SSL Certificates
SSL is the acronym for Secure Sockets Layer and is the Internet standard security technology used to establish an encrypted (or safe) link between a web server (website) and your browser (i.e. Chrome, Safari, Firefox, etc…). This secured link ensures that the data/information that is passed from your web browser to the web server remain private; meaning safe from hackers or anyone trying to spy/steal that info. SSL is the industry standard and is used by millions of websites to protect and secure any sensitive or private data that is sent through their website. One of the most common things SSL is used for is protecting a customer during an online transaction.
What They Do
Generally speaking, SSL Certificates include and display (at least one or all) your domain name, your company name, your address, your city, your state and your country. It also always has an expiration date of that particular certificate and of course the details of the Certification Authority responsible for issuing the certificate. The browser connects to a secured site and then retrieves the site’s SSL Certificate making sure that it has not expired, then it checks to see if it was issued by a known Certification Authority that the browser trusts, and then that it is actually being used by the website that is was actually issued to. If any one of these parameters does not check out properly, the browser will display a warning to the user to let them know that this site is not secure by SSL. It says to leave or proceed with extreme caution. That is the last thing you would want to say to your potential customer. That is why SSL is of high importance to any successful company doing business on the web.
Different Certificates
The number of businesses that use SSL have increased tremendously over the past few years and the reasons for which SSL is used has also increased, for example:
• Some businesses need SSL to simply provide confidentiality (i.e. encryption)
• Some businesses like to use SSL to add more trust or confidence in security and identity (they want you to know that they are a legitimate company and can prove it)
• Some businesses need SSL to simply provide confidentiality (i.e. encryption)
• Some businesses like to use SSL to add more trust or confidence in security and identity (they want you to know that they are a legitimate company and can prove it)
As the reasons companies use for SSL have become wider, three different types of SSL Certificates have been established:
• Extended Validation (EV) SSL Certificates
• Organization Validation (OV) SSL Certificates
• Domain Validation (DV) SSL Certificates
Estended Validation (EV)
Extended Validation (EV) SSL Certificates are issued only when a Certification Authority (CA) checks to make sure that the applicant actually has the right to the specific domain name plus the CA conducts a very THOROUGH vetting (investigation) of the organization. The issuance process of EV Certificates is standardized and is strictly outlined in the EV Guidelines, which was created at the CA/Browser Forum in 2007, specifies the required steps that a CA must do before issuing an EV certificate:
1. Must verify the legal, physical & operational existence of the entity
2. Must verify that the identity of the entity matches official records
3. Must verify that the entity has the exclusive right to use the domain specified in the EV Certificate
4. Must verify that the entity has properly authorized the issuance of the EV Certificate
1. Must verify the legal, physical & operational existence of the entity
2. Must verify that the identity of the entity matches official records
3. Must verify that the entity has the exclusive right to use the domain specified in the EV Certificate
4. Must verify that the entity has properly authorized the issuance of the EV Certificate
EV Certificates are used for all types of businesses, including government entities and both incorporated & unincorporated businesses. Takes about 10 days to issue.
A second set of guidelines are for the actual CA and it establishes the criteria to which a CA needs to be audited before being allowed to issue an EV Certificate. It is called, the EV Audit Guidelines, and they are always done every year to ensure the integrity of the issuance process.
Organization and Domain Validation
Organization Validation (OV) SSL Certificates are issued only when a Certification Authority (CA) checks to make sure that the applicant actually has the right to the specific domain name plus the CA does some vetting (investigation) of the said organization. This additional vetted company info is displayed to customers when the Secure Site Seal is clicked on, this gives enhanced visibility to who is behind the site which in turn gives enhanced trust in the site. Takes about 2 days to issue.
Domain Validation (DV) SSL Certificates are issued when the CA checks to make sure that the applicant actually has the right to the specific domain name. No company identity information is vetted and no information is displayed other than encryption information within the Secure Site Seal. DV certs can be issued immediately.
Domain Validation (DV) SSL Certificates are issued when the CA checks to make sure that the applicant actually has the right to the specific domain name. No company identity information is vetted and no information is displayed other than encryption information within the Secure Site Seal. DV certs can be issued immediately.