Q: What is an SSL Certificate?
A: An SSL (Secure Socket Layer) Certificate is an accreditation granted to websites which are protected by an SSL protocol. Invented in 1994 by Netscape, the protocol began public life as SSL 2.0 and was upgraded a year later to become SSL 3.0; which addressed several vulnerability issues and introduced the certificate scheme we know today. With SSL software installed on the server which hosts the website, an SSL Certificate provides a level of comfort to visitors that any communications between them and the website is protected and secure from third party interference or interception.
Q: How do SSL Certificates work?
A: SSL Certificates work on varying levels of encryption; 40-bit, 56-bit, 128-bit and 256-bit. The higher the level of encryption, the more protection is afforded to the website. The encryption of data is a mathematical process which ‘scrambles’ all communications between parties, allowing only the website and the user to be able to decode the information as they both hold the “keys.”An easy way to think of how SSL Certificates work is to imagine them to be the equivalent of a padlock. The only people who can access what’s inside a locked container is by having the key to the padlock. With SSL protection, only the user and the website will hold keys.
Q: How do I know if a website I am using has an SSL Certificate?
A: There are various ways to tell if the website you’re browsing it protected by an SSL Certificate. Different retailers and internet browsers have different methods, but they share the same theme. Firstly, if you have the most up-to-date version of your browser; it should display security warnings when you visit a site which has no, or an expired, SSL certificate. Aside from this, there are three main ways to tell if the website has SSL protection:
- The URL of the website may change from http:// to https://
- In the URL bar, you may see a closed padlock symbol
- The URL bar may turn green and display the website/company name
Q: What is a DV SSL Certificate?
A: DV stands for Domain Validated/Validation. This is the least expensive of the SSL Certificates and as such affords the lowest level of assurance. A retailer will send an e-mail to the owner of the domain to ensure that they have access to the website, there are no checks performed on the business, company or individual who operates the website. DV SSL Certificates are suitable only for websites which don’t ask users for any information.
Q: What is an OV SSL Certificate?
A: OV stands for Organization Validated/Validation and can also sometimes be seen as BV (Business Validated/Validation.) This type of certificate affords a higher level of assurance as the retailer has not only done checks on ownership of the domain, but has also ratified the business, company or individual behind the website. Registered business name and contact details are checked, making websites protected by OV a safe place to exchange sensitive information.
Q: What is an EV SSL Certificate?
A: EV stands for Extended Validation and offers the highest level of assurance of all certificates. These certificates have a longer authentication period as the website has to submit to a number of security checks and audits. Website owners have to prove their legal identity, along with their physical presence and activity in the day-to-day operation of the website. They also have to prove that they have sole control over the domain, its employees and documents. Only Extended Validation certificates are granted the green address bar.
Q: What is a Wildcard SSL Certificate?
A: Wildcard SSL certificates are used to protect a top level domain and unlimited subdomains beneath it. Whilst this doesn’t necessarily afford any extra protection to the website visitor, it makes an owner’s job far easier in that they can manage the security of all sub-domains under one SSL product.
Q: Where should I buy my SSL Certificate from?
A: SSL Certificates are sold through a number of channels, from hosting and domain services to specialized SSL retailers. The price normally reflects the reputation of the retailer, with the most expensive products being those that are protected by a powerful brand which internet users will recognise and trust. The less expensive certificates can offer the same level of encryption and protection as certificates which cost up to ten times their price, but their retailer may not hold the same trust and authority.
Q: How do I purchase an SSL Certificate?
A: You can purchase an SSL Certificate by visiting the website of any sellers and retailers which offer the product. Once you’ve decided on which type you require, be sure to have all of the information required to complete the transaction. For DV Certificates, this might only be your payment information but for OV and EV Certificates, this can also include:
- Proof of Business Address
- Identifying Documents
- Character/Professional Reference
- Business Registration Details
- Full Contact Details
- …and more, depending on the retailer.