SSL Certificate Information

SSL (Secure Sockets Layer) Certificates are used to secure communications between the browser and the web server. They perform a critical function in E-commerce and come in several different formats which we cover below. There are also special SSL certificates used for securing email communications and signing code.

Certificate Composition

There are several parts to a secure SSL connection. If all the pieces are not in place the connection is not secure and the browser may display a warning, an unlocked secure site symbol or you may be blocked from access the website. The different parts of a SSL certificate are as follows.

Certificate Signing Request (CSR)
This is created on the web server and specifies the certificate domain (common) name, like www.yoursitename.com; the organization name; organization location; contact email address; a public key. It is used by the SSL certificate provider (authority) to tie the certificate they issue to your server. Each web server type has different steps one needs to take to generate a CSR. A typical CSR looks something like this:

Submitting the CSR Request and Validation
Once you have a CSR generated it is submitted to a certificate authority. They will then, depending on the type of certificate, validate the request for a certificate. If are ordering a standard or domain validated SSL certificate they will send an verification email to the registered domain admin. Correctly responding to this email will authorize a certificate to be issued. A full-authentication SSL certificate on the other hand will require both a domain registration verification and a copy of your business license. An extended validation certificate will take more time and require additional validation steps. They start at $500 and go up from there in cost. These certificates cause the browser bar to turn green.

Certificate Issuance and Installation
After the request is validated the certificate authority will issue a certificate in digital form which must be installed on your web server. You will need a dedicated IP address and the installation process varies depending on the web server. A typical certificate looks something like this:
-----BEGIN CERTIFICATE----- MIIEZDCCA0ygAwIBAgIQRL4Mi1AAJLQR0zYwS8AzdzANBgkqhkiG9w0BAQUFADCB N3kDuatpjQclthln5LAbGHNhSuh+zdMvZOOmfAz6F4CjDUeJT1FxL+78P/m4FoCH AgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFPqGydvguul49Uuo1hXf8NPh ahQ8ME8GA1UdHwRIMEYwRKBCoECGPmh0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9V VE4tVVNFUkZpcnN0LU5ldHdvcmtBcHBsaWNhdGlvbnMuY3JsMA0GCSqGSIb3DQEB BQUAA4IBAQCk8yXM0dSRgyLQzDKrm5ZONJFUICU0YV8qAhXhi6r/fWRRzwr/vH3Y IWp4yy9Rb/hCHTO967V7lMPDqaAt39EpHx3+jz+7qEUqf9FuVSTiuwL7MT++6Lzs QCv4AdRWOOTKRIK1YSAhZ2X28AvnNPilwpyjXEAfhZOVBt5P1CeptqX8Fs1zMT+4 ZSfP1FMa8Kxun08FDAOBp4QpxFq9ZFdyrTvPNximmMatBrTcCKME1SmklpoSZ0qM YEWd8SOasACcaLWYUNPvji6SZbFIPiG+FTAqDbUMo2s/rn9X9R+WfN9v3YIwLGUb QErNaLly7HF27FSOH4UMAWr6pjisH8SE -----END CERTIFICATE-----

Certificate Chaining

When you are issued a certificate it is part of a upside down tree structure, with the root certificate at the top and all issued certificates below that. Sometimes you might have another certificate between your certificate and the root certificate. This is called a chained or intermediate certificate. As long as all the "links" in this chain are valid the browser will accept your certificate. These chained certificates also have to be installed on the web server.

Browser Compatibility

All of the certificates sold today are compatible with the most recent browsers. The only time you might run into to problems is when end users are using browsers more than 3-5 years old, which are a very small percentage of the internet users out there. If you must have coverage for older browsers and programs you must spend a lot more for your SSL certificate.

Different Types of SSL Certificates

Wildcard Certificates
These certificates are used to protect multiple sub domains in a single domain, like:

https://billing.yoursitename.com
https://sales.yoursitename.com
https://marketing.yoursitename.com

They are very specialized and used by many hosting companies to provide free "shared" SSL certificates. They can provide up to 256 bit encryption.

Domain Validated Certificates
These certificates are used to protect a single domains and are in use on the majority of smaller e-commerce sites out there. Almost all of the sites we host that use a non-shared SSL certificate use one of these. their main benefit is that they are inexpensive and work in all the current browsers. The certificate authority will just use the domain admin email address to verify the validity of the certificate request.

Full-authentication Certificates
These certificates are used to protect a single domains and are in use on the smaller number of e-commerce sites. The certificate authority will validate your request for the certificate via both email and also require you to fax in addition documentation, like a business license and drivers license. These certificates display the actual company name in the certificate.

Extended (EV) Validated Certificates
These certificates are used to protect a single domains and are designed to help prevent phishing attacks. They are used by banks and large traffic e-commerce sites, like Amaxon.com and have a green address bar when active. They can take weeks to be issued and verify multiple things regarding your domain, including phone number, address, business registration validity and also government black lists. They are very expensive.

Recommendation

Unless you have a specific need for a Full authentication or Extended (EV) certificate we recommend that you just use a domain validated certificate. For pricing or to order a certificate please visit our order page.