SSL stands for Secure Sockets Layer.
It is a security certificate issued by a Certificate Authority Company that generates an encrypted connection between your web server and your visitor’s web browser.
Here’s a short video that explains this process: https://www.youtube.com/watch?v=iQsKdtjwtYI
Not all SSL’s are created equal. There are 6 versions that I have found:
- EV Certs: An EV Certificate is a new type of certificate that is designed to prevent phishing attacks better than normal SSL certificates. What makes an EV Certificate so special? An SSL Certificate Provider has to do some extensive validation to give you one including:
- Verifying that your organization is legally registered and active
- Verifying the address and phone number of your organization
- Verifying that your organization has exclusive right to use the domain specified in the EV Certificate
- Verifying that the person ordering the certificate has been authorized by the organization
- Verifying that your organization is not on any government blacklists
- UC/San Certs: A Multi-Domain SSL certificate, also known as a UCC, Unified Communications, or SAN certificate, is a type of certificate that uses Subject Alternative Names to secure multiple host names. Any number of different domain names can be included in the SAN field of the certificate enabling the certificate to work on any of the included domain names. For example, you could get one UC SSL Certificate to cover all of the following:
- mydomain.com
- mail.mydomain.com
- autodiscover.mydomain.com
- anotherdomain.com
- Wild Card Certs: SSL Wildcard CertificatesSSL Wildcard Certificates are big money-savers. An SSL Wildcard Certificate allows you to secure an unlimited number of first-level sub-domains on a single domain name. That means you can get an SSL Certificate with the common name as *.mydomain.com and you can use it on all of the following without receiving any errors:
- www.mydomain.com
- mail.mydomain.com
- intranet.mydomain.com
- secure.mydomain.com
- Note: However, in most web browsers (including Internet Explorer) SSL Wildcard Certificates won’t work for multiple levels. This means that an SSL Certificate Wildcard for *.mydomain.com won’t work on www.mail.mydomain.com or site1.sitea.mydomain.com or my.ridiculously.long.subdomain.mydomain.com. The web browser will give a name mismatch error. If you need to secure multiple levels of subdomains or completely different domain names in one certificate, check out Unified Communications SSL Certificates.
- Code Signing Certs: A code signing certificate is a file containing a digital signature that can be used to sign executables and scripts in order to verify your identity and ensure that your code has not been tampered with since it was signed. This helps your users to determine whether your software can be trusted.
- A code signing certificate allows you to sign code using a private and public key system similar to how an SSL certificate secures a website.
- DV Certs: Domain Validated SSL Certificates are no-frills, encryption-only certificates. In order to get a Domain Validated SSL Certificate you just have to prove that you own the domain by responding to an email or phone call using the information in the WHOIS record of the domain. It’s easy. Your company doesn’t have to be validated and no organization name is entered in the certificate. This is good and bad news.
- Advantages:
- Speed. You can usually get a fully-functioning certificate within minutes. No need to send in company validation documents.
- Price. Because the process is automated and requires no validation from the certificate authority, these are the cheapest SSL certificates available.
- Disadvantages:
- Low assurance. Because your company is not validated, these certificates don’t help your visitors know who is running your site. If you have an e-commerce site, your potential buyers may be scared off.
- Less secure. The certificates themselves still enable full, 128-bit encryption but there are other security problems. For one, any phisher can get one and can hide their identity completely. Second, they make man-in-the-middle attacks more dangerous. If an an attacker was able to do some DNS poisoning, he could get a Domain Validated SSL Certificate for your domain and redirect visitors to a fake site that allows him to collect visitor information.
- domain validated certificates do almost nothing to verify that you are talking to who you think you are talking to.
- So when should you use Domain Validated SSL Certificates?
- They work well in situations where you don’t need to assure your visitors or where there is little chance of a man-in-the-middle attack such as on an internal server or on a mail server.
- Advantages:
- Shared SSL Certs: Shared SSLs are installed globally on the server, configured to be used from all users on the servers. and all clients can use it.
- Advantage: Shared & Dv both fulfill the main goal of encrypting your site.
- However, with a shared your url adddress could look like this: https://servername.yourhost.com vs with DV that would look like: http://yourname.com
- Disadvantage: Your business name is not usually on the certificate. The person who bought the certificate (and you are sharing it with) usually appears. For some online shoppers, this might raise red flags. Another problem is that if the person who bought the SSL certificate lapses, you lapse as well, leaving your Web site vulnerable.
- Since the Cert was generated in the hostname of the server, it will cause a certificate warning message pop up on your site when it used as it’s not matching the domain names.
- Note: Some hosting companies offer a free shared SSL.
- Advantage: Shared & Dv both fulfill the main goal of encrypting your site.
What is a certificate authority (CA)?
A certificate authority is an entity which issues digital certificates to organizations or people after validating them. Certification authorities have to keep detailed records of what has been issued and the information used to issue it, and are audited regularly to make sure that they are following defined procedures. Every certification authority provides a Certification Practice Statement (CPS) that defines the procedures that will be used to verify applications. There are many commercial CAs that charge for their services (VeriSign). Institutions and governments may have their own CAs, and there are also free Certificate Authorities.
Every certificate authority has different products, prices, SSL certificate features, and levels of customer satisfaction.
Note: The standards that all SSL providers have to follow to issue any version of a SSL Certificate were created and agreed upon by all the members of the CA/Browser Forum.
What is browser compatibility?
The certificate that you purchase to secure your web site must be digitally signed by another certificate that is already in the trusted store of your user’s web browser. By doing this, the web browser will automatically trust your certificate because it is issued by someone that it already trusts. If it isn’t signed by a trusted root certificate, or if links in the certificate chain are missing, then the web browser will give a warning message that the web site may not be trusted.
So browser compatibility means that the certificate you buy is signed by a root certificate that is already trusted by most web browsers that your customers may be using. Unless otherwise noted, the certificates from all major certificate providers listed on SSL Shopper are compatible with 99% of all browsers
So, now that your overloaded with that info, I’m going to stop here so you can chew on this information.
Tune in tomorrow for the next installment: How does this apply to me?
Sources: WordPress.Org; GoDaddy.com; SSLShopper.com; GlobalSign.com; Zen-cart.com; Siteground.com