New to SSL? No problem! The following are some question and answers pertaining to SSL’s and why they’re important.
Q: What is SSL?
A: Secure Sockets Layer (SSL) is a protocol for enabling data encryption and site authentication on the Internet. Credit card numbers, health details and other sensitive information is transmitted only after being converted into a secure code. Domain authentication reassures site users that they’re interacting with the site identified in the URL bar. Without SSL, online transactions would be vulnerable to interception by unauthorized parties. These hackers or identity thieves could also more easily imitate a legitimate website. SSL is most commonly used to protect communications between web browsers and servers. However, it is also used for server-to-server communications and for web-based applications.
Q: What is a Wildcard SSL certificate?
A: A Wildcard SSL certificate provides the same encryption and authentication features as other SSL certificates. However, a Wildcard certificate can also be applied to unlimited subdomains of a site. Some sites utilize subdomains like blog.mysite.com. A Wildcard SSL certificate supports the root domain (mysite.com) as well as its subdomains.
Q:What is a Domain Validated (DV) SSL certificate?
DV certificates only need the Certificate Authority to verify that the user requesting the certificate owns and administers the domain. Visitors will see a lock icon in their address bar, but no specific information about the owner.
Q:What is a Organization Validated (OV) SSL certificate?
OV certificates require a Certificate Authority to confirm the business making the request is registered and legitimate. When visitors click the green lock icon in their browser, the business name is listed.
Q:What is a Extended Validation (EV) SSL certificate?
EV certificates require even more documentation for the Certificate Authority to validate the organization. Visitors will see the name of the business inside the address bar (in addition to clicking the lock icon).
Q: What is a certificate authority?
A: Companies that issue SSL certificates are known as certificate authorities. The protection provided by an SSL certificate is only as good as the company that stands behind it. Web browsers like Firefox and Chrome maintain a list of trusted certificate authorities. If your site serves up one of these trusted certificates, the browser will recognize it as secure.
Q: How long are SSL certificates valid?
A: Our SSL and Wildcard SSL certificates can be purchased for terms of 1-3 years. You can then renew the certificate.
Q: How long does enrollment take and howsoon will I be able to secure my site?
A: An SSL certificate may be issued within minutes of submitting your enrollment information as long as the information is correct, and the authorized administrator responds promptly to the confirmation email.
Q: What is domain control validation?
A: Cherry Host (email originates from Cherrywood Technologies, Inc.) will confirm domain control by sending an email to the administrator listed with the registrar for the domain. If the authorized administrator does not reply, a second email will be sent to an email address at the domain such as info@ or support@. (You may select a secondary email address during the enrollment process.) In addition to validation by email, you will be asked to provide a telephone number where you can be reached immediately after submitting your enrollment. If everything checks out, the SSL certificate is issued.
Q: What is data encryption and why are there different levels?
A: Encryption is a mathematical process of coding and decoding information in order to keep data secure while traveling between computers. If raw, unencrypted data is sent, anyone who intercepts the information can easily understand it. The number of bits (40-bit, 56-bit, 128-bit, 256-bit) tells you the size of the key. Like a longer password, a larger key has more possible combinations. When an encrypted session is established, the encryption level is determined by the capability of the web browser, SSL certificate, web server, and client computer operating system.
Q: How do visitors know if a website isusing SSL?
A: When a browser connects to a secure site it retrieves its SSL certificate and checks that it has not expired, that it has been issued by a certificate authority the browser trusts, and that it is being used by the website for which it has been issued. If it fails on any one of these checks the browser will display a warning to the end user. If it succeeds, several security indicators are built into modern browsers to indicate that SSL is enabled.
- The beginning of the URL or web address changes from http:// to https://
- A padlock on the browser window changes from open to closed
- The address bar will turn green and display the name of the website owner when connecting to a website protected by an Extended Validation SSL certificate.
Q: What does browser recognition mean?
A: When a browser or operating system encounters an SSL certificate, it checks to make sure that the certificate is valid and trusted. An SSL certificate is trusted if the browser contains a corresponding pre-installed root certificate. If a browser does not contain the root certificate, a security warning will alert the end user.
Q: What is a public/private key pair?
A: SSL uses unique cryptographic key pairs: each key pair consists of a secret private key and a related public key. Information encrypted with a public key can only be decrypted with the corresponding private key, and vice-versa.
Q: What is a certificate signing request or CSR?
A: A CSR is a public key that you generate on your server according to your server software instructions. If you do not have access to your server, your web host or internet service provider will generate it for you. The CSR is required during the SSL certificate enrollment process because it validates the specific information about your web server and your organization.
Q: What is the difference between a commercial SSL and a free SSL certificate?
A: Commercial (paid) SSL certificates are a decent option for many website owners. Paying a certificate authority through Cherry Host will give you the benefits of technical support from multiple organizations. The encryption level is the same as with free SSL certificates. On the flip side free SSL certificates are provided through the Let’s Encrypt– an open collaboration between a number of global organizations focused on making SSL certificates accessible to all website owners. (Cherry Host provides free SSL’s using Let’s Encrypt for all of our cPanel hosting accounts.) SSL certificates created using Let’s Encrypt can be brought to the attention of Cherry Host staff but their are no other paid techs that will provide support.
The key differentiation will come in the level of support you get. Paid certificates receive the benefit of having technicians of not just Cherry Host on hand but of the company that authorizes the cert as well.