You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 18 Next »



Table of contents


Why SSL?

The topic data security is now more important than ever before. Most of us are almost constantly online be it with a laptop, smartphone or tablet. We retrieve our mails everywhere, chat with friends or shop online. Unfortunately, the least attention is paid to whether the data is also protected, that is to say the data is encrypted when being transferred, while you are logged in to your bank or interacting with a merchant who processes your credit card data.  It is now easier than ever before for companies to provide their customers with the right security.

With an SSL certificate implemented on the website, any data exchange is completely encrypted which means that data can not be read by anyone else. An EV certificate also strengthens the trust of the customer or prospective customer by directly displaying that the company has been verified and actually exists.
For the site operator, there is another advantage: Google now evaluates all websites with Always-On-SSL better than those with only one certificate in a sub-area on the website or if no certificate is used at all.

Certificate Types

There are three types of SSL certificates, certificates with extended validation (EV), company-validated certificatec (OV) and domain-validated certificates (DV). These differ in the type of verification and the information visible to the user within the certificate. A website secured with an SSL certificate can be recognized by the lock icon displayed in the browser URL bar. The certificate details can be viewed by clicking on the lock icon  and then on further information. Usually this is a three to four click process. EV certificates additionaly display the verified website operator next to the lock icon.

Notice

All certificates can be ordered quickly and easily via the SSL Manager.

Certificates with extended validation (EV)

The most trustworthy certificates for websites are the certificates with extended validation (EV). The extended validation and the restrictions during issuance make it easier for the customer to recognize that a certificate is active and who the operator of the site is. In contrast to the two other types of certificate types, not only ist the small green lock displayed, but also the operator of the page is shown.

By clicking on the green area in the URL bar, the user receives further information about the operator of the website.


Prior to issuing the EV certificates, the relevant applicant and his/her data are examined by the relevant issuing authority.
First, it is checked whether the applicant is the owner of the domain.
Secondly, the company is audited on the basis of the commercial register entry.
Lastly a telephone verification takes place. This means that the company's telephone number is searched for in a public directory and a phone call is made to the number found there. The verification phone call takes place in several steps:

  • The first call is made to the personnel department to clarify whether the employee registered for the order is actually employed by the company.
  • Subsequently, a call is made to a supervisor to check whether the contact person has the authorization for this order.
  • Finally, a call is made to the actual contact person to confirm the order.

These verification phone calls usually take place in English and during normal business hours.

You are well advised to sychronize the corresponding entries in the Whois, Company Register or the telephone book before placing an EV certificate order.

The advantages of this type of certificate are therefore obvious: visitors to the site are immediately informed of the SSL encryption and the company that operates the site. For more information, the customer can conveniently click once or twice instead of clicking through hidden details.

Company-validated certificate (OV)

Using an OV certificate the green lock icon will appear in the browser's URL bar. For this certificate, the validation process largely corresponds to that of the EV certificates. 

You are well advised to sychronize the corresponding entries in the Whois, Company Register or the telephone book before placing an OV certificate order.

As soon as the certificate has been issued, the company name will appear next to the domain in the certificate details. This gives the users the assurance that this is an existing company.

Domain-validated certificates (DV)

Using an DV certificate the green lock icon will appear in the browser's URL bar. 

Domain-validated certificates (DV) offer the lowest amount of security.The validation is accomplished with a confirmation email which is sent to a particular recipient address. In this email you will find a link to confirm the order. When the confirmation is made, the certificate is issued within a few minutes. Since no further check takes place with this certificate type, there is no information on the website owner within the certificate, but the common name is listed.









  • No labels