THE ADVENTURES OF BILLY

Comprehensible Information Security…

SSL Certificates

What is a SSL Certificate?

Have you ever noticed a link starting with https, the padlock symbol or a company name in green in the URL bar? These are all signs of a website with a valid SSL certificate. But what does that mean?

​

SSL Certificates verify that the website provider is who they claim to be and also indicate secure connections between personal devices and company websites. Understanding SSL certificates is important to help prevent calling victim to scammers.

​

They are small data files that attach an organisations unique key to their website. When it is added to a website, it activates the padlock and the https protocol that allows secure connections from a web server to visitor’s browser. SSL is usually used to secure credit card transactions, data transfers and logins, but it’s becoming more common when securing all types of sites.

What is a Secure Connection?

Standard encryption (turning your readable information into a secret code only people with a key can read) allows you to hide communications from being intercepted by a hacker, but how do you know you’re not communicating and sharing that key with the hacker directly who’s setup a fake website that may be identical to a real one? People need to be able to trust they are visiting the true website of the company they interact with. 

What Does a Website with an SSL Certificate Look Like?

Extended Validation certificates have the highest level of security, they add the padlock in the URL bar of the browser and the ’S’ in HTTPS as well as adding the company’s name in green. 

Extended Validation in Chrome:

Extended Validation in Firefox:

Three Types of SSL Certificates

​

  • Domain Validated (DV): The CA checks the right of the application to use a specific domain name. No company identity information is vetted and no information is displayed other than encryption information after clicking on the lock symbol. While you can be sure information is encrypted, you can be sure who is truly at the receiving end of that information. 

​

  • Organisationally Validated (OV): The CA checks the right of the applicant to use a specific domain name and and conducts some vetting of the organisation. Additional vetted company information is displayed to customers when clicking on the lock symbol, giving enhanced visibility in who is behind the site and associated enhanced trust. 

​

  • Extended Validation (EV): With an EV SSL the CA checks the right of the applicant to use a specific domain name and carry out rigorous vetting of the organisation. The steps required for a CA before issuing a certificate are:
    • Verifying the legal, physical and operational existence of the entity
    • Verifying that the identity of the entity matches official records
    • Verifying that the entity has exclusive right to use the domain specified in the EV SSL Certificate
    • Verifying that the entity has properly  authorised the issuance of the EV SSL Certificate

Expired SSL Certificates

Different browsers have different warning messages windows, reading them carefully is recommended to better understand the risk the website may pose.

Chrome

Firefox

Safari