| |
|
|
 |
|
| |
|
|
| |
|
 What
is SSL?
What
does SSL mean to me, the Internet user?
Why
do I need SSL?
Who
uses SSL today?
What
is a Certificate Signing Request (CSR)?
What
are the roles of SLL?
Why
is SSL important?
What
is a Digital certificate?
What
are authentication and encryption?
What's
the difference between a 40-bit SSL connection and a 128-bit SSL connection?
How
can I tell if my web browser has 128-bit encryption?
Which
type of SSL is right for my site?
What
is Server-Gated Cryptography (SGC)?
What
is Public Key Infrastructure (PKI)?
What
is a Certificate Authority (CA)?
Can
I secure multiple servers with a single certificate?
How
do I download the VeriSign Secured Seal for my Web site?
Is
128-bit SSL encryption really stronger than 40-bit SSL encryption?
What
level of encryption do I need for my Web site?
A
lot of companies advertise 128-bit certificates, but they don't have SGC. What
is the difference between VeriSign's SSL Certificates and those
of other providers?
What
do I need to know about Windows 2000 and 128-bit encryption?
Do
VeriSign's SSL Certificates work with all browsers?
What
is Extended Validation SSL?
What
is the Extended Validation Standard?
How
will Extended Validation SSL increase consumer confidence?
What
are the benefits of Extended Validation SSL to Web site owners?
Who
is eligible to receive an EV SSL Certificate?
Definitions
SSL
Encryption
SGC
Warranty
Green
Address Bar
Extended
Validation
Authentication
Revocation
and Replacement
Licensing
Usage
Browser
Compatibility
Validity
Period
|
| |
|
What
is SSL?
SSL = Secure Socket Layer.
|
| |
 |
| |
|
What
does SSL mean to me, the Internet user?
When you come across a web page that is secured, your browser will likely
display a 'closed lock' or other symbol to inform you that SSL (standing Secure
Sockets Layer) for has been enabled. The web site address should also now start
with "https://" rather than the usual "http://".
In a nutshell, SSL allows a secure connection between your web browser and a
web server. This secure information 'tunnel' was developed by Netscape
Communications and was based on encryption algorithms developed by RSA
Security. SSL is being widely adopted by numerous companies for other
client/server uses other than web surfing.
The main role of SSL is to provide security for Web traffic. Security includes
confidentiality, message integrity, and authentication. SSL achieves these
elements of security through the use of cryptography, digital signatures, and
certificates. Because SSL is built into all major browsers and Web servers,
simply installing a digital certificate, or Server ID, enables SSL
capabilities.
|
| |
|
| |
|
Why
do I need SSL?
If you are transmitting sensitive information on a web site, such as credit
card numbers or personal information, you need to secure it with SSL
encryption. It is possible for every piece of data to be seen by others unless
it is secured by an SSL server certificate. Your customers won't trust your web
site without it.
|
| |
|
| |
|
Who
uses SSL today?
Most all web-based online purchases and monetary transactions are now secured
by SSL. When you submit your credit card to purchase a compact disk from CDNOW,
for example, the order form information is sent through this secure tunnel so
that only the folks at CDNOW can view it. You may also be familiar with online
banking. Financial institutions use SSL to secure the transmission of your PIN
number and other confidential account data.
|
| |
|
| |
|
What
is a Certificate Signing Request (CSR)?
The CSR is a string of text generated by your server software. You provide this
string of text to VeriSign during the enrollment process. To generate a CSR for
Global Server ID or Secure Server ID, you will need to know what kind of server
software is running on your Web server.
|
| |
|
| |
|
What
are the roles of SSL?
SSL has two distinct entities, server and client. The client is the entity that
initiates the transaction, whereas the server is the entity that responds to
the client and negotiates which cipher suites are used for encryption. In SSL,
the Web browser is the client and the Web-site server is the server.
|
| |
|
| |
|
Why
is SSL important?
SSL is vital to Web security. It provides a strong sense of confidentiality,
message integrity, and server authentication to users. The business of
e-commerce is tied closely to consumer confidence in the operation of SSL
across the net. In the future, SSL termination devices will be able to handle
more transactions at a faster rate. The encryption of key lengths and the
cipher suites used will also continue to evolve in order to ensure the security
of sensitive information over the Web. This way, e-commerce will be able to
continue to grow in popularity as users grow more confident in shopping and
banking online, and embracing new online applications.
|
| |
|
| |
|
What
is a Digital certificate?
Well, think of the digital certificate as the key to starting the SSL engine.
Maybe more like a driver's license. It's just an identification card that the
server uses to prove that it is who it says it is.
Digital Certificates are issued by Certificate Authorities (CA). This is where
it gets tricky, because anyone with the right software can be a certificate
authority, just like anyone can make a piece of paper that says it's a driver's
license. But just as only the state government can issue a license that a
police officer will accept, there are certain trusted CA's that your web
browser will accept (such as VeriSign, Inc.). Of course, you can tell your web
browser to accept other CA's if you want to. In this case, you're the police
officer that's accepting these certificates, so you should accept certificates
from sources you trust.
Also note that, just like the SSL connection itself, a digital certificate does
not vouch for the integrity of the company it is issued to. Be wary of who you
send your credit card information to, regardless of if the connection is secure
or not.
|
| |
|
| |
|
What
are authentication and encryption?
SSL server authentication allows users to confirm a Web server's identity.
SSL-enabled client software, such as a Web browser, can automatically check
that a server's certificate and public ID are valid and have been issued by a
certificate authority (CA) listed in the client software's list of trusted CAs.
SSL server authentication is vital for secure e-commerce transactions in which
users, for example are sending credit card numbers over the Web and first want
to verify the receiving server's identity.
An encrypted SSL connection requires all information sent between a client and
a server to be encrypted by the sending software and decrypted by the receiving
software, protecting private information from interception over the Internet.
In addition, all data sent over an encrypted SSL connection is protected with a
mechanism for detecting tampering - that is, for automatically determining
whether the data has been altered in transit. This means that users can
confidently send private data, such as credit card numbers, to a Web site,
trusting that SSL keeps it private and confidential.
|
| |
|
| |
|
What's
the difference between a 40-bit SSL connection and a 128-bit SSL connection?
Many banks require 128-bit encryption for online banking because 40-bit
encryption is considered to be relatively weak. 128-bits is about 309
septillion times ( 309,485,000,000,000,000,000,000,000 ) larger than 40-bits.
Equated to the real world, sending information without encryption is like
sending a postcard through the mail - the contents are visible to practically
anyone who wants to see it. Using this analogy, 40-bit encryption is like
sending the information in an plain white envelope. 56-bits could then be
equated to using a security envelope that is printed to prevent it from being
see-through. Relative to these strengths, 128-bit encryption could be compared
to encasing your data in a lead-lined, 12-inch thick titanium safe that is
being transported by an armored tank with a convoy of a hundred armed guards.
In other words, 128-bits is considerably more secure than 40.
|
| |
|
| |
|
How
can I tell if my web browser has 128-bit encryption?
Most newer browsers now support a variety of SSL bit strengths. This ensures
that the browsers are fully compatible with most all web servers and digital
certificates, which were also shipped worldwide at lower encryption strengths.
If you have an older browser you downloaded without filling out an brief
residency confirmation form, you likely have the 40 or 56-bit version. Check
your browser's encryption preferences to see what strengths you have available.
You can also try Fortify.net's SSL test page for a readout of what strengths
your browser supports.
|
| |
|
| |
|
Which
type of SSL is right for my site?
40-bit SSLs are ideal for security-sensitive intranets, extranets, and
low-volume Web sites. 128-bit SSLs are the standard for large-scale online
merchants, banks, brokerages, health care organizations, and insurance
companies worldwide..
|
| |
|
| |
|
What
is Server-Gated Cryptography (SGC)?
U.S. government restrictions on U.S. vendors prevented the export of “strong”
cryptography several years ago. As a result, many people purchased computers or
downloaded export version browsers supporting only 40- or 56-bit SSL
encryption. Microsoft developed "Server Gated Cryptography" ("SGC") and
Netscape developed "step-up" technology to enable 128-bit SSL encryption with
export browser versions. SGC allows users with an export version browser to
temporarily step-up to 128-bit SSL encryption if they visit a Web site with an
SGC-enabled SSL Certificate. Without an SGC certificate on the Web server, Web
browsers and PCs that do not support 128-bit strong encryption will receive
only 40- or 56-bit encryption.
|
| |
|
| |
|
What
is Public Key Infrastructure (PKI)?
Public Key Infrastructure is the network security architecture of an
organization. It includes software, encryption technologies, and services the
enable secure transactions on the Internet, intranets, and extranets.
|
| |
|
| |
What
is a Certificate Authority (CA)?
When VeriSign issues an SSL Certificate, we act as a Certificate
Authority (CA). VeriSign digitally signs each certificate we issue. Each
browser contains a list of CAs to be trusted. When the SSL handshake occurs,
the browser verifies that the server certificate was issued by a trusted CA. If
the CA is not trusted, a warning will appear. When high security browsers
recognise an Extended Validation SSL Certificate, they display the name of the
CA next to the browser bar. VeriSign is one of the most trusted CAs on the
Internet. (See VeriSign Secured Seal Research Review.) The VeriSign Trial Root
CA is for testing purposes only and is not included in any browser's trust
list.
|
| |
|
| |
Can
I secure multiple servers with a single certificate?
The VeriSign subscriber agreement prohibits customers from using
a certificate on more than one physical server or device at a time, unless the
customer has purchased the Licensed Certificate Option. When private keys are
moved among servers-by disk or by network-accountability and control decrease,
and auditing becomes more complex. By sharing certificates on multiple servers,
enterprises increase the risk of exposure and complicate tracing access to a
private key in the event of a compromise. VeriSign's licensing policy allows
licensed certificates to be shared in the following configurations: redundant
server backups, server load balancing, and SSL accelerators. See Licensing
VeriSign Certificates: Securing Multiple Web Server and Domain Configurations
for more information.
|
| |
|
| |
How
do I download the VeriSign Secured Seal for my Web site?
The VeriSign Secured Seal is available for display on any Web
page within a domain secured by a VeriSign SSL Certificate. Whether you are a
new or existing customer, you can download and install the VeriSign Secured
Seal on your server. A JavaScript verifies your common name and displays the
seal. When site visitors click on the seal, they receive a dynamically
generated verification page specific to your certificate. The Secured Seal may
take up to 2 hours to display the first time you install it for any given
common name.
|
| |
|
| |
Is
128-bit SSL encryption really stronger than 40-bit SSL encryption?
Absolutely. When an SSL handshake occurs between a client and
server, a level of encryption is determined by the browser, the client computer
operating system, and the SSL Certificate. Low-level encryption, 40 or 56 bits,
is acceptable for sites with low-value information. However, a hacker with the
time, tools, and motivation can crack the code in a matter of minutes.
High-level encryption, at 128 bits, can calculate 288 times as many
combinations as 40-bit encryption. That's over a trillion times a trillion
times stronger. That same hacker with the same tools would require a trillion
years to break into a session protected by an SGC-enabled certificate.
|
| |
|
| |
What
level of encryption do I need for my Web site?
Best security practices are to install a unique certificate on
each server and choose true-128-bit or better encryption by purchasing an
SGC-enabled SSL Certificate. A unique certificate keeps your private keys
protected, and an SGC-enabled certificate ensures that every site visitor, no
matter what browser or operating system they use, connects at the highest level
of encryption their system is capable of. The level of protection needed should
be based on the value of your information and the perception of your customers.
You need 128-bit or better encryption if you process payments, share
confidential data, or collect personally identifiable information such as
social security or tax ID number, mailing address, or date of birth. You need
128-bit or better encryption if your customers are concerned about the privacy
of the data they send to you.
|
| |
|
| |
A
lot of companies advertise 128-bit certificates, but they don't have SGC. What
is the difference between VeriSign's SSL Certificates and those of other
providers?
Non-SGC SSL Certificates provide a minimum of 40-bit and up to
256-bit SSL encryption. Site visitors using certain older browsers and many
Windows 2000 systems using Internet Explorer will only receive 40- or 56-bit
encryption unless they're connecting to an SGC-enabled SSL Certificate.
VeriSign is the leading SSL provider of SGC-enabled SSL Certificates, enabling
128- or 256-bit encryption for over 99.9% of Internet users. (SGC: Strongest
SSL Encryption.)
|
| |
|
| |
What
do I need to know about Windows 2000 and 128-bit encryption?
Many Windows 2000 systems using Internet Explorer will fail to
step up to 128 bits unless they connect to an SGC-enabled certificate, even if
they're using the most current version of Internet Explorer. VeriSign is the
leading SSL provider of SGC-enabled SSL Certificates, enabling 128- or 256-bit
encryption for over 99.9% of Internet users. (SGC: Strongest SSL Encryption.)
|
| |
|
| |
Do
VeriSign's SSL Certificates work with all browsers?
VeriSign's SSL Certificates work with virtually every Web
browser that ever shipped and all popular Web browsers used since 1996.
VeriSign SSL Certificates offer the highest browser compatibility achieved by
any SSL Certificate. However, many browsers will not be able to connect at
128-bit encryption unless there is an SGC-enabled certificate on the server.
Many millions of Internet users worldwide still use these browsers. (SGC:
Strongest SSL Encryption.) Certain Internet Explorer browser versions from 3.02
to 5.23 and Netscape browser versions from 4.02 to 4.72 will fail to use
128-bit encryption unless connecting to SGC-enabled certificates. Internet
Explorer versions prior to 3.02 and Netscape versions prior to 4.02 are not
capable of 128-bit encryption with any SSL Certificate.
|
| |
|
| |
What
is Extended Validation SSL?
Extended Validation SSL Certificates give high security Web
browsers information to clearly identify a Web site’s organizational identity.
For example, if you use Microsoft® Internet Explorer 7 to go to a Web site
secured with an SSL Certificate that meets the Extended Validation Standard,
IE7 will cause the URL address bar to turn green. A display next to the green
bar will toggle between the organization name listed in the certificate and the
Certificate Authority (VeriSign, for example). Firefox and Opera have announced
their intention to support Extended Validation SSL in upcoming releases. Older
browsers will display Extended Validation SSL Certificates with the same
security symbols as existing SSL Certificates.
|
| |
|
| |
What
is the Extended Validation Standard?
To purchase a Extended Validation SSL Certificate, an
organization has to go through a validation process that meets the Extended
Validation Standard established by the CA/Browser Forum (soon to be released).
In addition to confirming domain name ownership, the process will likely
include authenticating the authority of the contact person requesting the
certificate, verification of the business with government or third party
business registries, and other methods.
|
| |
|
| |
How
will Extended Validation SSL increase consumer confidence?
As people use the Web for commerce, business, and social
activities, they share personal and confidential information. High profile
incidents of fraud and phishing scams have made Internet users very concerned
about identity theft. Before they enter sensitive data, they want proof that
the Web site can be trusted and their information will be encrypted. Without
it, they might abandon their transaction and do business elsewhere. High
security browsers and Extended Validation SSL Certificates provide third-party
verification using a visual display that gives consumers confidence and builds
trust in e-commerce.
|
| |
|
| |
What
are the benefits of Extended Validation SSL to Web site owners?
A High Assurance SSL Certificate helps your visitors’ complete
secure transactions with confidence and puts your organization in a leadership
position. If your site has the ?green bar? in IE 7 and your competitor’s site
does not, you appear to be more trusted and more legitimate. That’s a
competitive advantage in the world of e-commerce. For businesses with a high
profile brand, using Extended Validation SSL is an effective defense against
phishing scams. When customers see the green bar and other displays of trust,
they can interact with you online, with confidence.
|
| |
|
| |
Who
is eligible to receive an EV SSL Certificate?
The CA/ Browser Forum dictates what kinds of entities are
eligible to obtain EV Certificates. The following entities are eligible
provided they are currently registered with and approved by an official
registration agency in their jurisdiction. The resulting charter, certificate,
license or equivalent must be verifiable through that registration agency.
• Government agencies
• Corporations
• General partnerships
• Unincorporated associations
• Sole proprietorships
The employment and authority of the person placing the certificate order must
be verifiable. These business entities need to have a confirmable physical
existence and business presence. Any assumed business names should be
verifiable. A principal individual associated with the business must be
validated and that person must confirm agreement to the certificate subscriber
agreement. The entity cannot be located in a country where VeriSign is
prohibited from doing business or listed on any government prohibited list such
an embargo restriction.
|
| |
|
| |
Definitions
SSL
Encryption - SSL Certificates bind an identity to a pair of
electronic keys that can be used to encrypt and sign digital information. When
an SSL handshake occurs between a client and server, a level of encryption is
determined by the client browser, the client operating system, the server
configuration, and the SSL Certificate. Millions of Internet users worldwide
still use browsers that will not step up to 256-bit encryption unless there is
an SGC-enabled certificate on the server. VeriSign is the leading SSL provider
of SGC-enabled SSL Certificates, enabling 128- or 256-bit encryption to over
99.9% of Web site visitors.
SGC
- Server-Gated Cryptography. Verisign testing results have shown that when
using SGC certificates, virtually all combinations of Windows operating system,
Internet Explorer and server are able to step up to 128-bit encryption, i.e.
utilize its full potential.
Warranty
- VeriSign SSL Certificates are covered by the NetSure Protection Plan with up
to $250,000 in warranty protection. NetSure protects certificate holders
against certain losses resulting from breach by VeriSign of the warranties
included in your VeriSign SSL Certificate.
Green Address Bar - Internet browsers that support the Extended
Validation Standard make it easy to see that a site is secure. When users
navigate to a Web site secured by an Extended Validation (EV) SSL Certificate,
the address bar turns green. In addition, the name of the organization listed
in the certificate and the security vendor appear next to the address, giving
users an easy way to confirm the identity of the site. Microsoft® Internet
Explorer 7 is the first browser to adopt the new standard.
Extended Validation - In 2006, a group of leading SSL Certificate
Authorities (CAs) and browser vendors approved standard practices for
certificate validation and display called the Extended Validation Standard. To
issue an SSL certificate that complies with the standard, a CA must adopt the
extended certificate validation practice and pass a WebTrust audit. The
Extended Validation process requires the CA to authenticate the certificate
applicant's domain ownership and organizational identity, as well as the
individual approver's employment with the applicant, and authority to obtain
the Extended Validation SSL Certificate.
Authentication - VeriSign applies the industry's most rigorous
authentication methodology to protect your brand identity and your site
visitors' online experience. Prior to issuing your SSL Certificate, VeriSign
verifies the existence of your business, the ownership of your domain name, and
your authority to apply for the certificate. The validation practice for
Extended Validation (EV) SSL Certificates also requires confirmation that the
requestor has the authority to purchase the certificate on behalf of the
company and the company's physical address. Our authentication procedures
undergo annual independent SAS 70 Type II audits and are WebTrust certified.
Revocation
and Replacement - VeriSign will replace your SSL Certificate
within 30 days of issuance at no cost. A replacement fee applies after 30 days.
A replacement SSL Certificate must have the exact same Distinguished Name as
the original certificate.
Licensing
- If you have multiple servers hosting a single domain, you can secure all of
them with a single certificate licensed for up to 5 servers. VeriSign's
licensing policy contains provisions for sharing certificates in multiple
server configurations for redundant server backups, server load balancing, and
SSL accelerators. Usage - SSL Certificates enable encryption
across the Internet, intranets, and extranets. They are installed on Web
servers, mail servers, e-commerce sites, and FTP sites - wherever customers,
employees, or other users provide sensitive information or log on to an
account.
Usage
– SSL Certificates enable encryption across the Internet, intranets, and
extranets. They are installed on Web servers, mail servers, e-commerce sites,
and FTP sites - wherever customers, employees, or other users provide sensitive
information or log on to an account.
Browser
Compatibility - VeriSign SSL Certificates are compatible with
virtually every browser in use today. SGC-enabled SSL Certificates enable every
site visitor to connect at the strongest SSL encryption available to them.
Microsoft Internet Explorer 7 supports Extended Validation SSL. Firefox and
Opera have announced their intention to support Extended Validation SSL in
upcoming browser releases.
Validity Period
- VeriSign offers 1-, 2-, and 3-year SSL Certificates, which may be renewed
within 90 days of expiration. To ensure uninterrupted service, renew at least
30 days before the expiration date. You will not lose the remaining validity
period of the existing certificate by renewing early. To reduce costs and
management time, VeriSign recommends multi-year certificates. (SSL Certificates
with EV are available with 1- or 2-year validity periods).
|
| |
|
| |
|
|
|
|
 |
| Choose Your Country |
|
|
| |
|
|
|
|
|