Chat With Us
We are here for you!
Talk to a fellow human.
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are security protocols that enable secure communications between two machines. An SSL certificate is a small data file leveraging this security protocol to serve two functions:
1. Authentication – SSL certificates serve as credentials to authenticate the legitimacy of a website. Certificates are issued to a specific domain and web server after a Certificate Authority performs a strict vetting process on the organization requesting the certificate. Once issued the certificate provides information about the identity of a business or website and authenticates that the website they are on is a legitimate business and any information submitted will be secured.
2. Secure data communication - When SSL is installed on a web server, it enables the padlock to appear in the web browser and activates the HTTPS protocol to secure the connection between the web server to a browser. It does this by using encryption algorithms to scramble the data in transit into an undecipherable format that can only be read with the proper decryption key.
SSL and TLS are both cryptographic protocols used to create an encrypted connection and establish trust. TLS is an updated version of SSL that provides advanced encryption options including Elliptic Curve Cryptography (ECC), Rivest-Shamir-Adleman (RSA) or Digital Signature Algorithm (DSA). When purchasing certificate solutions from Comodo, customers receive the most up-to-date TLS encryption even though they are more widely referred to as SSL.
Web browsers only show the secure indicators for SSL certificates signed by a trusted CA, like Comodo. To become a trusted CA, a company must comply with and perform regular audits for the security and authentication process standards established by the leading browsers. When a trusted CA issues a certificate to an organization the browser will recognize the certificate as legitimate The browser lets the user know that the website is secure, and the user can feel safe browsing the site and even entering their confidential information.
There are many different types of certificates options available, all with their own unique use case and value propositions. The level of authentication assured by the CA is a significant differentiator between the types. There are three recognized categories of SSL authentication available: Extended Validation (EV), Organization Validation (OV), and Domain Validation (DV).
Domain Validation SSL certificates
DV certificates provide the quickest, easiest and most cost-effective way to receive industry-standard encryption. DV certificates require proof of ownership for the domain being secured and can be issued in minutes. Once installed DV certificates show trust indicators in browsers like the padlock icon and enables HTTPS. Because the legitimacy of the organization is not vetted, DV certificates are only ideal for internal sites, test servers, and test domains.
Organization Validation SSL certificates
OV certificates are a step up from DV. To receive and OV certificate organizations must prove they own the domain they wish to secure and prove that they are a legally registered business. OV certificates also provide a dynamic site seal which displays the validated company information to a site visitor, along with the HTTPS and the padlock icon. These certificates can only be issued to a registered organization and not individuals making it more suitable for public-facing websites.
Extended Validation SSL certificates
EV certificates provide the highest level of trust and are the industry standard for business websites. In addition to the trust indicators provided by DV and OV certificates, EV certificates activate the green address bar in web browsers, the most recognized symbol of a secured website security and consumer trust. When a website is enabled with the green bar it is instantly recognized as a legitimate site and safe to submit confidential data, such as credit card or customer login details. To receive an EV certificate customers must complete the same level of authentication for an OV certificate but also go through a stricter vetting process performed by a human specialist. Because of the additional validation requirements, EV certificates typically take 1-5 days to be issued, however by opting for a higher value EV certificate is more organizations are benefiting with a trusted website that leads to consumer confidence and more online conversions.
The level of authentication performed by the CA determines the class of SSL certificate along with the security indicators that show in the browsers. Because websites have multiple layers of pages, domains, and subdomains there are additional certificate types designed for today’s modern websites that apply the authentication type with feature set to secure unique web environments.
SSL certificates use cryptography which relies on two types of keys for authenticating and securing data; a Public Key and a Private Key. The public key is used to encrypt information and the private key is used to decipher it. SSL works by making the public key available through the publically available website while the private key remains secured on the web server so that any data submitted from the website where the public key is located can only be deciphered by the owner of the website, therefore a secure 1:1 communication.
When a person visits a website with an SSL certificate a “handshake” occurs to create the secure channel between the user and the organization and protect any data submitted on the website from being compromised. Here’s how the handshake process works in real-time:
1. A person visits a website secured with SSL certificate on a web browser.
2. The browser sends a request to the web server to identify itself.
3. The server sends back a copy of its SSL certificate including type, validity period, and organizational details.
4. The browser checks whether it trusts the SSL certificate and sends an approval back to the server. If an SSL certificate is not installed, not up-to-date with the proper security protocols, or not a brand trusted by the browser the user will see a warning message in the address bar of the browser.
5. The server sends back a digitally signed acknowledgement to start an SSL encrypted session.
6. Any data shared between the browser and the server is now secure. If a hacker intercepts the communication it will an encrypted with a cryptographic code that cannot be decrypted.
Comodo certificates offer ECC, RSA and DSA encryption algorithms that provide encryption options with a base standard of 2048 bit encryption, . customers with options for secure and scalable solutions. Comodo SSL certificates most commonly use RSA keys unless configured for ECC or DSA.
and the recommended size of these keys keeps increasing (e.g., from 1024 bit to 2048 bit a few years ago) to maintain sufficient cryptographic strength. An alternative to RSA is ECC. Both key types share the same important property of being asymmetric algorithms (one key for encrypting and one key for decrypting). However, ECC can offer the same level of cryptographic strength at much smaller key sizes - offering improved security with reduced computational requirements. Let's look at what ECC is and why you may want to consider using it.
Elliptic Curve Cryptography (ECC)
Creates encryption keys based on the idea of using points on a curve to define the public/private key pair. It is extremely difficult to break using the brute force methods often employed by hackers and offers a faster solution with less computing power than pure RSA chain encryption.
Millions of websites use SSL to secure credit card transactions, data transfer, login pages, and secure browsing on all websites including blogs and social media sites. Enabling HTTPS on all websites not only provides consumer trust that the website is legitimate and is safe to browse or transact on but it has now been mandated by the leading browsers such as Google Chrome. Websites without an SSL certificate display a ‘Not Secure’ warning in the address bar.
The growth of global websites, mobile, and internet connected devices has also expanded the use of SSL well beyond just ecommerce. Anyone who needs to securely share date between devices over the internet requires and SSL certificate. Here are the most common uses:
If a website URL starts with HTTPS:// and there is a padlock in the address bar, then the website is using a secure TLS/SSL connection.
The primary importance of installing an SSL certificate is to initiate a secure session between a web server and a browser. Once a secure connection is established, all information passed between the web server and the visitor will be kept private and encrypted
Other SSL advantages:
The following is a step-by-step outline of the SSL connection process:
SSL Certificates are issued by a Certificate Authority (CA), along with other digital certificates. They confirm the identity and ownership of the business or company applying for the certificate. These issued certificates are chained to a trusted root certificate owned by your chosen CA. Trusted root certificates are embedded in a “certificate store” in popular web browsers such as Firefox, Chrome, Internet Explorer, and Safari.
Whenever you visit a website which uses an SSL certificate, your browser checks that the certificate is signed by one of the trusted roots in its store. If it isn't, it will warn you that the connection is not secure. Everybody else who visits your site will also see an error message. This is why we recommend purchasing an SSL certificate only from a trusted CA.
Setting up SSL on your website is easy! In general, these are the 3 simple steps for installing your new SSL certificate.
Trusted Certificates can be bought from your web-host or direct from a trusted CA. Certificates from a trusted CA will be recognized by all popular internet browsers used by your visitors (Chrome, Firefox, Internet Explorer, Safari etc).
If you bought your certificate from your web-host then they can do this step for you. If you are managing the site yourself then the two steps you need to complete are to generate a certificate signing request (CSR) and then to install your certificate. We have a range of documents to help complete both tasks on different web server software in our knowledge base.
After installing your certificate on your target pages, why not modify your site so that all content is served securely? The internet is fast moving towards a default HTTPS for every page, and Google is even giving websites better search ranking if a page is served over HTTPS.