What SSL

Background information on SSL Certificates

What are SSL Certificates?

SSL Certificates provide secure, encrypted communications between a website and an internet browser. SSL stands for Secure Sockets Layer, the protocol which provides the encryption. SSL Certificates are typically installed on pages or whole websites that require end-users to submit sensitive information over the internet such as personal data, credit card details and passwords. Pages such as payment pages, online forms and login pages should have SSL encryption.

Why Do I Need an SSL Certificate?

Data transferred in non-encrypted format can be intercepted between you and the webserver such that your communication and the data therein could be compromised and stolen. Online transactions may involve sending personal information such as credit card information, social security numbers, usernames and passwords. Cybercriminals who intercept unencrypted communications will gain full access to this data and can use it for fraudulent activities including identity theft and purchases. Trust and security are what make people confident enough to provide private or sensitive information online. SSL certificates demonstrates that a website or web page can be trusted. Any organisation must use an SSL certificate to secure their site if they wish to take online payments or expect their visitors to submit confidential information. Apart from building essential trust and security into your website, SSL certificates also help with SEO efforts as Google rates the use of an SSL as a positive ranking indicator.

SSL Products Overview

All SSL certificates are typically a combination of a Validation Level and Type.

Certificate Validation Levels

Extended Validated Certificates:

EV certificates provide the highest levels of security, trust and customer confidence for online businesses. EV certificates are issued only after the issuing Certificate Authority has conducted rigorous background checks on the company according to the guidelines laid out by the Certificate Authority/Browser (CA/B) Forum. Because of this, EV certificates contain a unique differentiator designed to clearly communicate the trustworthiness of the website to its visitors. Whenever somebody visits a website that uses an EV certificate, the address bar will turn green in major browsers such as Internet Explorer and Firefox however Chrome have dropped this pointing out that safe websites should be the norm on the internet. EV certificates are used by all major online retailers and banks and are highly recommended for businesses that wish to immediately build customer trust in their site. The browser address bar will include the company name with most popular browsers.

Organisation Validated Certificates:

OV certificates include full business and company validation from a certificate authority using their established and accepted manual vetting processes. Each OV certificate contains full company name and address details, which means they provide significantly higher levels of assurance to end-users than Domain Validated certificates. However, because they are not validated to the CA/B forum standards, they do not possess the ability to turn the browser address bar green.

Domain Validated Certificates:

DV certificates provide the same high levels of data encryption as the other validation levels however do not provide assurance about the identity of the business behind the website. Whereas EV and OV certificates are only issued after the applicant organisation has been manually vetted by a Certificate Authority, DV certificates are issued after domain control has been established using an automated online process. DV certificates are a popular choice amongst small-medium sized web sites because of their faster issuance times and lower price points.

Free Non-Validated Certificates:

FNV certificates are only available to Toucan Internet LLP clients and provide the same high levels of data encryption between the website and browser. There is no validation on the domain or the organisation but will engender trust with website users and assist as a positive ranking signal to Google. These have some value however any enterprise should consider a DV certificate as a minimum.

Certificate Types

Single Domain Certificates

A single domain certificate allows a customer to secure one Fully Qualified Domain Name on a single certificate. For example, a certificate purchased for www.domain.com will allow customers to secure any and all pages on www.domain.com. Single domain certificates are available in DV, OV,EV and FNV variants at a variety of price points and warranty levels. The straightforward nature of the single domain certificate makes it ideal for small to medium sized businesses managing a limited number of websites. However, businesses that operate or anticipate operating multiple websites may benefit from the added flexibility, convenience and savings offered by wildcard or multi-domain certificates.

Wildcard SSL Certificate

A Wildcard certificates allows businesses to secure a single domain and unlimited sub-domains of that domain. For example, a wildcard certificate for ‘*.domain.com’ could also be used to secure ‘payments.domain.com’, ‘login.domain.com, ‘anything-else.domain.com’ etc. A wildcard certificate will automatically secure any sub-domains that a business adds in the future. They also help simplify management processes by reducing the number of certificates that need to be tracked. For growing online businesses, Wildcard certificates provide a flexible, cost effective alternative to multiple single certificate purchases.

Multi Domain SSL Certificate (MDC)

As the name suggests, a Multi-Domain certificate allows website owners to secure multiple, distinct domains on a one certificate. For example, a single MDC can be used to secure domain-1.com, domain-2.com, domain-3.co.uk, domain-4.net and so on. Indeed, an MDC will allow you to secure up to 100 different domains (or wildcard domains) on a single certificate. Customers can easily add or remove domains at any time. This simplifies SSL management because administrators need only keep track of a single certificate with a unified expiry date for all domains instead of keeping tabs on multiple certificates. In addition, MDCs usually represent a cost saving over the price of individual certificates.

Unified Communications Certificate (UCC)

Unified Communications Certificates are specifically designed to secure Microsoft® Exchange and Office Communications environments. UC certificates use the Subject Alternative Name (SAN) field to allow customers to include up to 100 domains on a single certificate – eliminating the need for different IP addresses per website that would be required otherwise. UC Certificates also support the Microsoft Exchange Autodiscover service, a powerful feature which greatly eases client administration. As with MDCs, a single UCC can greatly reduce SSL management duties while allowing customers to realise cost savings over individual purchases.

References, Sources and further reading:

https://www.cnet.com/news/say-good-bye-to-that-green-secure-lock-on-google-chrome/ https://www.instantssl.com https://opensrs.com
Simon Thomas is a founding partner of Toucan Internet LLP; making a difference for clients looking for greater and unexpected outcomes from their digital engagement.

About the author

“Guidance like this is important to our clients when we provide SSL’s for websites and web apps that Toucan Internet has developed.” Simon also has 20 years direct marketing experience pre-internet and provides a unique blend of innovative advice based on experience and an informed understanding of today’s and tomorrow’s enabling technologies. simon@toucanweb.co.uk 01279 871 694
Author Simon Thomas 12th December 2018
https://www.toucanweb.co.uk