What Is SSL (Secure Sockets Layer) and What Are SSL Certificates?

SSL Certificate

SSL Certificates
Standard SSL Certificates (Single Name) Extended Validation (EV) Certificates Unified Communications (UC or SANS) Certificates Extended Validation (EV) Multi-Domain Certificates Wildcard SSL Certificates (Entire Domain) el! Me C"oose W"# C"oose DigiCert$ SSL Certificate Com!arison %ene& No&

The DigiCert Difference

Renew Certificates
Code Signing Certificates

Code Signing Certificates

EV Code Signing Certificates Code Signing Certificates Code Signing Certificate Com!arison EV Code Signing 'ro(ider Com!arison Code Signing 'ro(ider Com!arison

Document Signing Certificates

DigiCert Document Signing

Document Signing Digitall# sign and !rotect #our Ado)e 'D*+ Microsoft ,ffice+ ,!en,ffice+ and Li)re,ffice documentsLearn more a)out document signing- .

Enter!rise

nter!rise
Managed '/0 Direct Certificates Client Certificates

Do&nload t"e disco(er# tool no& . Su!!ort

Su!!ort
SSL Su!!ort Code Signing Su!!ort Document Signing Su!!ort SSL 0nstallation Diagnostic 1ool Certificate Utilit# for Windo&s

Too"s

Do&nload t"e Utilit# No& 22 #eed $e"!? Call us 3456 for immediate+ friendl#+ and *%EE su!!ort7 8-9:8-6:8-;<:: su!!ort=digicert-com Li(e C"at %eseller

Rese""er
SSL Certificate %eseller 'rogram %eseller *A>

%ecome a Rese""er Today& 'artner &it" us to s"are to!-s"elf certificate !roducts and a&ard-&inning customer su!!ort &it" #our customers and !ros!ects-

Sign U! A)out Us

A'out DigiCert
Contact A)out Us ,ur Customers Customer %e(ie&s A&ards Ne&sroom Careers DigiCert %oot Certificates

A'out SSL Certificates and SSL ncry!tion

What Is SSL?
SSL (Secure Soc?ets La#er) is a standard securit# tec"nolog# for esta)lis"ing an encr#!ted lin? )et&een a ser(er and a client@t#!icall# a &e) ser(er (&e)site) and a )ro&serA or a mail ser(er and a mail client (e-g-+ ,utloo?)SSL allo&s sensiti(e information suc" as credit card num)ers+ social securit# num)ers+ and login credentials to )e transmitted securel#- Normall#+ data sent )et&een )ro&sers and &e) ser(ers is sent in !lain text@lea(ing #ou (ulnera)le to ea(esdro!!ing- 0f an attac?er is a)le to interce!t all data )eing sent )et&een a )ro&ser and a &e) ser(er t"e# can see and use t"at informationMore s!ecificall#+ SSL is a securit# !rotocol- 'rotocols descri)e "o& algorit"ms s"ould )e usedA in t"is case+ t"e SSL !rotocol determines (aria)les of t"e encr#!tion for )ot" t"e lin? and t"e data )eing transmittedSSL secures millions of !eo!lesB data on t"e 0nternet e(er# da#+ es!eciall# during online transactions or &"en transmitting confidential information- 0nternet users "a(e come to associate t"eir online securit# &it" t"e loc? icon t"at comes &it" an SSL-secured &e)site or green address )ar t"at comes &it" an extended (alidation SSL-secured &e)site- SSLsecured &e)sites also )egin &it" "tt!s rat"er t"an "tt!Alread# understand t"e )asics of SSL Certificates and tec"nolog#$ Learn a)out SSL cr#!togra!"# 22 Cet SSL 'lus certificates for Dust E8F;5!er #ear Gu# No& Learn More

Where Do Certificates Come In?

All )ro&sers "a(e t"e ca!a)ilit# to interact &it" secured &e) ser(ers using t"e SSL

!rotocol- o&e(er+ t"e )ro&ser and t"e ser(er need &"at is called an SSL Certificate to )e a)le to esta)lis" a secure connection-

What is an SSL Certificate and $ow Does it Work?

SSL Certificates "a(e a ?e# !airH a !u)lic and a !ri(ate ?e#- 1"ese ?e#s &or? toget"er to esta)lis" an encr#!ted connection- 1"e certificate also contains &"at is called t"e Isu)Dect+J &"ic" is t"e identit# of t"e certificate5&e)site o&ner1o get a certificate+ #ou must create a Certificate Signing %eKuest (CS%) on #our ser(er1"is CS% creates t"e !ri(ate ?e# and a CS% data file t"at #ou send to t"e SSL Certificate issuer (called a Certificate Aut"orit# or CA)- 1"e CA uses t"e CS% data file to create a !u)lic ?e# to matc" #our !ri(ate ?e# &it"out com!romising t"e ?e# itself- 1"e CA ne(er sees t"e !ri(ate ?e#,nce #ou recei(e t"e SSL Certificate+ #ou install it on #our ser(er- Lou also install a !air of intermediate certificates t"at esta)lis" t"e credi)ilit# of #our SSL Certificate )# t#ing it to #our CABs root certificate- 1"e instructions for installing and testing #our certificate &ill )e different de!ending on #our ser(er0n t"e image )elo&+ #ou can see &"at is called t"e certificate c"ain- 0t connects #our ser(er certificate to #our CABs (in t"is case DigiCertBs) root certificate t"roug" a series of intermediate certificates-

1"e most im!ortant !art of an SSL Certificate is t"at it is digitall# signed )# a trusted CA li?e DigiCert- An#one can create a certificate+ )ut )ro&sers onl# trust certificates t"at come from an organiMation on t"eir list of trusted CAs- Gro&sers come &it" a !reinstalled list of trusted CAs+ ?no&n as t"e 1rusted %oot CA store- 0n order to )e added to t"e 1rusted %oot CA store and t"us )ecome a Certificate Aut"orit#+ a com!an# must com!l# &it" and )e audited against securit# and aut"entication standards esta)lis"ed )# t"e )ro&sersAn SSL Certificate issued )# a CA to an organiMation and its domain5&e)site (erifies t"at a trusted t"ird !art# "as aut"enticated t"at organiMationBs identit#- Since t"e )ro&ser trusts t"e CA+ t"e )ro&ser no& trusts t"at organiMationBs identit# too- 1"e )ro&ser lets t"e user ?no& t"at t"e &e)site is secure+ and t"e user can feel safe )ro&sing t"e site and e(en entering t"eir confidential information-

$ow Does the SSL Certificate Create a Secure Connection?

W"en a )ro&ser attem!ts to access a &e)site t"at is secured )# SSL+ t"e )ro&ser and t"e &e) ser(er esta)lis" an SSL connection using a !rocess called an ISSL ands"a?eJ (see diagram )elo&)- Note t"at t"e SSL ands"a?e is in(isi)le to t"e user and "a!!ens instantaneousl#Essentiall#+ t"ree ?e#s are used to set u! t"e SSL connectionH t"e !u)lic+ !ri(ate+ and session ?e#s- An#t"ing encr#!ted &it" t"e !u)lic ?e# can onl# )e decr#!ted &it" t"e

!ri(ate ?e#+ and (ice (ersaGecause encr#!ting and decr#!ting &it" !ri(ate and !u)lic ?e# ta?es a lot of !rocessing !o&er+ t"e# are onl# used during t"e SSL ands"a?e to create a s#mmetric session ?e#After t"e secure connection is made+ t"e session ?e# is used to encr#!t all transmitted data-

%rowser connects to a &e) ser(er (&e)site) secured &it" SSL ("tt!s)- Gro&ser reKuests t"at t"e ser(er identif# itselfSer(er sends a co!# of its SSL Certificate+ including t"e ser(erBs !u)lic ?e#%rowser c"ec?s t"e certificate root against a list of trusted CAs and t"at t"e certificate is unex!ired+ unre(o?ed+ and t"at its common name is (alid for t"e &e)site t"at it is connecting to- 0f t"e )ro&ser trusts t"e certificate+ it creates+ encr#!ts+ and sends )ac? a s#mmetric session ?e# using t"e ser(erBs !u)lic ?e#Ser(er decr#!ts t"e s#mmetric session ?e# using its !ri(ate ?e# and sends )ac? an ac?no&ledgement encr#!ted &it" t"e session ?e# to start t"e encr#!ted sessionSer(er and %rowser no& encr#!t all transmitted data &it" t"e session ?e#-

Why Do I #eed SSL?

,ne of t"e most im!ortant com!onents of online )usiness is creating a trusted en(ironment &"ere !otential customers feel confident in ma?ing !urc"ases- Gro&sers gi(e (isual cues+ suc" as a loc? icon or a green )ar+ to "el! (isitors ?no& &"en t"eir connection is secured0n t"e )elo& image+ #ou can see t"e green address )ar t"at comes &it" extended (alidation (EV) SSL Certificates-

0f #our site collects credit card information #ou are reKuired )# t"e 'a#ment Card 0ndustr# ('C0) to "a(e an SSL Certificate- 0f #our site "as a login section or sends5recei(es ot"er !ri(ate information (street address+ !"one num)er+ "ealt" records+ etc-)+ #ou s"ould use SSL Certificates to !rotect t"at dataLour customers &ant to ?no& t"at #ou (alue t"eir securit# and are serious a)out !rotecting t"eir information- More and more customers are )ecoming sa((# online s"o!!ers and re&ard t"e )rands t"at t"e# trust &it" increased )usiness-