ZYGER SSL CERTIFICATION
BE SAFE
WHAT IS SSL CERTIFICATION?
SSL Certificates are small data files that digitally bind a cryptographic key to an organisation’s details. When installed on a web server, it activates the padlock and the https protocol (over port 443) and allows secure connections from a web server to a browser. Typically SSL is used to secure credit card transactions, data transfer and logins, and more recently is becoming the norm when securing browsing of social media sites. SSL Certificates bind together:
- A domain name, server name or hostname
- An organisational identity (i.e. company name) and location
WHO SHOULD INCORPORATE SSL INTO THEIR WEBSITE AND WHY?
An organisation needs to install the SSL Certificate onto its web server to initiate secure sessions with browsers. Depending on the type of SSL Certificate applied for, the organisation will need to go through differing levels of vetting. Once installed, it is possible to connect to the website over https://www.domain.com, as this tells the server to establish a secure connection with the browser. Once a secure connection is established, all web traffic between the web server and the web browser will be secure. Browsers tell visitors a website is SSL secure via several visible trust indicators:
NO MISUSE
With an SSL certificate you can ensure that data is passed between the web server and the client without misuse. Especially for e-commerce applications, but also for transactions in which confidential information is sent over the Internet, an SSL certificate is indispensable. We can apply for successive certificates for your domain.
Note: It is not necessary for your domain to be situated with Zyger or for the server to be located at Zyger either.
WHAT ARE THE TYPES OF SSL CERTIFICATES?
Over the last few years the number of organisations using SSL Certificates has increased dramatically. The applications for which SSL is being used have also expanded. For example; some organisations need SSL simply for confidentiality, e.g. encryption. Some organisations wish to use SSL to enhance trust in their security and identity, e.g. they want to show customers they have been vetted and are a legitimate organisation
As the applications for SSL have started to become wider, three types of SSL Certificates have emerged:
Extended Validation (EV) SSL Certificates: where the Certificate Authority (CA) checks the right of the applicant to use a specific domain name PLUS it conducts a thorough vetting of the organisation. The issuance process of EV SSL Certificates is strictly defined in the EV Guidelines, as formally ratified by the CA/Browser forum in 2007, that specify all the steps required for a CA before issuing a certificate, and includes:
- Verifying the legal, physical and operational existence of the entity
- Verifying that the identity of the entity matches official records
- Verifying that the entity has exclusive right to use the domain specified in the EV SSL Certificate
- Verifying that the entity has properly authorised the issuance of the EV SSL Certificate
EV SSL Certificates are available for all types of businesses, including government entities and both incorporated and unincorporated businesses. A second set of guidelines, the EV Audit Guidelines, specify the criteria under which a CA needs to be successfully audited before issuing EV SSL Certificates. The audits are repeated yearly to ensure the integrity of the issuance process.
Organisation Validation (OV) SSL Certificates: where the CA checks the right of the applicant to use a specific domain name PLUS it conducts some vetting of the organisation. Additional vetted company information is displayed to customers when clicking on the Secure Site Seal, giving enhanced visibility in who is behind the site and associated enhanced trust.
Domain Validation (DV) SSL Certificates: where the CA checks the right of the applicant to use a specific domain name. No company identity information is vetted and no information is displayed other than encryption information within the Secure Site Seal.
Hide