The Importance of SSL

The Importance of SSL

The Importance of SSL Certificates

Brief introduction

To know more about The Importance of SSL Certificates I will start with some basic information and a little history.

First of all, what does SSL stand for? the answer would be "Secure Sockets Layer". This means nothing to most people but it is considered one of the most critical security layers in the internet industry.

It started in the '90s and Netscape first implemented it. If you are a "generation X" then you already know the Netscape name, and it was one of the most important if not the most important navigator of that time. If you want to know more about what happened to Netscape, you can refer to this link on Wikipedia.

There was a guy in its '40s named Taher ElGamal, an Egyptian and cryptographer who used to work in Netscape as a chief scientist. He was the mastermind behind SSL.

Nowadays the SSL Certificates have evolved as a necessary security feature that you have to implement in your website, and in its most simple form called Standard SSL it will encrypt the entire communication between the web browser and the server, and the same is true in the other way around. The encryption is so secure that there is no technology at this moment that can decrypt a well-implemented SSL.

This is so important that Neteron.com as well as other web hosting companies offers for free this type of basic SSL. This is automatically implemented once you get your hosting account.

Standard Domain Validation SSL (DV)

This is the most basic SSL and its job is to validate a domain, that is all. It will tell the client that a domain name is been managed through a web hosting account. It really does not tell you who is the owner of the domain, just that the domain is been controlled and is managed by an account registered in a hosting company. It does not perform any other organization-level validation.

This type of certificate is perfect for basic users, people who only want the communication to be encrypted, with no other wondering about any other issue, for example, a blog, or a personal website but in practice, it is even used by small companies and startups.

Organization Validation SSL (OV)

This is the kind of validation you want to be sure it exists on a web page where you are going to write your personal information; like a registering form. You are not walking around the street giving your name and address to people you don't know, right ?. The same is true for a website.

For the owner of a domain that wants to get an Organization Validation SSL Certificate, he must provide extra information about himself, he must prove who he really is. There are three steps for this to happen:

1.- Domain Control Validation: This is the same as Standard SSL, and this is done through email validation, adding a TXT in the cName records, or a secret file with a hash code that you upload to your website.  Only the person who controls the domain and the hosting account can do this.

2.- Organization Validation: This is a game-changer as this involves the verification of your organization through public records. This is proof of the existence of your organization or business.

There are third parties entities that exist for the purpose of collecting, saving, and protecting this kind of information so companies like the SSL providers can use it to verify you are real.

Also, a bank statement, a copy of your phone bill, power bill, water bill, or a lease agreement can be requested.

3.- Callback process: Because it is not enough with step number 2, you also must be ready for a callback. This can be through an automated process like a robocall where a number is given to you and you just used it as an activation code; no you cannot use a prepaid phone number; it must be your phone number associated with your company as per the phone bill shows.

There is the possibility that verification through your notary or legal office where your company is registered is requested. It all depends on where you live or where your organization resided.

When ordering the Organization Validation SSL certificate, you must be ready with the requirements. In the best scenery, it can take 24 hours for the provider to approve it once you have submitted all the requirements.

Extended Validation (EV)

The Extended Validation is the "crème de la crème", the best of the best. This is the highest level of trust, and also the most expensive to acquire. It is very similar to Organization Validation but the process includes verification of the owner(s) too, not only the organization.

The conditions for verification can be different and/or more complicated,  there is a validation specialist that will contact you with the requirements and the alternatives that can be used to validate the certificate.

These kinds of certificates are rarely seen implemented, probably banks, big e-commerce companies, or ensure companies can have the big pocket of power for buying one of these.

SSL Wildcard

I call this kind of certificate a commodity option. While Standard, Organization, and Extended certificates will secure your domain, the Wildcard will fill the gaps left for the subdomains. It is called Wildcard because it will add an * which means "all" content in that space before your domain name, for example:

A standard certificate will cover neteron.com as the main domain, but it won't cover host.neteron.com, customer.neteron.com, or my.neteron.com.

You would need a Wildcard certificate to cover *.neteron.com and the "*" means "all" that you can include there.

Wildcards are options for the Standard and the Organization Validation certificates.

In the real-life

In real life, SSL is a must and this should be implemented as soon as you have a website, it is your responsibility to make sure this is done.

Web hosting companies including Neteron.com do install one of these free versions of SSL certificates, and this is good enough to start making your communication encrypted, you will be able to secure your login into your account or do all your necessary configuration without being worried that the information will leak to the outside.

You can worry about other security issues like being hacked, a virus, malware, or spam, or that you leak the password in a different way, but not through the communication between your navigator and the server.

Once you have completed your first steps for your website, you can decide when to acquire a different option of SSL, it is up to you, and it depends on your needs if you feel it is necessary or advisable to get one of these paid options.

Conclusion

The SSL path starts with the free version of the SSL and this is enough to start encrypting the communication between client to server, or server to server in some cases. It is good enough for your blog, personal page, or informational pages.

If you require customers to sign up or register on your site, then it would be advised to use an Organization Validation in any of its forms. The reason for that is to show the people that your site is real, that it belongs to an organization and it creates liability. You will be legally responsible for the information or services you are been given.

If you want to go further and you think you need more trust, then you can opt for an Extended Validation Certificate, but be aware that these are expensive.

Resources:

Neteron.com Web Hosting Company: https://neteron.com/ssl-certificates/

Sectigo Certification Authority: https://sectigo.com/

Comodo Certification Authority: https://ssl.comodo.com/

Digicert Certification Authority: https://www.digicert.com/

Let's Encrypt Certification Authority: https://letsencrypt.org/

Taher ElGamal: https://en.wikipedia.org/wiki/Taher_Elgamal

Public key certificate: https://en.wikipedia.org/wiki/Public_key_certificate