When you have to choose an SSL certificate, you should always make sure that it meets all of your company’s security needs. Choosing the right certificate will save you both time and money, but how do you go about choosing it? At TRUSTZONE, we want to make the process of choosing as easy and simple as possible – and that is why we made this guide for you.
IS YOUR DOMAIN NAME REGISTERED?
If you want a publicly trusted certificate for a public web site then it has to be issued by an authorized SSL provider, known as ‘Certificate Authorities’ or CAs, and in order for this to happen, your domain name needs to be registered. Before they can issue the SSL certificate to you the CA has to confirm the ownership of the domain in question, and they can only do that if the domain is publicly registered.
But, what if you want a certificate for an internal server using a private network? In that case, your domain name will not be registered and thus you will not be able to get at publicly trusted SSL certificate. What TRUSTZONE will do though, is issue a customized certificate made especially for internal servers without a registered domain name.
WHAT LEVEL OF SECURITY DO YOU NEED?
There are three levels of SSL security, and you need to figure out, which one will best suit your needs. With the Express SSL certificate (Domain Validated) you get the most basic level of security; if you want a bit more than that, you will need the Business SSL certificate (Organization Validated); and if you want the highest level of security available in SSL today, then the EV SSL certificate (Extended Validation) is the way to go.
An Express SSL certificate is the most basic security solution available. Out the three different types of certificates, the Express SSL holds the least amount of information concerning the identity of your company. All this certificate indicates to your customers is that the owner of your website has administrative control over the domain. Even though the Express SSL certificate do encrypt all information being send back and forth between your customer’s web browser and your web server, we do not recommend using this certificate for your company’s website. The rise in phishing attacks makes it necessary for any commercial web site to let its customers know, loud and clear, that they are on the right site and not using something created by an imposter. This kind of transparency is only possible if you use either a Business SSL or an EV SSL certificate.
The Business SSL certificate includes a validation process verifying the identity of your company and by default your websites identity. However, this authentication is not immediately visible to your customers, when they go on your site. In order to view the identification validation, they will have to go into the details section in the certificate, and this is of course only possible, if they know where to look.
An EV SSL certificate can only be issued after a trusted third party, such as TRUSTZONE, has completed an extensive validation process, and thus it lends a high degree of credibility to your company’s brand. The browser address bar makes it easy to see if a website uses an EV SSL certificate, and this increases the level of trust between you and your customers, inciting them to come back to your site again.
When choosing which certificate to use, you have to ask yourself the following questions: How important is your company’s brand identity when it comes to its online presence, and to which extend do you want the level of security on your site to be clear and visible to your customers?
WHAT TYPE OF SSL CERTIFICATE DO YOU NEED?
SINGLE DOMAIN SSL
If you need to secure one domain (e.g. www.example.com) then you need a single domain certificate. The following TRUSTZONE certificates can be issued as a single domain certificate:
- Express SSL
- Business SSL
- EV SSL
If you need to secure multiple domains (e.g. www.example.com, login.example.com and vpn.example.com) then you need a Multi-Domain Certificate (MDC) also known as a SAN certificate. The following TRUSTZONE certificates can be issued as a MDC / SAN certificate:
- Express SSL *
- Business SSL
- Business SSL Wildcard
- Mobile SSL
- EV SSL
* Note: Express SSL certificates can only be issued as a MDC / SAN certificate, if the SANs are sub domains of the root domain (e.g. www.example.com, login.example.com and vpn.example.com).
All other above listed certificates, also support different root domains as SANs, meaning that you could secure all your domains via one MDC / SAN certificate (e.g. www.mydomain.com, www.my-other-domain.com, www.my-third-domain.com).
As a new feature, Business SSL, Business SSL Wildcard and Mobile SSL certificates, also support wildcard domains as SANs.
If you need to secure an unlimited number of sub domains under one root domain (e.g. *.mydomain.com) then you need a Wildcard certificate. The following TRUSTZONE certificates can be issued as a Wildcard certificate.
- Business SSL Wildcard
It is more cost-efficient buying one certificate that covers several domains at once, than buying one certificate for each domain. On top of that, having only one certificate that covers several domains also makes it a lot easier to manage and renew your certificate.
Once you have chosen and ordered your SSL certificate, the validation process can begin.
You will have to activate SSL on your web server, thus creating a CSR file (Certificate Signing Request) containing all necessary information about your company. Then the web server will generate two encrypted keys – a public key and a private key.
The private key is included in the CSR file and therefore holds all the company information. You then send the CSR file and the private key to a ‘Certificate Authority’, or CA, who validates the information and provide the actual certificate. The receiving web server compares the certificate and the private key, which means that the CA never actually gain access to the latter. This way, the risk of the information being compromised is significantly reduced.
Your company should only use private keys that are minimum 2048-bit or bigger. Smaller bit-count keys have previously been cracked, and a lot of companies therefore opt for 4096-bit keys. However, you should be aware that not all smart cards and card readers support keys that are bigger than 2048-bit.
WOULD YOU LIKE TO CHANGE YOUR SSL CERTIFICATE OR YOUR SSL PROVIDER?
Maybe you already have an SSL provider, but you want to switch over to TRUSTZONE; or maybe you have one type of certificate provided by us, but you would like to use a different type? No matter what the case may be, we do our upmost to make sure, that the change is simple and easy for you.
If you already have a SSL certificate from another provider, and you want to use a certificate from TRUSTZONE instead, you can have the new certificate activated from day one, after the validation is completed, and we will refund up to 90 days of the remaining time on your old certificate. If you have purchased one type of certificate from TRUSTZONE, but want to switch to another type, the remaining period on your old certificate will automatically be deducted. All you have to do is contact us, and we will find the right solution for you.
HOW DO YOU PAY FOR YOUR TRUSTZONE CERTIFICATE?
Unlike many other SSL providers, TRUSTZONE uses billing instead of credit card payment. This makes it a lot easier for you, if you have been tasked with buying an SSL certificate for your company, but you do not have immediate access to the company credit card. With our billing system, you can order your certificate right away, and then deal with the payment, once you receive the bill from us.
SUPPORT IN MULTIPLE LANGUAGES
If you have any questions concerning IT security, SSL certificates or any of our other products, or if you need help with anything else, do not hesitate to contact us. At TRUSTZONE, we provide support in both Swedish, Norwegian, Danish and English, and our support and service is always included in the price of your certificate.
ORDER, RENEW AND MANAGE YOUR CERTIFICATE
Our customer portal makes it easy and quick for you to view our products and decide what is right for you. When you set up an account, you will be able to order, renew and manage your own certificates without having to go through us first. You can read more about our TRUSTZONE Customer Portal.
WOULD YOU LIKE TO ORDER A SSL CERTIFICATE FROM TRUSTZONE?
Or would you just like to know more about our different products, and maybe get an offer on a SSL security solution for you and your company? Then you can either go directly to the order form and start ordering your certificate or you can request a phone call from our team of SSL experts, who will answer any questions you may have.