WIXLIB

Beginner's Guide to TLS/SSL CertificatesBeginner's Guide toTLS/SSL CertificatesMaking the best choice when consideringyour online security optionsi

Beginner's Guide to TLS/SSL CertificatesTable of contents1Introduction1What is a TLS/SSL certificate?1How does TLS/SSL encryption work?2How do I know that a site has a valid TLS/SSL certificate?3Where would I use a TLS/SSL certificate?3Different types of TLS/SSL certificates4Tech talk made simple4Conclusionii

Beginner's Guide to TLS/SSL CertificatesIntroductionWhether you are an individual or a company, youshould approach online security in the same way thatyou would approach physical security for your homeor business. Not only does it make you feel safer butit also protects people who visit your home, place ofbusiness, or website. It is important to understandthe potential risks and then make sure you are fullyprotected against them. In the fast-paced world oftechnology, it is not always easy to stay abreast ofthe latest advancements. For this reason it is wise topartner with a reputable Internet security company.2. Data encryption: The TLS/SSL certificate alsoenables encryption, which means that thesensitive information exchanged via the websitecannot be intercepted and read by anyone otherthan the intended recipient.In the same way that an identity document or passportmay only be issued by the country’s governmentofficials, an TLS/SSL certificate is most reliable whenissued by a trusted Certificate Authority (CA). The CAhas to follow very strict rules and policies about whomay or may not receive an TLS/SSL certificate. Whenyou have a valid TLS/SSL certificate from a trusted CA,there is a higher degree of trust by your customers,clients or partners.This guide will demystify the technology involved andgive you the information you need to make the bestdecision when considering your online security options.For a glossary of terms, please see “Tech talk madesimple” at the end of this document.How does TLS/SSLencryption work?What is a TLS/SSLCertificate?In the same way that you lock and unlock doors usinga key, encryption makes use of keys to lock and unlockyour information. Unless you have the right key, you willnot be able to “unlock” the information.Transport Layer Security (TLS) and its predecessorSecure Sockets Layer (SSL) are the most widely usedsecurity protocol today and are primarily used to servetwo specific functions:Each TLS/SSL session consists of two keys:1. Authentication and verification: The TLS/SSLcertificate has information about the authenticityof certain details regarding the identity of aperson, business or website, which it will displayto visitors on your website when they click on thebrowser’s padlock symbol or trust mark (e.g. theDigiCert Secured Seal or Norton Seal poweredby DigiCert). All that information was validatedby the Certificate Authority (CA) which issued theSSL certificate. There are various strengths ofvalidation available, which we'll cover later. The public key is used to encrypt (scramble) theinformation. The private key is used to decrypt (un-scramble)the information and restore it to its originalformat so that it can be read.TLS/SSL stands for “Secure Socket Layer.”It is a technology that establishes a securesession link between the visitor’s web browserand your website so that all communicationstransmitted through this link are encrypted andare, therefore, secure.1

Beginner's Guide to TLS/SSL Certificates!Would you send your privateinformation or banking details tosomeone on the back of a postcard?Not Secure I https://exampledomain!TLS/SSL creates a safe and privateYour connection is not privatechannel for you to communicate.However, a website that is secured with a TLS/SSL certificate will display “https:// ” before theaddress. This stands for “Secure HTTP.”The Process: Every TLS/SSL certificate that is issuedfor a CA-verified entity is issued for a specific serverand website domain (website address). When aperson uses their browser to navigate to the addressof a website with a TLS/SSL certificate, a TLS/SSLhandshake (greeting) occurs between the browserand server. Information is requested from theserver–which is then made visible to the person in theirbrowser window. You will notice changes to indicatethat a secure session has been initiated – for example,a trust mark will appear. If you click on the trust mark,you will see additional information such as the validityperiod of the TLS/SSL certificate, the domain secured,the type of TLS/SSL certificate, and the issuing CA.All of this means that a secure link is established forthat session, with a unique session key, and securecommunications can begin.2. You will also see a padlock symbol on the top orbottom of the Internet browser (depending onwhich browser you are using).3. Often, you will also notice a trust mark displayedon the website itself. DigiCertTM customersuse the DigiCert Secured Seal or Norton Sealpowered by DigiCert trust mark on their websites.When you click on the DigiCert or any Poweredby DigiCert trust mark, or the padlock symbol onthe page, it will display details of the certificatewith all the company information as verified andauthenticated by the CA.How do I know that asite has a valid TLS/SSL Certificate?4. By clicking the closed padlock in the browserwindow, or certain TLS/SSL trust marks suchas the DigiCert Secure Trust Seal or theNorton Secured Seal, the website visitor seesthe authenticated organization name. In moresecure browsers, the authenticated organizationname is prominently displayed and the addressbar or text may turn green when an ExtendedValidation (EV) TLS/SSL certificate is detected. Ifthe information does not match, or the certificatehas expired, the browser displays an errormessage or warning.1. A standard website without TLS/SSL securitydisplays “http:// ” before the website address inthe browser address bar. This moniker standsfor “Hypertext Transfer Protocol,” and is anon-secured way to transmit information overthe Internet. Most browsers today will show awarning to those visiting a webpage that doesnot have a TLS/SSL certificate installed correctlywhich can lead visitors to abandon the site.2

Beginner's Guide to TLS/SSL CertificatesWhere would I use aTLS/SSL Certificate? The short answer to this question is that you woulduse an TLS/SSL certificate anywhere that you wish totransmit information securely.Here are some examples: Securing communication between your websiteand your customer’s Internet browser. Securing internal communications on yourcorporate intranet. Securing information between servers (bothinternal and external). Securing information sent and received viamobile devices.A fully authenticated TLS/SSL certificateis the first step to true online security andconfidence building. Taking slightly longerto issue, these certificates are only grantedonce the organisation passes a number ofvalidation procedures and checks to confirm theexistence of the business, the ownership of thedomain, and the user’s authority to apply for thecertificate.All DigiCert TLS/SSL Certificates are fullyauthenticated. A domain name is often used with a number ofdifferent host suffixes. For this reason, you mayemploy a Wildcard certificate that allows you toprovide full TLS/SSL security to any host of yourdomain – for example, host.your domain.com(where “host” varies but the domain name staysconstant).Different types ofTLS/SSL Certificates Similar to a Wildcard certificate, but a littlemore versatile, the SAN (Subject AlternativeName) TLS/SSL certificate allows for more thanone domain to be added to a single TLS/SSLcertificate.There are a number of different TLS/SSL certificates onthe market today. Extended Validation (EV) TLS/SSL certificatesoffer the highest industry standard forauthentication and provide the best level ofcustomer trust available. When consumers visit awebsite secured with an EV TLS/SSL certificate,the address bar turns green (in some browsers)and a special field appears with the name of thelegitimate website owner along with the nameof the security provider that issued the EV TLS/SSL certificate. It also displays the name of thecertificate holder and issuing CA in the addressbar. This visual reassurance has helped increaseconsumer confidence in e-commerce. The first type of TLS/SSL certificate is a selfsigned certificate. As the name implies, this is acertificate that is generated for internal purposesand is not issued by a CA. Since the websiteowner generates their own certificate, it does nothold the same weight as a fully authenticatedand verified TLS/SSL certificate issued by a CA. A Domain Validated certificate is considered anentry-level TLS/SSL certificate and can be issuedquickly. The only verification check performedis to ensure that the applicant owns the domain(website address) where they plan to use thecertificate. No additional checks are done toensure that the owner of the domain is a validbusiness entity.3

Beginner's Guide to TLS/SSL CertificatesTech talkmade simpleConclusionTrust makes all the difference in the world of onlinebusiness. Investment in technology to protectcustomers and earn their trust is a critical successfactor for any company that does business onlineor hosts an e-commerce website. The effectiveimplementation of TLS/SSL certificates and correctplacement and use of trust marks are proven tools inthe establishment of customer trust.Encryption: Information is “scrambled” so that it cannotbe used by anyone other than the person for whom it isintended.Decryption: “Un-scrambling” information and put itback in its original format.Key: A mathematical formula, or algorithm, that is usedto encrypt or decrypt your information. In the same waythat a lock with many different combinations is moredifficult to open, the longer the length of the encryptionkey (measured in number of bits), the stronger theencryption.DigiCert is now the leading provider of TLS/SSLcertificates globally, helping to assure customers thatthey are safe from search to browse to buy and signin*. DigiCert secures more than one million web serversworldwide, more than any other CA.* DigiCert alsosecures over two-thirds of websites using ExtendedValidation TLS/SSL – including the biggest names ine-commerce and banking.* When you choose DigiCert,you can rest assured that your website and yourreputation are protected by the CA with a proven trackrecord and the most recognized trust mark on theInternet.Browser: A software program that you use to accessthe Internet. Examples include: Microsoft Edge; MozillaFirefox, Apple Safari, and Google Chrome.For more information, visit us athttps://resources.digicert.com/ssl-tls.*Includes DigiCert subsidiaries, affiliates, and resellers.4