SSL stands for Secure Socket Layer. It’s used in Web browsers, instant messaging programs, email client and other software. It establishes an encrypted session between two machines, most frequently between a browser and a website.
SSL Certificates uses a Public Key Infrastructure (PKI) cryptographic system which consists of two keys: (1) A public key known to everyone and used to encrypt data (2) A private or secret key known only to the organization that procured the SSL Cert and is used to decrypt the information that is sent. These keys work together to establish an encrypted connection.
SSL Certificates are issued by a Public Certification Authority and reside on the organizations’ server. They encrypt traffic between the browser and server based on a ‘handshake’ so that information can be exchanged in confidence and with complete trust.
Information security is in the news every day with issues around hacked accounts, stolen credit cards, and identity theft.
Website visitors feel safe when they know their information is encrypted and secure between their machine and an organizations’ server. Many visitors will choose not to browse a website if it isn’t secure. Search engines also have started penalizing rankings of websites that aren’t protected by SSL. In order to maximize the potential of a website or online business, SSL is a necessity. By the end of 2016 the US Government has mandated that ALL .gov websites must use SSL.
A website address that begins https:// and has a lock icon in the browser address bar indicates an SSL is being used.
Secure a reliable SSL
The most reliable SSL certificates are issued by established, trusted certificate authorities (CA). Trusted CA’s include Symantec, Digicert and Comodo. Look for a CA with a global reach, compatibility with every major browser and strict validation processes. Expect the CA to look at domain ownership and validate individual approver's employment via a call to the HR department. The highest protection for consumers is from sites using Extended Validation (EV) SSL certificates.
SSL Certificate Management Best Practices
Organizations with an online presence should implement these best practices:
- A management solution that allows for quick and secure ordering.
- Centrally manage certs and domains within a single secure online environment.
- Visibility into all issued certificates and track expiration dates.
- Consistency between the domain name ownership (as in what shows on the WHOIS), the organization listed within the CSR, and the requesting organization. This makes it easier for the CA to validate information.
- Finally, never give out the private key!
Protect your business, your data and your brand to gain the trust of your online customers with a robust SSL process. This helps make the internet safer for all of us.
To hear a recording of a recent webinar where this topic is discussed in more detail, click here.