This FAQ gives you answers to the most common questions within SSL and digital certificates. If you have any questions that are not covered in this FAQ, you are always welcome to send an email with your question to email@example.com
BASICS OF SSL
What is SSL?
SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and untampered. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers. Using an SSL certificate from a trusted CA (Certificate Authority) ensures that browsers and devices connecting to your services accepts the certificate seamlessly. The CA is listed in the root store, which is a database of approved CAs that come pre-installed with the browser or device. Read here how to choose the right SSL certificate. Or read more about what is SSL certificates here.
Why do I need SSL?
This is important because the information you send on the internet is passed from computer to computer to get to the destination server. Any computer in between you and the server can "listen in" and see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted with an SSL certificate.
Your customers may not trust your website without an SSL certificate. According to Gartner Research, nearly 70 percent of online shoppers have terminated an online order because they did not "trust" the transaction. In those cases, 64 percent indicated that the presence of a trust mark would have likely prevented the termination.
An SSL certificate - preferably an Extended Validation SSL certificate - and a Site Seal will inspire customer confidence and secure your transactions and thus your business.
How do website visitors know if a website is using SSL?
When a browser connects to a secure site it retrieves the site's SSL certificate and checks that it has not expired, that it has been issued by a Certificate Authority the browser trusts and that it is being used by the website for which it has been issued. If it fails on any one of these checks the browser will display a warning to the end user. If it succeeds, several security indicators are built into modern browsers to indicate that SSL is enabled. The beginning of the URL or web address changes from http:// to https://, a padlock on the browser window changes from open to closed, and the address bar will turn green and display the name of the website owner when connecting to a website protected by an Extended Validation SSL certificate.
Do I have to own a business to get an SSL certificate?
No, you do not have to be a business owner to buy an SSL certificate. Anyone wishing to provide a confidential and secure link between a server and a browser can apply for a certificate.
What is EV SSL certificates?
‘Extended Validation Certificate’ is an enhancement to the standard SSL certificate that guaranties a higher level of security thanks to an extensive validation process.
If you visit an EV certified website, you will see a solid green bar in the browser’s address bar and the easily recognisable green padlock icon. The bar shows the name of the company who owns the website and this image is extremely difficult to copy or fake. The bar therefore works as a type of insurance, telling you that you are in fact on the right website and that you have not been the victim of a ‘phishing attack’.
What is phishing?
Phishing is a fraudulent attempt, usually made through email, to steal your personal information. The best way to protect yourself from phishing is to learn how to recognize a phish. Phishing emails usually appear to come from a well-known organization and ask for your personal information — such as credit card number, social security number, account number or password. Often times phishing attempts appear to come from sites, services and companies with which you do not even have an account. In order for Internet criminals to successfully "phish" your personal information, they must get you to go from an email to a website. A website with an certificate enabled will show you a true validation of the domain. You can trust this validation based on the high level of security check. If the website is trusted by no authority, you should not access the site. Phishing emails will almost always tell you to click a link that takes you to a site where your personal information is requested. Legitimate organizations would never request this information of you via email.
Let's connect on LinkedIn and be updated on phishing and other relevant news for you.
What is a Certificate Authority (CA)?
An certificate authority is an entity, which issues digital certificates to organizations or people after validating them. Certification authorities have to keep detailed records of what has been issued and the information used to issue it, and are audited regularly to make sure that they are following defined procedures.
Every certification authority provides a Certification Practice Statement (CPS) that defines the procedures that will be used to verify applications.
What is HTTPS?
HTTPS or ’Hypertext Transfer Protocol Security’ is a protocol that prevents any unauthorized third party (e.g. cybercriminals) from spying on or obtaining the data being send back and forth between a web browser and a web server. Whenever you enter your password or credit card number online it is paramount that this information reach only the server of the website you are communicating with and this is where HTTPS helps you out.
If you are visiting a regular HTTP-website, the information that you use in communicating with that site is visible to anyone with the skills and inclination to obtained it. Using SSL-protocols, HTTPS-sites enable the exchange of cryptographic keys between your browser and the web server, making sure that these alone can decrypt the data. This prevents anyone who might want to ‘eavesdrop’ from doing so.
CONCEPTS OF SSL
What is a Site Seal?
A trust seal is a logo that you can display on your web site that verifies that you have been validated by a particular certificate provider and are using their SSL certificate to secure your site. It can be displayed on secure and non-secure pages and is most appropriate on pages where customers are about to enter their personal information such as a shopping cart page, but they can be displayed on every page to help build trust. Every certificate authority's trust seal is different and some look more professional so you should consider what the seal looks like in order to maximize customer trust. Install your site seal now
What is a public/private key?
Each SSL certificate contains a public/private key pair: a private key with the code (basically long random numbers) and a public key used to decode it. The private key is installed on the server and never shared with anyone. It is very important that the private Key remains confidential to its respective owner. Otherwise it will compromise the certificate.
The public key is incorporated into the SSL certificate and shared with web browser. The Public Key is what its name suggests - Public. It is made available to everyone via a publicly accessible repository or directory. Because the key pair is mathematically related, whatever is encrypted with a Public Key may only be decrypted by its corresponding Private Key and vice versa.
What is a Wildcard certificate?
Wildcard certificates work the same way as a regular SSL Certificate, allowing you to secure the connection between your website and your customer's Internet browser – with one major advantage. A single Wildcard SSL Certificate covers any and all of the sub-domains of your main domain. Wildcard SSL Certificates save you money and management time by securing your domain and unlimited sub-domains on a single certificate. For example, a single Wildcard certificate for *.website.com can be used to secure
If you have multiple sub-domains to secure, then a Wildcard SSL Certificate purchase can save you hundreds or thousands vs the cost of buying individual SSL certificates.
Read more about Business SSL Wildcard here
Can I get an EV certificate with a Wildcard?
EV wildcards are not permissible (due to the requirements put forth for the issuance of EV certificates by the CAB forum, which regulates the use and issuance of EV certificates), many similar functions can be
attained with the use of subject alternate names.
Read more about EV SSL here
What is ECC?
ECC stands for Elliptic Curve Cryptography, and is an approach to public key cryptography based on elliptic curves over finite fields. It is an alternative to RSA, however ECC can offer the same level of cryptographic strength at much smaller key sizes - offering improved security with reduced computational requirements. ECC is of course fully supported through our sites and services and issuance process is similar to RSA.
What is a SAN?
Subject Alternative Names or also known as Unified Communications (UC) or Multidomain.
The Subject Alternative Name field lets you specify additional host names (sites, IP addresses, common names, etc.) to be protected by a single SSL certificate, such as a Multi-Domain (SAN) or Extend Validation Multi-Domain certificate.
How do I renew?
Same as buying a new certificate, though we will add the remaining time, up to 90 days. That means you easily, in good time, install the new certificate without any trouble.
Are internal domains like .local supported?
Internal Server Names Will No Longer Be Issued as of October 26, 2015
Do you have a test or trial certificate?
Yes, in a way. TRUSTZONE has a 30 days refund policy.
How does a Wildcard with SAN work?
A normal wildcard certificate will only secure a specific subdomain level. For example, if your certificate is for *.yourdomain.com, it will secure subdomains of the same level. You can replace the wildcard character with any subdomain as long as is does not contain any additional periods. To secure a different level such nextlevel.test.secure.yourdomain.com you would need a SAN, or another wildcard to secure that level. You can as an additional option get a wildcard as a SAN.
What is FQDN?
A Fully Qualified Domain Name is the complete domain name for a specific computer or host on the Internet.
Certificate installation scanning?
To Secure that our customers get the full benefit of our products & services, TRUSTZONE performs a thorough security, installation and performance test of the installed certificate. After completion of the order the scan is performed, if accessible from the internet.
What is browser compatibility?
Certificates issued by TRUSTZONE are trusted by all common browsers, mail clients, operating systems, and browsers. It is this universal support that means your Digital Certificates are transparently trusted by each and every customer - wherever, whenever and however they connect to your services.
What is a Domain Name System (DNS)?
The Domain Name System or DNS is the Internet's equivalent of a phone book. It is only possible for computers to communicate and connect with each other using series of numbers. Therefore, DNS converts human readable domain names, ex. www.trustzone.com, into Internet Protocol (IP) addresses (22.214.171.1248). This is necessary because, although domain names are easy for people to remember, computers or machines, access websites based on IP addresses.