SSL Certification
The last couple of years has seen a significant increase in online hack attacks, malware, and the theft of online information. Phishing to direct users to false websites, and outright website theft have become common. Therefore, the market-leading browsers now have a policy that they will only connect to secured websites unless the user specifically allows it.
The added security offered by securing a website with a Secure Sockets Layer (“SSL”) certificate is that it verifies the identity of the website, provides an https prefix, and a padlock icon in the browser bar to let the user know the site is secure.
Users now look for https and the padlock, particularly on e-commerce and financial service websites to be comfortable that their online information is secure, and that they are visiting a genuine website.
One point to note is that SSL has been replaced by Transport Layer Security (“TLS”), and both terms are used interchangeably, although TLS is the more correct term for the up-to-date protocol. TLS is an updated version of SSL, and there is no difference between them. They perform the same function. For convenience and familiarity, SSL is used here.
What is SSL?
SSL/TLS is a networking protocol that provides enhanced security over Internet connections. SSL is implemented by a website hosting an SSL certificate containing information about the website and using a one-time public/private key pair to encrypt traffic between the browser and the website. Certification allows the browser and website to confirm each other’s identity and prevent a browser from connecting to a counterfeit website. Encryption prevents snooping and theft of information in transit.
How to certify a website?
You can generate an SSL certificate yourself, but the certificate isn’t authenticated by a third party. Many websites don’t consider self-signed certificates as trustworthy. In extreme cases, they can drop the connection to the website.
The usual way is to use a certification authority, like HostSailor or Comodo, to generate and authenticate the certificate. HostSailor is a Comodo agent and offers the full range of Comodo certification products to complement your web hosting program.
The first step is to choose the type of certificate.
Certificates come in two main forms:
- Single site certification. This is certification of a single website, for example, acme.com; and
- Wildcard certification. This is certification of several websites with a common root site, for example, acme.com, shop.acme.com, mail.acme.com and so on.
There are also multi-domain certificates that act a b it like wildcard certificates, but also cover websites outside the root domain.
Comodo SSL Wildcards
As an example, consider Comodo Wildcard certification. Comodo provides certification at three levels, Domain Validation (DV), Organization Validation (OV), and Extended Validation (EV). All Comodo certificates from DV upwards provide:
- domain validation,
- unlimited server licenses, and
- strong SHA2 and ECC encryption.
- Major Browser and device compatibility.
All come with a warranty, free support and a Trust Logo.
The OV and EV options provide additional features such as organization name validation in the certificate and higher warranty amounts. The price for each is highly competitive.
The Comodo SSL Store
Buying an SSL certificate is done at the Comodo online store. The online store is operated by The SSL Store, a sister company to Comodo and also a subsidiary of DigiCert. It has several worldwide locations.
They offer highly competitive pricing, 24/7 support and the full range of Comodo certification products. There is also a partner program offering price advantages.
SSL Certificate Information via OpenSSL
OpenSSL has been available since 1998 as an implementation of the SSL and TLS protocols. It is open-source software, managed by the OpenSSL Software Foundation.
From time to time you may need to decode and see what information an SSL certificate holds, for example, expiration date or issuer. OpenSSL is a tool that can help you do this. Normally this requires some technical knowledge because OpenSSL is a command-line tool.
The certificate is normally held in a coded format, with the various components in specific positions in the coded stream. OpenSSL, asked politely, will decode the information.
Having said that, here is how to do it:
A Full Check
Type “openssl x509 -noout -text” on the command line.
The certification data, including issuer, validity, owner, and some other technical information is displayed on the command line.
An Issuer Check
Type “openssl x509 -noout -issuer”
Check to Whom the certificate is issued
Type “openssl x509 -noout -subject”
There are other subcommands for different pieces of information. Go here for more information.
Certifying a website is a no-brainer today. It is essential for a website to be seen without browser prompts about potential security violations that would scare away ;users.
Most, if not all managed service providers, including HostSailor, offer SSL as a part of their web hosting program. If you want more information about website hosting, or just to have a chat about website security, please contact us.