Information technology

Is your Website Secure Yet?

To start off, let’s do this: while you are on any page of your website, look at the address bar (where you type the name of your website). Do you see any padlock before the name of your website? Simply put, a secure site is the one that ensures the private information exchanged between the visitor and the server remains private – safe from hackers or anyone trying to spy/steal that info. That’s why currently SSL Certificate is a must for any site that does e-commerce or has a form the visitor will need to fill out. And which website doesn’t have at least one of the two?

SSL protocol is complex, but the complexities always remain invisible to your customers. Instead,the browser they are using provides them with a key indicator letting them know that their session is currently protected by an SSL encryption – sometimes it is the lock icon in the lower right-hand corner, or the addition of an “s” in https rather than just http while on high-end SSL Certificates, a key indicator is the green bar in the browser. Clicking on the indicators will show all the details about the certificate.

Your browser connects to a secured site and then fetches the site’s SSL Certificate. After that it first make sure that it has not expired, then it checks to see if it was issued by a known Certification Authority that the browser trusts, and then that it is actually being used by the website that is was actually issued to. If any of these parameters do not check out properly, the browser will display a warning to the user to let them know that this site is not secured by SSL. It asks you to leave or proceed with extreme caution!! Honestly, that is the last thing you would want to say to your potential customer.

Are All SSL Certificates the Same?

As the reasons companies use for SSL have become diversified, three different types of SSL Certificates have been established:

• Extended Validation (EV) SSL Certificates

• Organization Validation (OV) SSL Certificates

• Domain Validation (DV) SSL Certificates

Extended Validation (EV) SSL Certificates are issued only when a Certification Authority (CA) has checked to make sure that the applicant actually has the right to the specific domain name. Therefore, the CA conducts a very THOROUGH vetting (investigation) of the organisation. The issuance process of EV Certificates is standardised and is strictly outlined in the EV Guidelines, which were created at the CA/Browser Forum in 2007, which specifies the required steps that a CA must do before issuing an EV certificate:

1. Must verify the legal, physical & operational existence of the entity

2. Must verify that the identity of the entity matches official records

3. Must verify that the entity has the exclusive right to use the domain specified in the EV Certificate

4. Must verify that the entity has properly authorized the issuance of the EV Certificate

EV Certificates are used for all types of businesses, including government entities and both incorporated & unincorporated businesses. On average, it takes about 10 days to issue.

A second set of guidelines are for the actual CA and it establishes the criteria to which a CA needs to be audited before being allowed to issue an EV Certificate. It is called, the EV Audit Guidelines, and they are always done every year to ensure the integrity of the issuance process.

Organization Validation (OV) SSL Certificates are issued only when a Certification Authority (CA) has checked to ensure the applicant actually has the right to the specific domain name plus the CA does some vetting (investigation) of the said organisation. This additional vetted company info is displayed to customers when the Secure Site Seal is clicked on. This gives enhanced visibility to who is behind the site which in turn gives enhanced trust in the site. It typically takes about 2 days to be issued.

Domain Validation (DV) SSL Certificates are issued when the CA has checked to make sure that the applicant actually has the right to the specific domain name. However, for this type of certificate , no company identity information is vetted and no information is displayed other than encryption information within the Secure Site Seal. DV certs can be issued immediately.

Spruik is a verified seller of all of the SSL certificate types mentioned at a competitive price. Plus, we have a team that is ready to install it on your website wherever it is hosted. Please contact us and we will send you the invoice or discuss what type of certificate you need.