SSL certificates are meant to accredit a website is sending secure information from a particular person who owns a public key. “In cryptography, a public key is a large numerical value that is used to encrypt data. The key can be generated by a software program, but more often, it is provided by a trusted, designated authority and made available to everyone through a publicly accessible repository or directory” (Search Security). SSL certificates provide customers with the knowledge the website they are visiting is secure and trustworthy because it uses a public key. When a license is implemented, it engages an HTTPS setting, often represented by a padlock or a green bar at the top of a website. HTTPS is the secure version of HTTP web communications.
What Exactly Is SSL Certification?
SSL stands for Secure Sockets Layer. Utilizing SSL is the original protocol required to obtain an HTTPS site. To be deemed secure, defined by the secure communication of data with guaranteed privacy and integrity, an HTTPS website needed an SSL certificate and a public key to communicate on the internet. A new security protocol was introduced in 1999. This certification is called TLS, or Transport Layer Security, and is considered to be superior to the original SSL. However, certification doesn’t depend on the protocol used, only that communication of data is using a public key.
Despite the new protocol, the SSL acronym is still the most commonly used terminology. There are various names to refer to the certificate such as:
- SSL Certificate
- SSL/TSL Certificate
- TSL Certificate
- Digital Certificate
- Public Key Certificate
- Identity Certificate
All of these names are interchangeable and do not alter the effect of the certification.
What Does a Certificate Do?
Regardless of the preferred terminology, an SSL certificate validates the ownership of a public key. This validation requires information on the organization or business, the URL, physical location, and a date range of certification. The validating organization will input all of this information into an encrypted file, along with additional technical details about the public key, formatted as a .crt file or .cer file. The data can be decoded if necessary, but initially, all information will be scrambled and illegible.
This certification file is meant to encrypt communications securely between two computers, usually a browser and remote server. This file also allows people to know about the owner of the public key in use. The point of the certification is to affirm the owner of the public key is trustworthy, and customers or users of the website are safe engaging with that site.Click to Tweet this ArticleClick To Tweet
Multiple Types of Certifications
The primary function of certifications is the same: to certify the public key is owned by an authenticated and trustworthy source. However, there are differences in how a certificate is issued which affect the additional functions of the document.
- The first, and most common, type of certificate is a Single Domain Certificate. This is used when the public key covers a single website, for example, www.example.com. The “www” in this URL indicates this is a single domain under a single subdomain of “www.”
- The next type is a Wildcard Certificate. This version covers multiple subdomains under a single website, for example, books.example.com and music.example.com. With the wildcard certificate, a site is indicated for the use of one public key and one host website with multiple subdomains.
- Another variation is the Multi-Domain Certificate. Similar to the first two, this certification allows for an organization to utilize a single public key for multiple domains. For example, com, demo.com, yourwebsite.com are all covered under this particular certification.
- The final style of certification is called a UCC (United Communication Certificate) or SAN (Subject Alternative Name) Certificate. The function of this type of validation is congruent to a Multi-Domain Certificate, but these are mostly reserved for large office corporation environments such as with Amazon.
Selecting the Best Level of Authentication
There are three levels of validation to consider when purchasing a certificate. After the appropriate certification type is selected the correct level of validation needs to be chosen. There are three levels: domain validation, organization validation, and extended validation. Each level offers the same functionality, providing an endorsement for a single public key via an encryption file. The difference lies in the level of effort the certification authority emits during the affirmation process.
The effort required for a domain validation consists of ensuring the public key and website domain name are linked. The standard process to check for this congruency is sending an authentication email to the owner listed in the WHOIS database for domain names. If the owner on the receiving end reply and confirms ownership, affirmation is complete. Some companies may require a simple data posting onto the website to prove ownership further.
Organization validation follows similar processes as domain validation but researches further into the existence of the institution. Authenticity is confirmed by checking business databases for articles of incorporation and by finding and establishing the business has a physical address.
Finally, extended validation follows the same protocols as organization validation along with calling the business. The certifier will speak to one or more people at the business to ensure the company is a credible entity.
Pricing for these validation methods depends on the effort required. Domain validation will be cheapest, and the extended will be more costly. Certification authorities will imply the more money spent, the more authoritative and secure a site appears, but this is not the case. However, many customers view this as the case, so depending on the level of concern for customers, choose a degree that bests suits the needs of the business.Click to Tweet this ArticleClick To Tweet
Pulling It All Together
Businesses who wish to exude security to their customers need to use an HTTPS URL. Using an SSL certified public key with a level of domain validation is the only way to accomplish this security. It is not a complicated process, but collecting these certifications will require a little bit of effort and a third party. It is worth the effort, though, to guarantee your customers your website is safe and their data is secure.