What SSL Actually Does for You?
SSL is the acronym for Secure Sockets Layer and is the Internet standard security technology used to establish an encrypted (or safe) link between a web server (website) and your browser (i.e. Internet Explorer, Chrome, Firefox, etc…). This secured link ensures that the data/information that is passed from your web browser to the web server remain private; meaning safe from hackers or anyone trying to spy/steal that info. SSL is the industry standard and is used by millions of websites to protect and secure any sensitive or private data that is sent through their website. One of the most common things SSL is used for is protecting a customer during an online transaction. This SSL Wiki explains why SSL is needed and how it works, below.
To establish a secured SSL connection on a web server it requires an SSL Certificate to be properly installed. When completing the process to activate SSL on your web server you will be asked to complete a number of questions to verify the identity of your domain and your company. Once properly completed, your web server will create 2 types of cryptographic keys – one is called a Private Key and the other is called the Public Key. The Public Key isn’t a secret and it’s placed into something called a Certificate Signing Request or most commonly referred to as the CSR. The CSR is a file that contains all the data of your details. Once this CSR is generated, you can begin the SSL application process. During this process, the Certification Authority (CA) will go through the validation process to verify your submitted details and then once verified will issue an SSL Certificate with your details and allow you to use SSL. Your web server will automatically match the CA issued SSL Certificate to your Private Key. This means you are now ready to establish an encrypted and secure link between your website and your customer’s web browser. SSL protocol is complex, but the complexities always remain invisible to your customers. Instead the browser they are using provides them with a key indicator letting them know that their session is currently protected by an SSL encryption – sometimes it is the lock icon in the lower right-hand corner, or the addition of an “s” in https rather than just http, on high-end SSL Certificates, a key indicator is the green bar in the browser. Clicking on the indicators will display all the details about it. All trusted Certification Authorities issue SSL Certificates to either legit companies or legally accountable individuals.
Generally speaking, SSL Certificates include and display (at least one or all) your domain name, your company name, your address, your city, your state and your country. It also always has an expiration date of that particular certificate and of course the details of the Certification Authority responsible for issuing the certificate. Browser connect to a secured site and then retrieves the site’s SSL Certificate and first makes sure that it has not expired, then it checks to see if it was issued by a known Certification Authority that the browser trusts, and then that it is actually being used by the website that is was actually issued to. If any one of these parameters does not check out properly, the browser will display a warning to the user to let them know that this site is not secure by SSL. It says to leave or proceed with extreme caution. That is the last thing you would want to say to your potential customer. That is why SSL is of high importance to any successful company doing business on the web and why we maintain this SSL Certificate Wiki.
Are All SSL Certificates the Same?
The number of businesses that use SSL have increased tremendously over the past few years and the reasons for which SSL is used has also increased, for example:
- Some businesses need SSL to simply provide confidentiality (i.e. encryption)
- Some businesses like to use SSL to add more trust or confidence in security and identity (they want you to know that they are a legitimate company and can prove it)
As the reasons companies use for SSL have become wider, three different types of SSL Certificates have been established:
Extended Validation (EV) SSL Certificates
EV certificates are issued only when a Certification Authority (CA) checks to make sure that the applicant actually has the right to the specific domain name plus the CA conducts a very THOROUGH vetting (investigation) of the organization. The issuance process of EV Certificates is standardized and is strictly outlined in the EV Guidelines, which was created at the CA/Browser Forum in 2007, specifies the required steps that a CA must do before issuing an EV certificate:
- Must verify the legal, physical & operational existence of the entity
- Must verify that the identity of the entity matches official records
- Must verify that the entity has the exclusive right to use the domain specified in the EV Certificate
- Must verify that the entity has properly authorized the issuance of the EV Certificate
EV Certificates are used for all types of businesses, including government entities and both incorporated & unincorporated businesses. Takes about 10 days to issue.
A second set of guidelines are for the actual CA and it establishes the criteria to which a CA needs to be audited before being allowed to issue an EV Certificate. It is called, the EV Audit Guidelines, and they are always done every year to ensure the integrity of the issuance process.
Here are some general tips for taking care of the validation process (outside of verifying that you control the domain [domain-control-validation or DCV]).
EV Validation generally consists of verifying the following information:
* The organization’s legal name
* That the organization is in good standing
* The organization’s tradename or “Doing Business As” (DBA) name, if used
* That the organization is currently operating
* Address where business operations are conducted
* The organization’s main business telephone number
* The organization has control of the domain(s) listed on the certificate (DCV)
How can I make validation easier?
When submitting validation information for EV certificates, here’s some things you can do to make the process go smoothly:
* Use the legally registered name of the organization listed on the business’ documents. Don’t list the trade name/DBA as the organization’s legal name
* You can use a trade name on the certificate along with the legal name. Any DBA or trade names used on the certificate must be registered by a governmental agency
* Use the physical address where the organization conducts business. Do not use PO Box, mail stop/forwarding, “care of”, virtual office address or a registered agent address
Sole-proprietorships (or similar) and some types of partnerships require a principal individual in the organization to be verified.
All EV certificates must have and use the legal name of the organization. If a tradename/DBA is verified, the certificate will be listed with the tradename and legal name similar to this format;
tradename (legal name)
In the case of a sole-trader, the legal name is the owner or principal name
No certificate can be issued to the tradename/ DBA name only – the organization’s legal name must be used
Various industry guidelines limit the type of third-party databases that can be used for validation. A site controlled by the applicant can not be used for validation.
Organization Validation (OV) SSL Certificates
OV certificates are issued only when a Certification Authority (CA) checks to make sure that the applicant actually has the right to the specific domain name plus the CA does some vetting (investigation) of the said organization. This additional vetted company info is displayed to customers when the Secure Site Seal is clicked on, this gives enhanced visibility to who is behind the site which in turn gives enhanced trust in the site. Takes about 2 days to issue.
Domain Validation (DV) SSL Certificates
DV certificates are issued when the CA checks to make sure that the applicant actually has the right to the specific domain name. No company identity information is vetted and no information is displayed other than encryption information within the Secure Site Seal. DV certs can be issued immediately.
Purchase an SSL
We offer a selection of SSLs from 2 reputable certificate authorities. We have options from Comodo, GeoTrust, and RapidSSL (GeoTrust). We have DV, OV, and EV offerings. EV certificates will present the green bar in browsers showing your customers you are who you say you are.
All of our certificates will cover the domain and the www subdomain with the exception of multi-domain certificates.
With Comodo Multi-Domain certificates, knownhost.com and www.knownhost.com would count as two domains. The same applies for any additional domains (or subdomains) you want the multi-domain certificate to cover. Keep this in mind when calculating your total costs of certificates.
GeoTrust Multi-Domain certificates WILL cover www/non-www on the primary domain only. Additional domains will follow the aforementioned rule of requiring separate entries. If you have any questions about how many additional domains you need to purchase with your cert please contact us.
|GeoTrust QuickSSL Premium||DV||1||Minutes||No||No||$100|
|Comodo PositiveSSL Wildcard||DV||1||Minutes||YES||No||$120|
|Comodo PositiveSSL Multi-Domain||DV||3+||Minutes||No||No||$75|
|⮡ Additional Domains (each)||$25|
|Comodo InstantSSL Premium||OV||1||2-4 Days||No||No||$100|
|Comodo InstantSSL Premium Wildcard||OV||1||2-4 Days||YES||No||$200|
|Comodo PositiveSSL EV||EV||1||5-10|
|Comodo EV SSL||EV||1||5-10|
|GeoTrust True BusinessID with EV||EV||1||5-10|
|Comodo PositiveSSL EV Multi-Domain||EV||3+||5-10|
|⮡ Additional Domains (each)||$69|
|Comodo EV Multi-Domain||EV||3+||5-10|
|⮡ Additional Domains (each)||$95|
|GeoTrust True BusinessID w/ EV Multi-Domain||EV||5+||5-10|
|⮡ Additional Domains (each)||$49|
To easily purchase one of the above certificates click on the name and you’ll be taken to the appropriate order form. To help us better assist you please place the order on the same account that owns the service which you’ll be using the certificate on.
Click here for a listing of all available certificate order forms.
Want a specific cert and don’t see it listed? Contact us and let us know. Odds are we have it!
Our Support Department will be happy to help you generate a CSR and also assist with the domain-validation aspects and installation of the SSL on your KnownHost service.