Secure Sockets Layer (or SSL), is the standard security technology for encrypted links between a web browser and server. This link ensures that any data that is passed between the server – and the browser – is always encrypted and private.
What are SSL Certificates?
SSL certificates are small data files, which bind a cryptographic key to the company’s details, digitally. When SSL certificates are installed on the server, it activates a padlock and the https protocol. This will always allow a secure connection between the web server and a browser.
Who Can Issue SSL Certificates?
SSL Certificates can be issued by any person who is using certain types of software, such as Open SSL or Microsoft’s Certificate Services manager. These SSL certificates are considered “self-signed’ Certificates. The only problems with self-signed SSL certificates is that they cannot be trusted by customer’s browsers. While they will still encrypt the data, the customers’ browsers will display certain warning messages, in order to inform the user that the Certificate was not issued is not from a trusted certifying authority. It also states that the security certificate date is valid, however, the name on the security certificate is invalid or does not match the name on the site. This message will make customers weary of entering any type of personal information. To gain the trust of their customers, businesses should use trusted third party Certification Authorities that will use their trusted position to make a “trusted” SSL Certificate.
What is a Certification Authority?
The browsers and operating systems on all computers come with a list of trusted Certification Authorities already installed. It is known as the Trusted Root CA store. Since Netscape and Microsoft provide the major operating systems and browsers, they choose whether or not they are going to include the Certification Authority into the Trusted Root CA, and give trusted status. They also decide which organizations will get Certification Authorities. The only problem with that is that they have no way of knowing what sites can and cannot be trusted.
What Will a Certification Authority Before Issuing a Trusted SSL Certificate?
In order for a website to get an approved, trusted, SSL Certificate, they must be validated and approved. To be approved, companies must go through a two point validation process.
- The first step is to verify that the applicant owns, or has a legal right to use the domain name listed on the application.
- The second step is where it must be verified that the application is a legally accountable and legitimate business.
If a business or entity cannot prove the following, they will not get a trusted SSL Certificate.
SSL Certificates exist to protect computer users from entering websites that are unsafe. They are also issued to keep users from entering any personal information into websites that cannot be trusted. In order for a company to gain their customers’ trust, they should go through the SSL Certificate validation process.