Secure Socket Layer or SSL is a separate security protocol used by web browsers and web servers to help the user protect their personal data on a website. The SSL certificate contains a "public" and a "private" key, which automatically verifies and encrypts the information. When the user visits a website with an SSL certificate enabled, the server uses the "public" key to provide an encrypted connection to the browser. When the certificate is valid, the browser automatically "confirms" that the issuer of the certificate has been verified and the website visited is secure. This process is called a handshake.
Encryption is a complex mathematical process in which information is encoded and decoded. Encryption ensures that the information is encrypted during its transmission and so only its recipient can decode it. The number of bits in a certificate (40 bit, 56 bit, 128 bit, 256 bit) shows you the size of the key used for encryption. The bigger the key, the bigger the password and the more possible decryption combinations. To demonstrate the security that SSL certificates provide, we will give you the number of possible combinations for a 128-bit certificate - it provides several trillion possible combinations for decryption. You can estimate that it will take a potential hacker about a trillion years to decrypt a session encrypted with an SSL certificate.
All SSL certificates are issued based on the name of the client who ordered the certificate, his address, telephone and e-mail address. The SSL certificate is also issued based on the domain on which the website is located. This means that this certificate is valid only for this domain.
Absolutely all SSL certificates are issued based on the domain on which a website is hosted. What can we do if we have multiple subdomains on this website and want them to use an SSL certificate as well? That is why the Wildcard certificate was introduced - it is valid for all subdomains of a website.
When you visit a website, your browser automatically starts retrieving its SSL certificate and makes several checks required for each certificate - whether the certificate has expired and whether it was issued by a certification authority that the browser "trusts". If one of these checks fails, the browser will issue a warning to the visitor. If the test is successful, we can test several security metrics that are built into modern browsers:
- The beginning of the web address changes from http: // to HTTPS: // .
- A padlock lock icon appears in the address bar of the website.
- The color of the address field will change to blue or green, depending on which certificate is installed and which browser is used.
The short answer to this question is YES. Higher class certificates work on the basis of more advanced technologies, which makes them much more secure. Most certification companies use technology to prevent malware and malware on your website.
EVs are certificates with extended validation. In 2006, the CA / Browser Forum, a group of leading certificate vendors and browser developers (CA) or Certificate Authorities (CAs), approved several standard guidelines for issuing and validating EV certificates. . Thus, the way the EV certificate is displayed has been changed so that the visitor can more easily recognize that this website has a higher standard of security. These certificates are displayed with an additional green bar, which distinguishes them from other certificates, which are displayed in plain blue or green at the address.
With such a certificate, owners can protect themselves from counterfeiters who want to steal their brand and customers.
It is important to know that EV certificates with a green ribbon can only be issued to legal entities. In addition to the standard data required for issuing a certificate, documents from the person representing the company or the company with which their registration is proved.
Documents must be entirely in English. A full description of the requirements can be found below:
1. The institutions that can purchase and apply for an EV certificate are the following:
- Government organizations
- Firms and companies
- Sole Merchants
- Non-profit organizations
- Affiliate companies
The documents required to issue the SSL certificate must include the following:
- Company or organization registration number
- Date of incorporation of the company or organization
- Address of the organization or company (or the address of the official who registers the SSL certificate)
- The organization or company must have been registered more than 3 years ago
- The verification of the organization is additionally carried out by verification on a bank account
2. Requirements for the domain on which the SSL certificate will be installed:
- To qualify for an EV SSL certificate, a domain must be registered in the name of the company or organization
- If the domain has Whois privacy protect enabled, this option should be disabled
- During domain verification, the organization issuing the certificate (GeoTrust, VeriSign or Sectigo) will require a voice check by calling the domain owner.
3. Requirements from the person requesting the SSL certificate:
- The official involved in the verification process must be employed by the same company
- The person is authorized to verify the EV certificate by the company or organization
- Additional documents need to be filled in, which must then be notarized
- Formal opinion from the company or organization
4. As an additional check for the organization, a telephone check with a responsible person of this organization is required. The telephone check is carried out directly by the issuing authority. During the telephone check, you will be required to do the following:
- The name of the person requesting the certificate
- EV certificate approval
- Compliance with the general conditions provided by the issuing authority
The red address bar ( https: // indicates that not all links on your website are encrypted. This color does NOT indicate that the SSL certificate is not installed correctly. To see the certificate in its normal green or blue color, you need to set up all the links on your website to exit through the https: // protocol, not through the normal http: //. Most CMSs, for example, have an option in the admin panel that allows you to quickly switch to this mode.
Copyright © 2020 Tous droits réservés
Worldwide (English)
Romania (Romanian)
Spain (Spanish)
Germany (German)
France (French)
Bulgaria (Bulgarian)
Indonesia (Indonesian)
Portugal (Portuguese)
South Africa (Zulu)
Positive SSL 
Instant SSL 
Premium SSL 
Essential SSL