SSL Certificates

What is SSL?
SSL stands for "Secure Sockets Layer". SSL Definition; Secure Sockets Layer is a protocol designed to enable applications to transmit information back and forth securely. Applications that use the Secure Sockets Layer protocol inherently know how to give and receive encryption keys with other applications, as well as how to encrypt and decrypt data sent between the two.

To enable SSL on a website, you will need to get an SSL Certificate that identifies you and install it on the server. The use of an SSL certificate on a website is usually indicated by a padlock icon in web browsers but it can also be indicated by a green address bar. Once you have done the SSL install, you can access a site securely by changing the URL from http:// to https://. When an SSL certificate is installed on a website, you can be sure that the information you enter (contact or credit card information), is secured and only seen by the organization that owns the website.

Millions of online businesses use SSL certificates to secure their websites and allow their customers to place trust in them. In order to use the SSL protocol, a web server requires the use of an SSL certificate. SSL certificates are provided by Certificate Authorities (CAs).

Why do I need SSL?

If you are transmitting sensitive information on a web site, such as credit card numbers or personal information, you need to secure it with SSL encryption. It is possible for every piece of data to be seen by others unless it is secured by an SSL certificate.

Your customers won't trust your web site without an SSL certificate. According to Gartner Research, nearly 70 percent of online shoppers have terminated an online order because they did not "trust" the transaction. In those cases, 64 percent indicated that the presence of a trust mark would have likely prevented the termination. An SSL certificate and a site seal could stop people from abandoning your website and that means more money for you. Read our why SSL is necessary page to learn more.

What is a certificate authority (CA)?

A certificate authority is an entity which issues digital certificates to organizations or people after validating them. Certification authorities have to keep detailed records of what has been issued and the information used to issue it, and are audited regularly to make sure that they are following defined procedures. Every certification authority provides a Certification Practice Statement (CPS) that defines the procedures that will be used to verify applications. There are many commercial CAs that charge for their services (VeriSign). Institutions and governments may have their own CAs, and there are also free Certificate Authorities.

Every certificate authority has different products, prices, SSL certificate features, and levels of customer satisfaction. Read our SSL Certificate reviews to find the best provider to purchase from.

How does SSL work? Some applications that are configured to run SSL include web browsers like Internet Explorer and FireFox, email programs like Outlook, Mozilla Thunderbird, Apple Mail.app, and SFTP (secure file transfer protocol) programs, etc. These programs are automatically able to receive SSL connections.

To establish a secure SSL connection, however, your application must first have an encryption key assigned to it by a Certification Authority in the form of a Certificate. Once it has a unique key of its own, you can establish a secure connection using the SSL protocol. 

This is in short how it works.

1. A browser requests a secure page (usually https://).
2. The web server sends its public key with its certificate.
3. The browser checks that the certificate was issued by a trusted party (usually a trusted root CA), that the certificate is still valid and that the certificate is related to the site contacted.
4. The browser then uses the public key, to encrypt a random symmetric encryption key and sends it to the server with the encrypted URL required as well as other encrypted http data.
5. The web server decrypts the symmetric encryption key using its private key and uses the symmetric key to decrypt the URL and http data.
6. The web server sends back the requested html document and http data encrypted with the symmetric key.
7. The browser decrypts the http data and html document using the symmetric key and displays the information.

 Here is What Happens When a Web Browser Connects to a Secure Web Site. A browser attempts to connect to a Web site secured with SSL. 

The Green Address Bar Restores Trust with Extended Validation

An EV SSL Certificate gives customers more confidence that they are interacting with a trusted Web site and that their information is secure. An EV SSL Certificate triggers high-security Web browsers to display your organization's name in a green address bar and show the name of the Certificate Authority that issued it. The Certificate Authority uses an audited, rigorous authentication method and browsers control the display, making it difficult for phishers and counterfeiters to hijack your brand and your customers.

An EV certificate is a new type of certificate that is designed to prevent phishing attacks. It requires extended validation of your business and authorization to order the certificate and can take a few days to a few weeks to receive. It provides even greater assurance to customers than high assurance certificates by making the address bar turn green.

A wildcard certificate can secure an unlimited number of first level sub domains on a single domain name. For example, you could get a wildcard certificate with *.yourdomain.com as the common name. This certificate would secure www.yourdomain.com, mail.yourdomain.com, secure.yourdomain.com, anything.yourdomain.com, etc... In other words, it will work on any sub-domain that replaces the wildcard character (*).

Encryption is a mathematical process of coding and decoding information. Encryption ensures that information is scrambled in transit so that only the intended recipient can decode it. The number of bits (40-bit, 56-bit, 128-bit, 256-bit) tells you the size of the key. Like a longer password, a larger key has more possible combinations. In fact, 128-bit encryption is one trillion times one trillion times stronger than 40-bit encryption. At current computing speeds, a hacker with the time, tools, and motivation to attack would require a trillion years to break into a session with 128-bit encryption. SSL Certificates with server-gated cryptography (SGC) enable 128- or 256-bit encryption for over 99.9% of Internet users