WIXLIB

GlobalSign SSL Secure Server CertificatesUnderstanding the basics of SSL CertificatesGLOBALSIGN WHITE PAPERGMO GlobalSign Inc.www.globalsign.com

GLOBALSIGN WHITE PAPERCONTENTSIntroduction . 3What is SSL? . 3What is an SSL Certificate? . 3When should SSL be used? . 4Types of SSL Certificate . 4Domain Validated (DV) SSL . 4Organization Validated (OV) SSL . 5Extended Validation (EV) SSL . 5GlobalSign Certificate Features. 5Why choose GlobalSign over other SSL Providers? . 6Where are GlobalSign SSL Certificates available? . 6Directly from our Websites . 6Enterprise Solutions . 6Reseller Partner Solutions . 6Inquire About GlobalSign’s SSL Solution . 7About GlobalSign . 7

GLOBALSIGN WHITE PAPERINTRODUCTIONWHAT IS AN SSL CERTIFICATE?SSL (Secure Sockets Layer) is a widely used securityprotocol that most web servers use to ensure a securemachine to machine connection over an unsecurenetwork such as the Internet. From a businessperspective, using SSL can seem overly complicated andchoosing the most suitable type of SSL Certificate for abusiness’s requirements, whether an internal network orexternal website can confuse many, even experienced ITprofessionals. This white paper will enlighten readers ofthe features and benefits of using SSL and details thedifferent types of certificates available and when eachtype is most appropriately used. It also aims to reassurereaders that SSL is not as complicated as it hashistorically been made out to be and with GlobalSign,SSL management is actually rather easy!SSL is a protocol and an SSL Certificate is required inorder to be able to access and use the protocol. An SSLCertificate is a small data file issued by one of a limitednumber of trusted Certificate Authorities (CAs), such asGlobalSign, that digitally bind a cryptographic key to anorganizations corporate details. Such details can includedomain, server or host name, company name andlocation and in some cases organizational contactdetails.WHAT IS SSL?The Secure Sockets Layer (SSL) along with TransportLayer Security (TLS) is the most widely used securityprotocol today. Essentially, it provides a secure channelbetween two machines operating over the Internet or aninternal network. We typically see SSL in use when aweb browser needs to securely connect to a web serverover the unsecure Internet.The key success of SSL is the simplicity to the end user.Technically, SSL is a transparent protocol, which requireslittle interaction from the end user when establishing asecure session. In the instance of a browser, the enduser is alerted about the use of SSL as they will be ableto see a yellow padlock, or in the case of ExtendedValidation SSL, the address bar displays both a padlockand turns the address bar green, as well as the URLdisplaying as HTTPS. Websites as standard will useHTTP, which is unsecure in its nature and subject toeavesdropping attacks, which if critical information likecredit card details and account logins are transmitted,can give attackers access to online accounts andsensitive information, consequently leading to fraud oreven identity theft.SSL growth is driven by a number of factors, such asincreased online shopping, but also from a number ofother web services and applications now requiringbrowser-based security. At present the SSL market iscontinuing to grow with 25% global growth year on year,but interestingly, approximately only 2% of all websitesworldwide currently USE an SSL Certificate, but arguablya lot more actually NEED an SSL Certificate.Organizations need to install the SSL Certificate ontotheir web servers to initiate SSL sessions with browsers.There are varying levels of vetting for each type ofcertificate an individual/organization can apply for.Once a certificate is installed it is possible to connect toa website using a HTTPS connection, as this tells theserver to establish a secure connection with thebrowser. Once the secure connection is established allweb traffic between the server and browser is secure.Anyone can view an SSL Certificate on a browser byclicking on a padlock and selecting View Certificate. Allbrowsers show the certificate in different ways but theinformation stays the same.

GLOBALSIGN WHITE PAPERTo view the actual contents of the certificate you canclick the Details tab: The Certification path shows which Trusted RootCertificate belonging to which Certificate Authority hasbeen used to issue the SSL Certificate: To secure online credit card transactionsTo secure online logins, sensitive informationtransmitted via web forms, or protected areas ofwebsitesTo secure webmail and applications like OutlookWeb Access, Exchange and Office CommunicationsServerTo secure workflow and virtualisation applicationlike Citrix Delivery Platforms or cloud basedcomputing platformsTo secure the connection between an email clientsuch as Microsoft Outlook and an email server suchas Microsoft ExchangeTo secure the transfer of files over HTTPS andFTP(s) services such as website owners updatingnew pages to their websites or transferring largefilesTo secure hosting control panels logins and activitylike Parallels, cPanel and othersTo secure intranet based traffic such as internalnetworks, file sharing, extranets and databaseconnectionsTo secure network logins and other network trafficwith SSL VPNs such as VPN Access Servers orapplications like the Citrix Access GatewayGlobalSign provides products and technology to secureany of the applications mentioned which are discussedbelow in more detail.TYPES OF SSL CERTIFICATEDomain Validated (DV) SSLThis level of certificate is where the CA checks the rightof the applicant to use a specific domain name via emailchallenge. No company identity information is vettedand therefore company information is not displayedwithin the certificate. This means that issuance time isfast and can be issued within minutes.When should DV SSL be used?WHEN SHOULD SSL BE USED?SSL should be used whenever information is submittedonline, over the Internet or internal network, forexample when filling in forms or logging into onlineaccounts. It is commonly misunderstood that SSL shouldbe used purely for securing payment pages and creditcard transactions, but any exchange or personalinformation from an end user submitted to a websiteshould be encrypted. SSL should be the minimumsecurity standard used when collecting and submittingdata and should be used in all of the followingsituations:A Domain Validated SSL Certificate should be used whenbasic encryption is all that is required, such as internaland lower profile public sites, or in such instances wherethe applicant is not a legally incorporated entity, orthose that wish to have the certificate issued quickly. Inaddition it can be used when company documents arenot readily available and when shared VPS or ManagedHosting is required.GlobalSign offers two types of Domain Validated SSLCertificates. DomainSSL which is feature-packed andincludes all of our advanced options, as well as AlphaSSL,which is a GlobalSign sub-brand containing basic levelfeatures.

GLOBALSIGN WHITE PAPEROrganization Validated (OV) SSLBefore issuing the Certificate Authority checks the rightof the applicant to use a specific domain name and acheck into the existence of the organization isconducted. This vetted company information isdisplayed to customers when viewing the certificatedetails, giving more visibility into the entity behind thesite and provides enhanced trust to the website visitor.Due to the requirement to vet the organization, fromapplication to issuance it takes longer to obtain an OVcertificate than a DV certificate.When should OV SSL be used?An Organization Validated SSL Certificate, branded asOrganizationSSL by GlobalSign, is ideal when identityassurance and higher trust is as important as encryption,customers are able to wait 2 business days to receivethe certificate, sub domains need to be secured with asingle SSL Certificate and if a Public IP address needs tobe secured. It can also be used for the same reasons asa Domain Validated SSL Certificate.Extended Validation (EV) SSLExtended Validation SSL is the most visually noticeableSSL Certificate for end users, as it activates the greenaddress bar in browsers, as well as displaying thestandard gold padlock. The green bar also alternatesbetween the organization name and issuing CertificationAuthority, enhancing levels of customer trust.EV SSL Features:HTTPSConnectionGreen AddressBar in Browser When should EV SSL be used?EV SSL, branded as ExtendedSSL by GlobalSign, shouldbe used when the highest level of identity assurance,visible trust and encryption level is required, such asincorporated companies and organizations. It is alsorecommended that it should be used by high profilebrands that are more susceptible to phishing attacks andthose that want to protect themselves against the threatof copycat websites. This includes public facing websiteswhere the organization wishes to increase customerstrust, provide maximum assurance, increase salesconversions, as well as elevate their site image tocompete with large companies who have alreadyadopted EV SSL.GLOBALSIGN CERTIFICATEFEATURESWith so many CAs providing SSL Certificates, it’s not easyfor website owners to decide which one to choose.GlobalSign’s SSL Certificates are trusted by all knowndevices, as well as including numerous advancedfeatures, many of which competing SSL Providers offeras paid-for premium options: Company Nameand AddressStandard SSLYellow PadlockWith the most advanced type of SSL Certificate available,the CA checks the right of the applicant to use a specificdomain name, plus conducts a thorough vetting of theorganization. The issuance process of EV SSL Certificatesis strictly defined within the EV guidelines, as formallyapproved by the CA/Browser forum in 2007, whichspecify all the steps required for a CA before issuing acertificate. This includes verification of the following:The legal, physical and operational existence of theentityThat the identity of the entity matches officialrecordsThat the entity has exclusive right to use thedomain specified in the EV SSL CertificateThat the entity has properly authorized theissuance of the EV SSL CertificateIssuance time is 3-5 business days 2048 bit future proof issuing authoritySGC Security for minimum 128 bit minimum to 256bit SSL encryption levelsUnlimited Server Licensing - means that you can usea single SSL Certificate across a number of serversWildcard SSL & Unified Communications – simplecost effective support for complex multi-domainserver configurationSecure Site SealMulti-year discountsAutoCSR – CSRs are optional not mandatoryUnlimited reissues and multi-year savingsMalware distribution monitoring and detectionserviceGlobalSign Certificate Centre AccountInstallation Healthcheck