Website Cyber Security

What’s the difference between SSL certificates?

webboss2024-02-26T14:39:50-05:00Domain validation (DV) Inexpensive, essential protection recommended for personal or hobby sites where consumer trust is not a major factor and transactions aren’t taking place. DV certificates are issued in minutes by providing proof of domain ownership via a simple email validation process. Organization validation (OV) Affordable protection recommended for small to mid-size businesses where validation of the company is essential. OV is best for sites with low-volume e-commerce transactions. ​​The certificate authority confirms that the business associated with the domain name is registered and legitimate before issuing the certificate, which takes about 1-2 days. Extended validation (EV) Proven to boost customer confidence. Recommended for mid-sized to enterprise sites where customer confidence is vital. It’s a must for websites with transactions for payments, online banking, and e-commerce. EV certificates are issued in 1-5 days, after the completion of a strict validation process that follows standardized industry guidelines. Learn More What is the difference between SAN and wildcard certificates? SAN (Subject Alternate Name) certificates protect multiple domain names under a single certificate. For example, a single SAN certificate can cover opensrs.com, opensrs.org, and opensrs.net. Wildcard certificates protect unlimited subdomains within a single domain under a single certificate. For instance, a single wildcard certificate can cover the primary domain, opensrs.com, as well as its subdomain, help.opensrs.com.

What is an SSL certificate?

webboss2024-02-26T14:42:38-05:00SSL stands for Secure Sockets Layer, while their is also the more updated counterpart, TLS Transport Layer Security. They are both technologies that help secure sensitive information transmitted over the internet and between devices, web servers and computers. The most common time when you use an SSL Certificate is when you connect to a website via HTTPS://. You may not even notice as it is a very seamless technology when working correctly. The Certificate part is a digital certificate which ensures authenticity and helps to enable the encryption to secure this technology. Each website or device you make a connection to, using an Secure Sockets Layer (SSL) or Transport Layer Security (TLS) connection, will have its own unique Certificate. An SSL Certificate can only be issued for a domain, IP address or Email address after a verification process. This ensures that only the owner of a domain name can obtain a Certificate and it can't be faked. While both SSL and TLS are protocol technologies to encrypt and secure web traffic, TLS is the more recent technology and provides many benefits over SSL. The Term “SSL Certificate” is the most commonly used term to describe the technology and refers to both SSL and TLS Certificates in the general sense. SSL/TLS and Secure Web Browsing. The Benefits of SSL Certificates. Information transmitted over the internet in its original form is unencrypted and in plain text. Imagine shopping online and making a purchase with your Credit Card Numbers. Your name, address and card details would be sent to the website in plain text. Anyone maliciously snooping in on your internet traffic would be able to easily see this sensitive information. This is why SSL, TLS Certificates were created, to make sure all information is encrypted and can only be read by the person sending it, and the receiver. Anyone else able to see this transaction would only see unintelligible text. This is why any secure server will need an Certificate SSL. Encryption: An SSL connection will encrypt and secure sensitive information such as personal details, usernames, passwords, billing and credit card numbers and more. Authentication: The web server will send the Certificate which ensures authenticity. To make sure you are connecting to the correct domain. If a certificate is provided for another domain, a secure connection can not be made, with warnings alerting the user. Trust: To obtain an SSL Certificate, you must go through a verification process. This ensures only the person in control of the domain/IP/Email is issued the Certificate, without exception. To obtain a Business SSL Certificate, an extensive business verification process must be completed. An EV SSL is the highest level of verification possible on SSL/TLS Certificates. Your company name will be shown in the certificate itself. Integrity: Not only will information be sent encrypted. It will also be unmodified, ensuring you receive it in its original state.

Why a website should have an SSL/TLS Certificate installed?

webboss2024-02-26T14:43:19-05:00Not only does the installation of an SSL/TLS Certificate benefit your visitors. It also benefits your website in a number of ways. PCI Compliance: PCI-DSS compliance is now a requirement for any website wanting to accept credit card payments and customer sensitive information. To meet the requirements set out in the PCI Compliance rules, you must encrypt all transmitted information. This can be done by securing the transmitted data with SSL Certificates. Increase Search Engine Ranking: All major search engines, including google and bing, now use HTTPS as a ranking factor. And the only way to ensure your website can be accessed via https:// is to install an SSL Certificate. Stop warnings on your website: When someone connects to your website which is not secured, they will have warnings shown in their browser. Your website will be shown as “Not Secure” in the address bar. So to change the browser notice to “Secure” you will need to install and implement SSL Certificates. Increase trust: As soon as someone connects to your website which uses SSL Certificates. They will see “Secure” next to your name in their browser. This instantly increased the trust of your website and services. Protection of Personal Information: It is more prominent in the news every day, about security compromises resulting in customer data leaks. By installing an SSL, you make your customer personal information more secure with the high labels of encryption it provides. Preventing anyone snooping in on the traffic and stealing personal information.

How does SSL/TLS work?

webboss2024-02-26T14:43:52-05:00SSL, TLS works by establishing a connection between two devices. The Web Server (whom you are connecting to) will have a Private Certificate/Key which they keep private and is unique. The server will also have a Public Certificate which is mathematically linked to the Private Key on the server, and no other. For this connection to be successful a number of information is sent to the Client. It includes the digital Public SSL Certificate, preferred secure algorithms to use, signatures and more. A verification is done on both sides and a secret string of text generated between the two, used to encrypt and decrypt all information. This process can be outlines in the following steps when you connect to a secure website: Your browser requests a connection to a server which hosts the website you wish to view. Your browser (the client) will send information to the server which includes what types of algorithms it can use, and what type of SSL/TLS version it is capable of. The server will receive the connection request and client information. It will send back to the client the Public SSL Certificate and information about what SSL/TLS version will be used, and algorithms. The Client will receive the Public SSL Certificate and verify its authenticity with the web browsers inbuilt list of trusted Certificate Authorities. Both the Client (using the Public SSL Certificate) and the server (using a Private Certificate/Key) will generate a secret value. They will verify it against each other through the chosen secure algorithm. When both the Client and Server have the same secret value. They will begin to encrypt and send information to each other for decryption. All over the secure SSL secure sockets layer or TLS transport layer security.

Do I need an SSL Certificate?

webboss2024-02-26T14:44:36-05:00With most major web browsers now expecting a secure connection to be available with all websites. It has now become the preferred method of connection. Any other connection type which may not be considered secure will present the user with warnings that may be shown to them or completely prevent them from using your website. If you have a simple website that just has some information presented to the visitor without interaction. You may be able to continue without an SSL Certificate. Your site may still present a “Not Secure” tag to the user in their browser address bar. If your website has any type of interaction with the visitors. Such as forms, logins, sharing of personal or sensitive information then you will require SSL Certificates. To see if your website is currently active with an SSL/TLS Certificate you can use our free tool here, if it is unable to make a secure connection you will need an SSL Certificate: Website Security Check If you are in need for a Certificate but not sure which type of certificate you need. Please contact our sales team and we will be more then happy to run through all the options and find the best one for you.

What types of SSL Certificates are there?

webboss2024-02-26T14:46:06-05:00There is a number of different types of SSL Certificates, each with its own best use case. One certificate can have a single use, for a single website, or multiple uses to secure different websites, domains or services. SSL Certificate types for domains: Single-Domain SSL: This is usually the cheapest and easiest certificate to obtain. A single domain SSL Certificate can be used to secure a single domain such as www.yourdomain.com. Wildcard SSL: A Wildcard SSL Certificate not only secures the root domain ( yourdomain.com ), it can also secure all the sub-domains under your domain name. Such as blog.yourdomain.com, store.yourdomain.com or forum.yourdomain.com. Multi-Domain ssl: For when you have more than one domain name this is the Certificate to use. With a multi-domain ssl, each domain can be on a different TLD ( yourdomain.com, yourdomain.com.au, yourdomain.co.nz ) sub-domain or be completely different such as: mydomain.com, otherdomains.co.uk, shop.domain.com.au. It is also now possible to get a multi domain wildcard SSL Certificate which can secure multiple domains with unlimited sub-domains. We also have the cheapest multi-domain SSL Certificate available on the market. Other Certificate types: S/MIME Email and Client: An Email or S/MIME Certificate is used to secure and encrypt your emails. It is also used to ensure your identity to the receiver. Code: A Code Signing Certificate will be used to sign released software by the publisher. It ensures authenticity of the application and verifies the publishers identity.

What different Levels of business SSL Certificates can you get?

webboss2024-02-26T14:47:11-05:00Along with different types of SSL Certificates, you also have 3 levels of verification to choose from. Each has its own benefits and can provide additional layers of authenticity and trust to your users. Domain Validation: This is the base validation that is required for all SSL Certificates. You will need to prove ownership of the domain name(s) your wish to secure. This can be done via various methods available when you submit your Certificate request. They include an email method, DNS method or Auth File method. Business/Organization Validation: This verification level is ideal of organizations that want to show their authenticity. The Certificate Authority CA will verify the organization details with the registering authority in your country and check online for any business listings. They will then contact you and verify your position and authority in the business to have an SSL Certificate issued. When the digital Certificate is issued, it will contain your company name. Extended Validation EV SSL: This will require a complete organization background check. The Certificate Authority will make sure your business is in good standing in your country of registration before they issue the SSL Certificate. The Extended Validation EV SSL Certificate is popular for enterprise level websites and organizations with popular brands.