SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a client - typically a web server (website) and a web browser; or a mail server and a mail client (e.g.: Outlook). This link ensures that all data passed between the web server and browser remains private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers. In order to be able to generate an SSL link, a web server requires an SSL Certificate.
SSL Certificates, as known as digital certificates, are small data files that digitally bind a cryptographic key to an organisation’s details. Certificates are issued to companies or legally accountable individuals, SSL Certificates typically bind together domain name/server name/hostname, organisational identity (i.e. company name) and location. It will also contain an issued date and an expiry date and contain details of the certificate authority responsible for issuing the certificate.
An organization needs to install the SSL Certificate onto its web server to initiate secure sessions with browsers. Depending on the type of SSL Certificate applied for, the organization will need to go through differing levels of vetting. Once installed, it is possible to connect to the website over HTTPS, as this tells the server to establish a secure connection with the browser. When a browser connects to a secure site it retrieves the site's SSL certificate and checks that it has not expired, that it has been issued by a Certificate Authority the browser trusts and that it is being used by the web site for which it has been issued. If it fails on any one of these checks the browser will display a warning to the end user. Once a secure connection is established, all web traffic between the web server and the web browser will be secure. Browsers tell visitors a website is SSL secure via several visible trust indicators:
Extended Validation (EV) SSL Certificates display:
Standard SSL Certificates display:
A: The standard HTTP is changed to HTTPS, automatically telling the browser that the connection between the server and browser must be secured using SSL.
B: The address bar turns from white to green, indicating to visitors the web site is using Extended Validation SSL.
C: The padlock is activated, showing that the browser connection to the server is now secure. If there is no padlock or the padlock shows a broken symbol, the page does not use SSL
D: The web site owner's legally incorporated company name is displayed prominently on the address bar real estate. Extended Validation SSL is the only way for a company to get its name displayed in the browser address bar.
To view the details of an SSL Certificate, go to a HTTPS site, click on the padlock and select "View certificates". All browsers are slightly different, but the Certificate always contains the same information.
1) Secure your website
Information which is transferred over a normal internet connection without SSL can be captured. To prevent this it is necessary to encrypt the information, so any computer in between you and the server cannot see your credit card numbers, usernames and passwords, and other sensitive information.
Some SSL Certificates (e.g. Symantec / Comodo) will come with security solution, such as Daily Malware Scanning and Website Vulnerability Scanning.
Daily Malware Scanning: An automatic scan for your public web pages daily. If malware is detected, you will be directed to a list of infected pages and notified of the code causing the problem.
Website Vulnerability Scanning: To identify weaknesses on your website which are most commonly used for attack.
2) Increase the search ranking in search engine
If your website has used SSL Certificate you have SSL certificate on your website, it will help to improve the search engine ranking (e.g. Google).
3) Build trust with your customers for your website
Online business is built on trust, and your customers will not trust an unsecured website. Also, your customers will not fill any personal information until they know their personal information is well-secured.
Moreover, the new version of Firefox / Chrome will show warning if your website login page does not have a secure connection (HTTPS), which may scare your customers and let them believe your website is insecure.
A SSL Certificate a simple and cost-effective way to protect private information – passwords, credit card numbers – submitted to your website. Also, SSL Certificate comes with a site seal, which can be added to your website to show visitors your site is verified and secured.
4) Online identity
With an OV SSL Certificate, it will provide advance benefit - Online identity. When you apply an OV SSL Certificate, the certificate authority (CA) will validate your company information (including company name, official phone number, physical address). So that it helps to prove that the company behind your website is real.
A CSR is a file that you need to generate on the server that needs the certificate. You will generate it with a matching private key file that must remain on the server. The CSR contains the matching public key and other information like your organization's name, location, and domain name. Here is an example of CSR:
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
Encryption is a mathematical process of coding and decoding information. The number of bits (40-bit, 56-bit, 128-bit, 256-bit) tells you the size of the key. Like a longer password, a larger key has more possible combinations. When an encrypted session is established, the encryption level is determined by the capability of the web browser, SSL certificate, web server, and client computer operating system.
Extended Validation (EV) SSL Certificates provide a highest level of assurance. In order to ensure that EV SSL Certificates are not issued fraudulently or misused after issuance, the CA/B Forum requires that issuing CA's validate the legitimacy of each and every web address to which an EV SSL Certificate is assigned. Hence, Wildcard EV SSL Certificates for web addresses such as "*.yourdomain.com" is not permitted.
However, similar functions can be attained with the use of subject alternate names (SAN), you can get a multiple SAN included on one EV SSL certificate to secure multple web addresses such as "www.yourdomain.com", "shop.yourdomain.com", "webmail.yourdomain.com".