the server.
What is an SSL Certificate?
It is a digital document that provides information security as well confirms its reliability and confidentiality during its transmission between a server and a client. SSL certificate enables encrypted connection on your server. It contributes to the data security level and therefore positively affects the company’s image.
SSL certificate is issued for a specific domain name and in some cases for specific company. It includes all the necessary information about the owner of the web resource and certification center responsible for its issuance. Still the data in the certificate depends on its type. You can check certificate information by right clicking on the lock icon or https abbreviation in the address bar of your browser:
Therefore, SSL certificates also boost users trust as they contains information about the identity of the resource owner. According to common certification rules every certification authority verifies the requester’s information before it issues an SSL certificate. As it is an official third party authority that makes authentication, users tend to trust secured resources more.
Why do I need an SSL certificate for my website?
SSL certificates ensure the following three factors that are fundamental for IT security:
- Data authenticity: they prove that transmission channel is encrypted;
- Confidentiality: they exclude the probability of data interception;
- Integrity: information is transmitted in full, its change through unauthorised parties in the course of transmission is impossible.
Every owner of a web resource which gathers, processes and stores private information must have an SSL certificate on the server. If you have a registration form and login page, shipment address gathered or online payment enabled on your website, you must secure this information. Transferring such data over insecure communication channels makes it extremely vulnerable. First of all, the probability of its interception by hackers is extremely high, as they use this data for fraudulent purposes. Therefore it is necessary to protect customers against such risks with a help of a secure SSL certificate.
Besides that, SSL certificates are widely used to secure e-mail servers, applications, instant messaging, VoIP, server-to-server communications and so on.
What type of SSL certificate should I choose?
There are several types of SSL certificates. You can see the general classification in the image below:
How can you choose the correct SSL certificate? You should answer 2 questions.
Question 1: How many domains do I want to secure?
So first of all you should decide how many domains or subdomains you would like to include in your certificate.
- If you have only one domain name in versions with www and without, you should decide for a simple one-domain certificate.
- If you possess a web resource with an extended structure which includes numbers of subdomains that belong to your main domain, then you should take a Wildcard certificate. It secures all subdomains at the level of asterisk.
- Lastly, if you have multiple domain names or subdomains and want to include them all into one certificate, you should have a look at SAN or Multi-Domain certificate. You can even order it for domains situated in different zones (.eu, .de, .es etc.). This will help you save you money and time spent on certificate management.
Question 2: What kind of validation do I need?
Secondly, you should understand what validation type is better for your purposes. For example, products that provide only data encryption are domain validated SSL. They do not confirm the identity of the domain owner. Therefore, they belong to the certificates with the primary security level. Normally, their price is quite low and issuance time is short. Both individuals and organizations may acquire them.
Organization Validated SSL is a better choice for small online shops and other commercial web resources. It checks the identity of the certificate owner and confirms his actual existence and right to use the domain. Only legal entities and entrepreneurs are eligible to obtain this type of SSL certificates after providing their registration information.
The most trustworthy SSL certificates are those with Extended Validation. Their peculiarity is the presence of specific indicators: green address bar in users’ browsers and the organization name in it. Only companies can obtain this type of SSL after a thorough proof the company information. We recommend it to large financial institutions, e-commerce websites and all the companies with online payment. This is the most reliable SSL certificate.
What is authentication and why is it important?
Authentication is an important part of the certification process. It means the verification of the identification information in your SSL request by a trusted third party (certification authority, such as Comodo, Thawte, GeoTrust, Symantec, etc). Due to this process your website visitors can be sure that it has been verified and actually belongs to you. Therefore, they will have less concerns about data loss, fraud or identity theft while interacting with your website. As a result, they will be more likely to register, share personal information or make online payments on your website.
Users can prove authentication data in 2 ways:
- by checking SSL certificate information.
- by clicking on a Site Seal (if installed on the website).
What is certification authority?
SSL certificate is a kind of ID in the Internet, that proves the identity of the domain owner. It is always unique and belongs only to a specific domain and a web server. If users will trust it or not, depends on the credibility to the organization that issued it. That is why certification authorities use a number of ways to check the information of a person or company that request SSL certificate. Therefore, they can assure that the domain owner has been verified and complies with the Internet security standards.
Another important point to consider it the credibility of certification authorities among browser vendors. The most well known SSL providers, such as Comodo, Thawte, Symantec, GeoTrust, GlobalSign, RapidSSL and AlphaSSL, have an Agreement with browser vendors. According to this Agreement their root certificates are stored in the browser data banks, which qualifies them as trusted authorities. Due to this users will not receive any warnings when visiting a website with SSL certificate from one of these providers.
What is a CSR and Private key?
CSR is the abbreviation for certificate signing request. It contains all the necessary information about the domain name and company in an encrypted form. Together with CSR you also generate a Private Key which decodes the received data. You should keep it in a safe place and not provide it to third parties. These files look as follows: