Exactly what does an SSL* certification do? Well, I am happy you asked. All an SSL certificate does is attempt to secure a connection from point A to point B. you can forget, no less. Cryptographically talking, a self-sign, or Let’s Encrypt is not any pretty much safe than the most expensive certificate money can buy. So with this in mind – why on earth would you buy an EV (Extended Validation) SSL certificate for your website? This is an article about extensive Validation SSL certificates. It is all about one thing – customer confidence and once you understand who is at the other end.
“…It’s a scam, if you order me you’ll get nothing. Look in there, you need a padlock once you pay for stuff. When there isn’t one, the website could be fake.”
Which technically speaking, I would personally take issue with. However – this will be an effort getting Joe Q Public and Josephine Bloggs to cover attention to whether the site is secured before giving away any details. Sadly this is a half-truth at most useful. There was no guarantee of who you are dealing with at the other end**, not with a standard SSL anyway. You submit a CSR (certificate signing request), you-pays-your-money (or not), and you get a certificate. That is the final end of it. There is validation that is little of being able to receive a contact for that domain, be able to create a DNS record or destination a file on the web site. The concept of Fake or Not Fake here is no guarantee – simply that the text cannot casually be) evesdropped.
This is where Extended Validation SSL‘s come in.
Those sites which have the ongoing company name after the padlock give you a far better sense of what and who you are connecting to, and that there has been a level of due diligence in the granting of a certificate. Certificates that include the 1u colocation pricing name have cleared the following hurdles:
– They have a company that is valid that has been confirmed as active;
– The Dun & Bradstreet contact number for that business has been validated;
– Access to the email for that domain name registration has been validated;
– The application does not trigger any advisories in regards to their internal security requirements.
After this has been finished – the way in which the address bar appears in the browser will change. The company name will be displayed and the country of registration after the padlock. This will be often in green, (they are generally called to as GREEN BAR certificates as a result of this) however, remember themes often means it shall appear in other colors. We provide certificates through the CA’s GeoTrust, RapidSSL, Comodo, Symantec, Thawte, and Certum. Here is an example from Thawte showing roughly how these EV certificates will appear in different browsers:
The real requirement that is formal a CA (certificate authority) to issue an EV certificate can be summed up as:
“Establish the legal identity as well as the functional and physical presence of internet site owner”
“Establish that the applicant may be the domain name owner or has control that is exclusive the domain name.”
“Confirm the identity and authority of the individuals acting for the web site owner, and that documents pertaining to appropriate obligations are finalized by an authorised officer.”
So your consumer KNOWS who they’ve been dealing with. They are contactable, accountable, the real thing – as near they say they are: “Not Fake“ as they are going to get to be assured the other party is who.
The consequences on customer 1u colocation pricing – and this is the reason why you’ll go right to the time, trouble and expense of protecting yourself from a quantity of spoof assaults, and take your site seriously.. trust.
For more information about these certificates – or certainly any worries that are certificate compliance needs, or simply common “where do I start?” questions – get in touch.