SSL Certificate FAQ

Below are some of the most frequently asked questions about Trust Service and SSL. If you have additional questions not answered here, you can always contact our support staff, available 24 hours a day, 7 days a week.

SSL Certificates Overview

Using SSL Certificates

 

 

 

SSL Certificates Overview Back to top

 

What is SSL?

SSL is an acronym for “Secure Sockets Layer” and is a method for establishing a secure, encrypted link between two different systems such as a web browser and a web server.

What do SSL Certificates provide?

SSL Certificates provide two important roles for systems that use them:

  1. SSL certificates provide security by encrypting the data between the browser and the web server.Data encryption is critical for financial transactions or other situations where websites are requesting sensitive data from visitors. Many web users will not have confidence that their interactions with the website is secure and encrypted, unless they see the lock icon which provides a visual cue that an SSL certificate has been used to protect data.
  2. SSL certificates provide identity verification, through domain and organization validation. Only the verified owner of a domain name may purchase an SSL certificate for that domain. For Organization validated SSL certificates, only verified, approved representatives of the organization are permitted to purchase an SSL certificate for domains in use by the organization.Extended Validation (EV) certificates take identity validation even further. Sites with an EV SSL certificate will cause the address bar on the web browser to turn green. Users are able to view information about the website that will help them to confirm that they are dealing with who they believe they are dealing with.

Both applications of SSL Certificates are important for building a trust relationship with end-users that is required before they will pass along personal, or financial information to websites or online service providers.

How does SSL work?

In the case of web browsers surfing secure web sites, SSL communication starts with the web browser requesting the digital certificate from the web server. The certificate contains the hostname of the web server, an expiration date of the certificate, the public key of the web server, and is signed by a Certificate Authority. The web browser can validate all of these pieces of information except for the public key of the web server. If all of the verifiable components pass validation, the web browser will generate its own public key and send it back to the web server. When the web browser’s public key is sent back to the web server as a response, it uses the web server’s public key, which was contained within the certificate, to encrypt the browser’s public key being sent. Now both the web server and web browser will be able to communicate with each using secure, encrypted communications because they have exchanged each of their public keys.

What is a Wildcard certificate?

A wildcard SSL Certificate helps enable SSL encryption on multiple sub-domains using a single certificate as long as the domains are controlled by the same organization and share the same second-level domain name. For example, a Wildcard certificate issued to Company ABC using the Common Name (“*.CompanyABC.com”) may be used to secure subdomains like login.companyabc.com, payment.companyabc.com and support.companyabc.com.

What are Site Seals?

Site Seals are static or dynamic images that can be placed on SSL secured websites that allows visitors to tell at a glance that they can trust who they are dealing with, that the online site is validated and that they can transact safely and securely. Each of the three brands of SSL Certificates offer different site seals:

  • VeriSign Secured Seal is available with all VeriSign-branded SSL certificates for installation on pages secured with a VeriSign SSL Certificate. Customers not only see the trust mark, they can click the seal and verify the site in real time. More than any other trust mark, 79% of U.S. online shoppers are familiar with the VeriSign Secured Seal.
  • GeoTrust True Site Seal is available with every GeoTrust SSL Certificate and shows web site visitors that their information is protected. The GeoTrust True Site Seal can be added to home pages, buy pages, log-ins or any other page on your authenticated site where visitors need to verify a web site. Depending on the certificate, True Site Seals are either dynamic or static and may contain further information about the identity of the certificate owner.
  • thawte Trusted Site Seal is a dynamic image appearing on websites secured with thawte SSL certificates allowing visitors to tell at a glance that they can trust the site, that the online site is validated and that they can transact safely and securely.

How does an SSL Certificate create trust in visitors to websites?

Security is a concern for many people who use the Internet. People on the Internet also recognize that websites that use digital certificates are ones that are more secure and trustworthy. Digital certificates give users confidence that their data is protected and they have a reduced risk of their information being divulged beyond the organization they are dealing with.

In addition to having a digital certificate, the Certificate Authorities that DKUKHost uses all offer Trust Seals which allow an image seal to be placed on the website itself. The banner links through to a trusted external organization that further validates the trustworthiness of the website.

What are Dynamic vs. Static Site Seals?

A Dynamic Seal is dynamic image displayed on a website that shows the current time and date of when the web page was loaded which indicates that the seal is valid for the domain it is installed on and is current and not expired. When the image is clicked, it will display information from the Certificate Authority about the website’s profile which validates the web site’s legitimacy. This will give visitors of the website increased confidence in the site’s security.

A Static Seal is simply an static graphic image that can be placed on the website to indicate where the digital certificate was obtained from, however there is no click-through validation of the website and the image does not show the current time and date.

What is a Root Certificate Authority?

A Root Certificate Authority is the highest level of digital certificate within the trust relationship of certificates. Web browsers, and other applications which use digital certificates, have a limited set of Root Certificates from organizations that have been recognized as Root Certificate Authorities. All certificates they create will include a link back to their Root Certificate so web browsers will understand that the certificate is valid and can be trusted.

Most applications that use digital certificates, such s web browsers, will have a list of the official Certificate Authorities so they are aware they are legitimate and trusted. Certificate Authorities who are not in this list will cause the application to display warnings that the Certificate Authority is unknown, and may also suggest there are security issues associated with unknown Certificate Authorities.

What is a public/private key pair?

Public and Private keys are a pair of unique codes used to encrypt data sent another computer. When a computer wishes to speak securely with another computer, it sends its Public Key to the other computer. This Public Key can be used by the second computer to encrypt information sent back to the first computer.

 

 

 

Using SSL Certificates Back to top

 

What are practical applications for SSL Certificates?

The perception of SSL Certificates is that they are primarily used to secure the transmission of financial information in ecommerce. But with identity theft on the rise and more and more businesses opening up their networks via the Internet, protecting all types of personally identifiable information (social security numbers, login information, etc.) and key business information is important. SSL Certificates can be used to secure the following:

  • Web servers
  • Mail servers
  • Web forums
  • Blogging platforms
  • Control panels
  • Corporate intra- and extranets
  • Wikis
  • VPNs
  • Customer portals
  • and more!

How can certificates be used to secure additional services other than web servers?

Digital certificates are a method to encrypt communications between two programs, and although they are most commonly used for secure web surfing they can be used for an unlimited number of communications including:

  • Email
  • Instant messaging or other communications protocols
  • FTP servers

What are the Validation methods performed?

There are three methods of validation performed:

  1. Domain-validated certificates: Only the verified owner of the domain name can purchase an SSL certificate for the domain. Validation is done via email sent to the domain owner. Domain validated SSL certificates can be issued very quickly – often in minutes.
  2. Organization-validated certificates: When corporate identity validation is important, an SSL Certificate for the organization assures customers that the website is trustworthy and secure. Only verified representatives of the organization may purchase these certificates and business licences or other proof is required. The Certificate Authority will verify through phone call to ensure that the certificate request is legitimate.
  3. Extended Validation (EV) certificates: With Extended Validation, as well as displaying the certificate seal, the address bar is displayed in green, providing customers with an extra level of confidence. The green address bar is a strong visual indication that the site has an Extended Validation Certificate. The Security Status bar displays the organization name and the name of the Certificate Authority (CA).In order to be approved for an Extended Validation certificate, the certificate authority will actively check the Organization and the individual applying for the certificate. This is to verify that the Organization is positively the Organization they claim to be, and the individual requesting the certificate is someone who is authorized to request a digital certificate. Extended Validation may take as long as one week to complete.

What benefit is there to purchasing a digital certificate with higher assurance?

All certificates ensure that the information transmitted is encrypted and secure, but Extended Validation certificates have additional validation of the organization requesting the certificate. This is indicated in web browsers by turning the address bar green, as well as displaying the organization name contained within the certificate. Users visiting a web site with this level of validation will have a higher amount of confidence in conducting transactions with that site.

How many domain names does a certificate secure?

Certificates will only secure one domain name, and depending on the type of cert you obtain, it will be valid for only one hostname beneath that domain name. (ie: only www.example.com and not subdomain.example.com)

Wildcard certificates are valid for an unlimited amount of hostnames beneath a single domain name. With Wildcard certificates, the computers using mail.example.com, smtp.example.com, www.example.com as well as any other host based on example.com domain will all be able to use the same certificate.

What does the green address bar indicate? How does this provide value to those who purchase digital certificates from me?

Web sites using an Extended Validation certificate will cause web browsers to change the address bar to a green colour and also display the name of the Organization the certificate was issued to. Certificate Authorities will only grant Extended Validation certificates to organizations after the Certificate Authority verifies that the genuine organization is requesting the certificate.

The green address bar gives assurance to visitors of the web site that they are definitely visiting a web site run by the organization they should be dealing with, rather than a fraudulent site posing as that organization.

What are the security and flexibility aspects of digital certificates sold by DKUKHost?

There are a number of reasons digital certificates sold by DKUKHost are a great choice, including:

  • Certificates sold through DKUKHost are compatible with all current web browsers (mobile or desktop) and web servers they will be used with. Their use is not limited to just web servers as they can be used to secure communications with other protocols such as SMTP, IMAP, POP and many more.
  • There are a variety of certificates at different prices to suit your particular needs and budget.
  • Certificate purchasing is supported by our excellent DKUKHost Support and Sales staff.
  • DKUKHost uses Certificate Authorities who are leaders in the digital certificate industry.

How does a Wildcard SSL Certificate Work?

Most types of digital certificates will only secure a computer under a single hostname (ie: www.example.com), but Wildcard certificates will secure an unlimited number of different hostnames beneath a single domain name. (ie: subdomain.example.com) If you have a large number of servers under a domain name with a variety of hostnames, or you need the flexibility of not being confined to a single hostname, a Wildcard certificate is an excellent option for flexibility, management. It eliminates the need for multiple individual certificate orders for multiple hostnames.