The Secure Sockets Layer (SSL) (and Transport Layer Security (TLS)) is the most widely deployed security protocol used today. It is essentially a protocol that provides a secure channel between two machines operating over the Internet or an internal network. In today’s Internet focused world, we typically see SSL in use when a web browser needs to securely connect to a web server over the insecure Internet. Technically SSL is a transparent protocol, which requires little interaction from the end user when establishing a secure session. For example, in the case of a browser, users are alerted to the presence of SSL when the browser displays a padlock, or in the case of Extended Validation SSL the address bar displays both a padlock and a green bar. This is the key to the success of SSL – it is incredibly simple experience for end users.
How it is used in today’s modern ecommerce enabled society?
Web traffic such as credit card transactions
In 2006 alone there were 210 million users online spending over $130 billion through their PCs / laptops / PDAs and mobile phones. SSL *should* have been used to secure each and every one of these transactions!
Other web traffic such as login pages, web forms, web mail, control panels or just protected areas of web sites.
The transfer of files over https and FTP services such as web site owners updating new pages to their web sites.
Email client to email server connections such as Microsoft Outlook to Microsoft Exchange.
Intranet based traffic such as intranets, extranets and database connections.
All these applications have a number of shared themes:
The data being transmitted over the Internet or network needs confidentiality, in other words, people do not want their credit card details to be exposed over the Internet.
The data needs to remain integral, which means that once credit card details and the amount to be charged to the credit card have been sent, a hacker sitting in the middle cannot change the amount to be charged and where the funds should go.
Your organization needs to assure your customers / extranet users that you are who you really say you are and not someone masquerading as you.
Your organization needs to comply with regional, national or International regulations on data privacy, security and integrity.
What is a SSL Certificate?
SSL is a protocol, and in order to use the SSL protocol organizations need a SSL Certificate. A SSL Certificate is a small data file that digitally binds a cryptographic key to your organization’s details, typically:
Your domain name or server name
Your company name and location
In certain cases your contact details
An organization needs to apply for and install the SSL Certificate onto their web server to initiate SSL sessions with browsers. Depending on the type of SSL Certificate applied for, the organization will need to go through differing levels of vetting. Once installed, it is possible to connect to the web site over https://www.domain... as this tells the server to establish a secure connection with the browser. Once a secure connection is established all web traffic between the web server and the web browser will be secure.
SSL Certificates need to be issued from a trusted CA’s root certificate. The root certificate must be present on the end-user’s machine in order for the SSL Certificate to be trusted. If it is not trusted the browser will present untrusted error messages to the end user. In the case of ecommerce, such error messages result in immediate lack of confidence in the web site, web sites using untrusted SSL Certificates therefore risk losing confidence and business from the majority of consumers.
Companies like Trustwave are known as trusted Certification Authorities. This is because browser and operating system vendors such as Microsoft, Mozilla, Opera, Blackberry, Java etc trust that Trustwave is a legitimate Certification Authority and that Trustwave can be relied on to issue trustworthy SSL Certificates. The more applications, devices and browsers the Certification Authority embeds its root into, the better “recognition” the SSL Certificate can provide.
Root Embedding Strategy – ensuring transparent security for your all customer
Trustwave has, for over 10 years, been operating the Trustwave Ready program for root certificate embedding. This program ensures its inhouse engineers from the US, UK, continental Europe and Asia are in constant communication with the application, device and browsers vendors to ensure certificate is present everywhere that may be used for SSL sessions.
Types of SSL Certificate Available
The range of SSL Certificates available in today’s SSL market is vast and over-complex. One of the key benefits of working with Trustwave is our simplified and easily understood SSL product range. Our range of SSL Certificates are divided into three easy to understand categories, Domain Validated (DomainSSL), Organization Validated (OrganizationSSL) and Extended Validation (ExtendedSSL), each with additional useful options as required.
DomainSSL
When the customer wants a lower cost, fast SSL Certificate. Only the domain name ownership is verified and the verification process is automated and fast (minutes). This Certificate should be offered when the customer needs a Certificate quickly and does not have the time or desire to go through any corporate vetting.
OrganizationSSL
The company must go through a corporate vetting process which sometimes requires documentation and usually requires presence on third party company databases. The Certificate has a higher perceived level of trust and credibility in who the Certificate belongs to as the company details are included within the Certificate itself. The Certificate is issued within 1-2 business days.
ExtendedSSL
The company must go through more stringent vetting which always requires validation of company documentation and other vetting means. Vetting is done in line with the CA/B Forum agreed guidelines. Not only are the company details included within the Certificate but the Certificate activates the new Green Address Bar in IE7 and other browsers to show a higher level of identity assurance. The Certificate is issued within 3-4 business days.
SSL Certificate Features, Benefits & Options
Highly Trusted SSL
Supported by all popular browsers, mobile devices and applications (approx 99% ubiquity). Certificates are issued from Trustwave’s trusted root. A full list of compatible servers, browsers and mobile devices can be downloaded from the Trustwave website. (http://www.Trustwave.com/resources/ssl_root_compatibility.pdf).
Free SGC Security
Includes strong 128 bit step-up encryption to force weaker 40 bit browsers to step-up to stronger 128bit browsers or 256 bit enabling technology, improving overall SSL security. SGC from other SSL Providers features at a premium price, but is included free of charge with every Trustwave SSL Certificate.
Free SSL Installation Healthcheck
Trustwave ensures SSL Certificates are installed and working correctly by checking the server ability, SSL Certificate installation, common error checking and trust enhancing Secure Site Seal installation.
Free Server Licenses
3 server licenses issued with each SSL Certificate to enable organizations to easily secure primary server, secondary or backup server and load balancer without facing additional costs. Other SSL Providers typically issue one license and charge premium prices for additional licenses.
Custom Options
Add Wildcard SSL, Intranet names / hostnames, IP addresses as premium options. Wildcard SSL provides the ability to secure multiple websites on the same domain name by enabling a variable (rather than fixed) sub domain to be used; saving time, administration and money. If operating an Intranet, Subject Alternative Names (SAN’s) can be specified within the certificate to secure Intranet hostnames. Some organizations may require SSL Certificates to be issued to an IP address – this can be achieved with Trustwave.
Secure both www and non-www sites with single certificate for no additional cost. SSL Certificates are usually issued to a specific Fully Qualified Domain Name (FQDN). To secure both www.domain.com and just domain.com for example, two separate Certificates would usually be required. But not with Trustwave SSL – the only professional level SSL Certificate to include both forms of the domain name within the Certificate but without additional charges, new IP purchase or server configuration.
Clickable Site Seal
Enables organizations to show a secure site and enhance trust and credibility of online presence. Easy to install on any web page, the Site Seal can be clicked to deliver a full web site profile. The Trustwave Site Seal will increase visitor trust, convert general visitors into paying customers and reduce the amount of abandoned shopping carts and uncompleted web forms.
250k Warranty
The organization is protected by Trustwave’s warranty underwritten by insurance.
Using the Strongest SSL Security
As a web merchant or organization you want to ensure the strongest levels of SSL security. Using weak security can result in compromise of the data being sent. To help you achieve the highest levels of security, Trustwave supports both 128 bit SGC encryption and the newly released 256 bit enabled SSL.
128 bit "step-up" SGC SSL
Historically most browsers and operating systems were exported from the US (Microsoft, Netscape, etc). At the time when the Internet was first emerging, US export regulations prohibited the export of strong 128 bit encryption. However banks and financial institutions were allowed an exception and were permitted to use strong 128 bit encryption levels for SSL. As such many older browsers that could support only 40 bit contained a technology referred to as SGC (Server Gated Cryptography) that forced an increase in encryption strength from weak 40 bit to strong 128 bit. Certification Authorities such as Trustwave were permitted to issue SGC enabled SSL Certificates to financial institutions. However since the liberalization of the US export laws, all organizations are permitted to use 128 bit (or more) SSL and newly exported browsers transparently started to support the higher encryption strength. There is a problem though – some older browsers have not been “upgraded” which means that some users may still require SGC in order to guarantee the stronger level of security. This is why Trustwave adds SGC capabilities to every SSL Certificate free of charge.
SGC is a secure server SSL Certificate which "enhances" SSL technology to deliver strong (128-bit) encryption during an internet browsing session between the web server and the older legacy Microsoft browsers (version 4.723612.1713 and above), without SGC these older browsers are forced to connect using weak 40 bit encryption. SGC addresses the need for additional security in especially sensitive electronic transactions or communications, and are currently available to banks, financial institutions, insurance companies, health and medical organizations, online merchants where support for strong encryption levels in legacy Microsoft browsers is essential. Only Trustwave and VeriSign can provide SGC enabled certificates that provide the highest levels of browser recognition and step up encryption strengths, but ONLY Trustwave provides SGC free of charge.
Get the most from newer browsers - 256 Bit Enabled SSL
In recent years computing power has increased to the level that 40 bit security can be cracked by brute force computing in a matter of hours. 40 bit encryption is therefore considered insecure. If you are using the latest web server software and your web site visitors are using the latest browsers, a Trustwave SSL Certificate is capable of delivering 256 bit encryption. This level of encryption delivers the highest possible security, and using the same computation power that would crack 40 bit encryption in hours, will take billions of years to crack 256 bit encryption.
Tailor your SSL Certificate
Trustwave is simplifying the SSL Certificate buying process, and you can test this during your Trial SSL Certificate application. Rather than promote dozens of different SSL Certificates which seem to vary only by confusing naming, we have pioneered a way for you to add options to your SSL Certificate during the ordering process. Just simply select which options you need during the online ordering process and tailor-make your own SSL Certificate to meet your own requirements!
How to increase your online profits with SSL
Purchase an SSL Certificate for your website
FACT: Utilizing SSL technology for your website increases customer confidence and leads to greater sales.
FACT: Purchasing an SSL Certificate for your website helps to enhance and protect your brand.
Your customers need reassurance that they are on the correct website and that your business can be trusted. When customers log in or make purchases on your web site, they immediately look for proof of organizational identity and encryption before entering sensitive data. You cannot afford to lose your customers to the competition,
nor can you afford to lose one customer order due to fear of fraud.
Purchasing an SSL Certificate for your website delivers the trust factors required to maximize customer confidence.
Display the Trustwave Secure Site Seal and keep customers in the mood to buy!
FACT: A significant percentage of your online customers will abandon the shopping cart/basket or fail to complete the purchase, simply because they lost the sense of security and trust.
The clickable Trustwave Secure Site Seal indicates to the customer that their information is secure and offers additional reassurance to the closed padlock icon that appears in the browser with every SSL connection.
Upgrade your SSL certificate to the new Extended Validation SSL technology and lead the way!
FACT: Businesses that appear more legitimate will gain more traffic.
There are an ever increasing number of high profile fraud and phishing incidents that have heightened Internet users concerns about identity theft. The very latest browser technologies now available provide identity assurance utilizing enhanced levels of information contained within the SSL Certificate. Your brand can be shown within these new browsers alongside the Trustwave security brand, enhancing credibility and end user confidence in who you are.
Utilizing Extended Validation SSL Certificates offer a unique opportunity to differentiate your business from the competition. If the URL displays a green address bar next to your company name and the worldwide trusted Trustwave security brand and this event does not happen on your competitor's website, this will deliver a significant competitive advantage in the world of e-commerce.
Why choose Trustwave SSL?
A Partner to the VeriSign group of companies - VeriSign, GeoTrust, Thawte & RapidSSL
Trustwave has been providing trusted services for over 10 years. Trustwave is logically positioned as the new alternative with the track record and crediblity offerd over the years by the VeriSign group of companies.
Trustwave has the experience, the know-how and the understanding of enterprise and reseller channel needs. This unique combination of experience, talent and vision, allows Trustwave to offer itself as the alternative SSL Provider in what is now a single player market.
A Simplified Product Portfolio in an overly complex market
Trustwave is the first SSL Provider to offer a simplified range of SSL Certificates – fitting neatly into the three newly defined SSL classes of Domain Validation (DV) issued in 4 minutes or less, Extended Validation (EV) activating the Green address bars on high security browsers, and Organization Validation (OV). By taking its 10 years of experience in delivering trusted SSL solutions, Trustwave has pioneered a simple approach to the three classes of SSL the market has seen emerge over recent months.
Other SSL Providers favor using complex product naming and classifications, with basic features being used to differentiate otherwise identical products. Trustwave bucks this trend by adopting simple product naming and assigning feature sets as options within each product class. This unique approach is designed to eliminate the time consuming and frustrating “which certificate do I need” issues faced by customers evaluating SSL vendor solutions.
Completely Redesigned Reseller & Enterprise Systems to meet Today's Requirements
In depth consultation with customers, resellers and enterprises, and months of ground-up development have gone into the newly designed Trustwave management systems. The new Global Agent System provide customers with the fastest and easiest way to issue digital certificates for their own use, for their customer's use or for widespread enterprise and departmental use. The system adopts a SaaS (software as service) philosophy, giving access to customers via a web portal or XML based API to allow for full integration with control panels, purchasing systems or bespoke internal management processes. Trustwave is also the first SSL Provider to introduce DataCenter SSL (per server licensing model) and NonIP SSL (hosted IP and SSL on a hardware security module).
WebTrust Certified and Trusted by All Browsers
As a WebTrust audited SSL Provider established in 1996 and accredited since 2002, Trustwave has alliances and partnerships with all the major Operating System and Browser vendors to ensure maximum support for its range of SSL Certificates. All major browsers, applications and mobile devices inherently trust and support Trustwave digital certificates. This means your customers will not receive "untrusted" alerts and popups that can be a problem when using certificates issued by the newer, or untrusted, SSL Providers. Garner over 10 years of Trustwave investment in partnerships and Root CA Certificate acceptance strategy, and join over 20 million other digital certificates that rely on the public trust of the Trustwave Root CA Certificates.
Secured by Trustwave Site Seal
Once your SSL Certificate is issued, you can display the Secure Site by Trustwave site seal. When clicked this seal allows visitors to view your authenticated profile, improving trust in who you are. Trustwave Site Seals are dynamically delivered via a three tier redundant site seal server system. Unlike some of our competitors who have suffered widely reported Site Seal outages that dramatically affect the loading of a web page, pages displaying Trustwave Site Seals will not be affected in the unlikely event that the site seal servers suffer temporary interruption.
"Step-up" Encryption Strength included Free of Charge
SGC is a secure server SSL Certificate which "enhances" SSL technology to deliver strong (128-bit) encryption during an internet browsing session between the web server and the older legacy Microsoft browsers (version 4.723612.1713 and above), without SGC these older browsers are forced to connect using weak 40 bit encryption. SGC addresses the need for additional security in especially sensitive electronic transactions or communications, and are currently available to banks, financial institutions, insurance companies, health and medical organizations, online merchants where support for strong encryption levels in legacy Microsoft browsers is essential. Only Trustwave and VeriSign can provide SGC enabled certificates that provide the highest levels of browser recognition and step up encryption strengths, but ONLY Trustwave provides SGC free of charge!
There is growing need for SSL in today's Web 2.0 World - and we know SSL!
Web site visitors and customers expect to see the padlock when submitting ANY kind of data - whether it be payment details, logins / password or other Internet based transactions. SSL Certificates activate the secure "padlock" using https and ensure your customers and visitors are assured their transactions and data sent via the Internet are secured by using the strongest encryption available. Having been issuing SSL for over 10 years we are expert in assisting customers with requirements (large or small), scalable solutions and trouble-shooting costly implementation issues.