Solution – Website Security
Without an SSL/TLS certificate, your web server is susceptible to attack by hackers and is untrusted by web browsers. When a browser flags your site as untrusted, the users of your website will lose confidence in it.
A hacker may eavesdrop on the communication of your users with your website and harvest sensitive information shared with your users such as passwords, confidential user information and credit card information. Furthermore, the hacker may directly attack your users too through the injection of malware in the communication from your web server to the user.
The first step to secure your website is to install a digital certificate to provide end-to-end security between users and your website.
How it works
When a user initiates a secure session to your web server, the web server presents its digital certificate to the user’s browser to verify the identity of the website (authentication). Thereafter, an SSL/TLS handshake occurs between the browser and the web server whereby a shared session key is securely established for the session. This session key is used to encrypt all of the communication between the browser and the server for the duration of the session (confidentiality). Furthermore, data integrity is maintained throughout the session through the use of secure hash functions.
Benefits
- Support for most SSL/TLS capable web server and web proxy software including Microsoft IIS, Apache, NGINX, Tomcat, Blue Coat and others
- Allow clients to establish as secure connection to the server with the following assurances:
– The server’s identity is provides to the client (authentication)
– Optionally, the client can also identify itself to the server through the use of a digital certificate (mutual authentication) – this requires each client to be issued with a digital certificate
– All communication in the session between the client and server is encrypted to protect against eavesdropping (confidentiality)
– All communication in the session between the client and server is electronically signed (through the use of secure hash functions) to prevent against tampering (integrity) - Suitable for the transmission of sensitive transaction data (such as logins and/or credit card details) between the client and the server
- Conveys a high degree of trust to the users of your website
- Improves the ranking of your website in search engines
- Meets the de-facto standard for security required by modern web browsers
Process
| Step 1 | Choose your SSL/TLS product option |
| Step 2 | Login/register into your account |
| Step 3 | Complete your order and make payment online |
| Step 4 * | Generate your keys and certificate signing request (CSR) on your server and upload your CSR |
| Step 5 | Prove that you own the domain (through either web or email validation) |
| Step 6 | For organization validated (OV) certificates, additionally upload your supporting documents (certified or notarized copies) |
| Step 7 * | Your certificate will be issued; download and install it on your server |
* This step varies per server; refer to online support resources for assistance
Options
- Support for multiple validation options:
– Domain-validated (DV) certificate; and
– Organization-validated (OV) certificate - All DV and OV certificates available in Standard (single domain), SAN (multiple domain) and wildcard (unlimited subdomain) options
- Online self-service portal for order processing and full certificate life-cycle management (issuing, reissues, rekeys, revocation and renewals)
- Free UCC support for Microsoft sub-domains in certificates
- Free and unlimited certificate re-issues
- Free and unlimited rekeys
- Certificates valid for up to 2 years before renewal is required
Technical Specification
- RSA public-key support for key length 2048-bit and above
- Support for SHA-2 hash algorithm (256 bit)
- Digital certificate is fully compliant to X.509v3 specification
- Fully compatible with SSL v3.0, TLS v1.0, TLS v1.1, TLS v1.2 and TLS v1.3
- SSL Root Certificate embedded in Microsoft Root Certificate Store
- Embedding of SSL Root Certificate in Mozilla Root Store Program current in progress
- Support for both OCSP and CRL revocation checking mechanisms
- Further Google Chrome support:
– Certificate Transparency (CT) log integration
– OneCRL integration for certificate revocation status checking
Difference between DV SSL and OV SSL Certificate
| Domain SSL Certificate | Organization SSL Certificate |
|
|---|---|---|
| Validation level | Domain | Organization |
| Assurance level | Fast domain validation | Strong organization validation |
| Boosts search engine ranking | ico | ico |
| Proves domain ownership/control | ico | ico |
| Validates organization’s identity | ico | |
| Validates organization contact | ico | |
| Certificate contents | Domain Name | Domain Name Organization Name, City and Country |
| Timeframe for issuance | Within 1 hour | Within 1 day ** |
| Required documents *** | None | Company registration Proof of address Proof of identity (contact) Letter of authorization |
* Organization contact name, title and authority are validated
** Provided that all the required documents are submitted and the certificate signing request (CSR) has been generated and uploaded
*** All documents are required to be certified or notarized before uploading; failure to do so will cause a delay in processing and issuance of the certificate
Difference between Basic, Premium and Wildcard Certificate
| Standard Certificate | Premium Certificate | Wildcard Certificate | |
|---|---|---|---|
| Domains protected | 1 domain | Multiple Domains * |
Unlimited sub-domains |
| UCC support ** | ico | ico | ico |
| Consolidate multiple domains into a single certificate | ico | ||
| Protect a domain and all its subdomains | ico | ||
| Suitable for load balancing | ico |
* Available in additional 5, 10 or 15 SAN (domain) options
** www, owa, mail and autodiscover sub-domains included for free
