- What is SSL?
- Why SSL?
- PKI Overview
- SSL Certificate Features
- Ordering a Certificate
- What is a CSR?
- SSL Certificate Installation
- SSL Certificate Errors
- SSL Details
- Special Types
- Copying a Certificate
SSL Certificate Features
There are many different types of certificates and many different SSL certificate features that you may need to understand in order to purchase the right SSL certificate. The most critical distinction to make is whether you need a high assurance certificate, a low assurance certificate, or an EV certificate.
What is a high assurance certificate?
A high assurance certificate is the normal type of certificate that is issued. There are two things that must be verified before you can be issued a high assurance certificate: ownership of the domain name and valid business registration. Both of these items are listed on the certificate so visitors be be sure that you are who you say you are. Because it requires manual validation, high assurance certificates can take an hour to a few days to be issued.
What is a low assurance/domain-validated certificate?
A low assurance/domain-validated certificate is a certificate that only includes your domain name in the certificate (not your business or organization name). Certificate authorities usually can automatically verify that you own the domain name by checking the WHOIS record. They can be issued instantly and are cheaper but, as the name implies, they provide less assurance to your customers.
What is an EV (Extended Validation) certificate?
An EV certificate is a new type of certificate that is designed to prevent phishing attacks. It requires extended validation of your business and authorization to order the certificate and can take a few days to a few weeks to receive. It provides even greater assurance to customers than high assurance certificates by making the address bar turn green. Learn more about EV Certificates and compare the cheapest ones.
What is a wildcard certificate?
A wildcard certificate can secure an unlimited number of first level sub domains on a single domain name. For example, you could get a wildcard certificate with *.yourdomain.com as the common name. This certificate would secure www.yourdomain.com, mail.yourdomain.com, secure.yourdomain.com, anything.yourdomain.com, etc... In other words, it will work on any sub-domain that replaces the wildcard character (*).
What is an SGC Certificate?
SGC SSL Certificates, enable older browsers to connect to a site using 128-bit encryption even if the normal browser encryption rate is 40-bit. They usually cost significantly more and are only available from certain vendors. However, there are several strong arguments against using SGC SSL Certificates. Essentially, the percentage of people using web browsers that would benefit from an SGC certificates is less than 1% because all browsers released since the year 2000 have been capable of using strong crypto without needing SGC certificates. In addition, by using an SGC certificate on your site, you are encouraging your visitors to use old, insecure browsers which have many more security flaws than newer browsers. Read Say No To SGC SSL Certificates for more information.
A certificate authority issues certificates in the form of a tree structure. A root certificate is the top-most certificate of the tree. All certificates below the root certificate inherit the trustworthiness of the root certificate. Many software applications, such as web browsers, include certain root certificates that are automatically deemed trustworthy. Any certificate signed by a trusted root certificate will also be trusted. In turn, the signed certificate can sign another certificate and it will also be trusted as long as the browser has all of the certificates in the chain to link it up to a trusted root certificate.
Any certificate in between your certificate and the root certificate is called a chain or intermediate certificate. These must be installed to the web server with the primary certificate for your web site so that user's browers can link your certificate to a trusted authority. Most certificate authorities use intermediate certificates for security purposes and most web servers and devices support them.
The warranty that you get when you purchase an SSL certificate ($10,000, $250,000, etc...) can be misleading. It is not a warranty to the purchaser but rather to the end users who use a site secured by an SSL certificate. Basically, if you, the purchaser, turn out to be fraudulent and a user of your web site loses money because the certificate authority didn't properly validate you, then the certificate authority will compensate the end user. This practically never happens! It is therefore not very important how big the warranty is when you buy an SSL certificate. Certain certificate authorities have slightly different policies on warranties that you may wish to look into.
What is a Scalable SSL Certificate?
All certificate authorities now issue scalable certificates. Certificates can be used at low encryption rates (40 bit encryption), normal encryption rates (128 bit encryption), or even higher encryption rates (usually up to 256 bit encryption) depending on what the users web browser and the web server support. The term "scalable SSL Certificate" is just marketing hype.