Secure Sockets Layer, SSL, is the standard security technology for creating an encrypted link between a web server
and a browser. This link ensures that all data passed between the web server and browser remain private and integral.
SSL is an industry standard and is used by millions of websites in the protection of their online transactions with
their customers. In order to be able to generate an SSL link, a web server requires an SSL Certificate. SSL can be
used to create secure links to protect transactions, passwords, personal details, etc.
There are many Certification Authorities (CAs) currently offering digital certificates, each with various certificate
products. For the first time user of digital certificates it is often difficult to make an informed purchase decision.
Equally, experienced users may not have a full understanding of certain finer points relating to the products that are
available on the market. We aim to provide impartial advice on how to approach the purchase of SSL certificates while
at the same time clarifying certain issues relating to the product and industry which are often misunderstood. Our hope
is that you find the information provided of assistance in making the right purchase for your business and security needs.
When do you need to use a digital certificate?
Securing transmission of financial information in ecommerce is currently the major application of SSL certificates. However,
with incidence of identity theft on the rise, protection of personally identifiable information is becoming ever more important.
This category of data would include identity and social security numbers, as well as e-mail addresses.
So, if you are handling financial transactions on your website, there is no question that SSL certificates are required.
If you are managing sensitive customer data, the use of SSL certificates is worth serious consideration – especially if
customer/member security and privacy is high on your list of priorities.
Why use a digital certificate?
There are two main reasons why you should make use of a digital certificate:
To prove your company's (or your server's) identity online and in so doing create a sense of trust and
confidence in using your website.
To offer protection of the data submitted to your website (or between servers) through the use of encryption.
Should any information be intercepted, it will be unintelligible without the unique key used for decryption.
What level of authentication does the certificate offer?
In securing your website with a digital certificate, your main aim is to provide proof of your online identity and
in so doing establish a relationship of trust with those with whom you wish to interact online. This is where
authentication comes into play as the most important element of a digital certificate. Authentication provides users
with proof that:
1.Your company is a bona fide real world company.
2.They are connecting to the correct server.
A certificate's level of authentication may be seen as an indication of its quality – the higher the level of
authentication provided, the greater the quality of the certificate. It is therefore important to understand that
the various digital certificates available each differ in level of authentication depending on the issuing CA or even
the specific product.
Some CAs perform only very basic authentication prior to issuing a certificate while others conduct extensive checks
to ensure the identity of the applying organization. The following are the various authentication checks that are
performed by CAs:
1.Domain lookup to confirm that applying company owns domain.
2.Check existence of company to confirm that it is a legally registered organization.
3.Verification of identity of individual requesting certificate to confirm that they are an authorized representative.
All CAs performs one or more of these authentication checks. The result is a range of products of greatly differing
levels of quality. It is important to note that the more authentication checks performed the better the quality of the
certificate. So make sure you determine exactly what authentication checks are performed before purchasing.