You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 16 Next »



Table of contents


Why SSL?

The topic data security is now more important than ever before. Most of us are almost constantly online be it with a laptop, smartphone or tablet. We retrieve our mails everywhere, chat with friends or shop online. Unfortunately, the least attention is paid to whether the data is also protected, that is to say the data is encrypted when being transferred, while you are logged in to your bank or interacting with a merchant who processes your credit card data.  It is now easier than ever before for companies to provide their customers with the right security.

With an SSL certificate implemented on the website, any data exchange is completely encrypted which means that data can not be read by anyone else. An EV certificate also strengthens the trust of the customer or prospective customer by directly displaying that the company has been verified and actually exists.
For the site operator, there is another advantage: Google now evaluates all websites with Always-On-SSL better than those with only one certificate in a sub-area on the website or if no certificate is used at all.

Certificate Types

There are three types of SSL certificates, certificates with extended validation (EV), company-validated certificatec (OV) and domain-validated certificates (DV). These differ in the type of verification and the information visible to the user within the certificate. A website secured with an SSL certificate can be recognized by the lock icon displayed in the browser URL bar. The certificate details can be viewed by clicking on the lock icon  and then on further information. Usually this is a three to four click process. EV certificates additionaly display the verified website owner next to the lock icon.

Certificates with extended validation (EV)

The most trustworthy certificates for websites are the certificates with extended validation (EV). Prior to issuing the certificates, the relevant applicant and his/her data are examined by the relevant issuing authority.

First, it is checked whether the applicant is the owner of the domain.
Secondly, the company is audited on the basis of the commercial register entry.
Lastly a telephone verification takes place. This means that the company's telephone number is searched for in a public directory and a phone call is made to the number found there. The verification phone call takes place in several steps:

  • The first call is made to the personnel department to clarify whether the employee registered for the order is actually employed by the company.
  • Subsequently, a call is made to a supervisor to check whether the contact person has the authorization for this order.
  • Finally, a call is made to the actual contact person to confirm the order.

These verification phone calls usually take place in English and during normal business hours.


You are well advised to sychronize the corresponding entries in the Whois, Company Register or the telephone book before placing an EV certificate order.


The extended validation and the restrictions during issuance make it easier for the customer to recognize that a certificate is active and who the operator of the site is. In contrast to the two other types of certificate types, not only ist the small green lock displayed, but also the operator of the page is shown.

By clicking on the green area in the URL bar, the customer / user receives further information about the operator of the website.


The advantages of this type of certificate are therefore obvious: visitors to the site are immediately informed of the SSL encryption and the company that operates the site. For more information, the customer can conveniently click once or twice instead of clicking through hidden details.

Company-validated certificate (OV)

The next certificate type is the company-validated certificate (OV). For this certificate, the validation process largely corresponds to that of the EV certificates. Again, it is important to make sure that the corresponding entries in Whois, Company Register or the telephone book are set before ordering. As soon as the certificate has been issued, the company name will appear next to the domain in the certificate details. This gives the users / customers the assurance that this is an existing company. In the browser's URL bar, only the green lock will appear!

You are well advised to sychronize the corresponding entries in the Whois, Company Register or the telephone book before placing an EV certificate order.

Domain-validated certificates (DV)

The lowest amount of security is offered by domain-validated certificates (DV). The validation is accomplished with a confirmation e-mail which is sent to a particular recipient address. In this e-mail you will find a link to confirm the order. When the confirmation is made, the certificate is issued within a few minutes. Since no further check takes place with this certificate type, there is no information on the website owner within the certificate, but the common name is listed.

Notice

All certificates can be ordered quickly and easily via the SSL-Manager.








  • No labels