Today's online shoppers are savvy about online security. Before completing a transaction or sharing personal information with you, online visitors need to know that your website can be trusted. Secure Socket Layer (SSL) Certificates provide a visual indicator that your website is legitimate and secure.
When choosing an SSL Certificate, consider the brand recognition, turn-around time and investment cost that is right for your business. Start building consumer confidence and online profit by selecting a brand below:
Recognized by 79% of U.S. online shoppers
When consumer trust and online awareness are vital to the success of your business.
A balance between brand, time and money
Quickly secure your website in the most cost-effective and efficient way.
Reasonably priced, instantly available, starter certificates
For websites that don’t require a high level of brand recognition from customers. Съдържание
Secure Socket Layer (SSL) technology protects your website and makes it easy for your users to trust you in the following way:
Give your customers the confidence to make their purchases online with EV SSL Certificates. Extended Validation triggers the display of the green address bar in high-security browsers.
Extended Validation SSL gives Web site visitors an easy and reliable way to establish trust online. Only SSL Certificates with Extended Validation (EV) will trigger high security Web browsers to display a green address bar with the name of the organization that owns the SSL Certificate and the name of the Certificate Authority that issued it. The green bar shows site visitors that the transaction is encrypted and the organization has been authenticated according to the most rigorous industry standard. For better online performance and added customer confidence, choose Secure Site with EV SSL Certificates. (SSL Security and Extended Validation.)
* SBS EV and SBS SGC EV Certificates are powered by COMODO.
Public key certificate from Wikipedia
In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an electronic document which uses a digital signature to bind together a public key with an identity — information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual.
In a typical public key infrastructure (PKI) scheme, the signature will be of a certificate authority (CA). In a web of trust scheme, the signature is of either the user (a self-signed certificate) or other users ("endorsements"). In either case, the signatures on a certificate are attestations by the certificate signer that the identity information and the public key belong together.
For provable security this reliance on something external to the system has the consequence that any public key certification scheme has to rely on some special setup assumption, such as the existence of a certificate authority.
Certificates can be created for Unix-based servers with tools such as OpenSSL's ssl-ca. or SuSE's gensslcert. Similarly, Microsoft Windows Server 2003 contains Certificate Authority for the creation of digital certificates. In Windows Server 2008 the capability is in Active Directory Certification Authority.
Serial Number: Used to uniquely identify the certificate.
Subject: The person, or entity identified.
Signature Algorithm: The algorithm used to create the signature.
Issuer: The entity that verified the information and issued the certificate.
Valid-From: The date the certificate is first valid from.
Valid-To: The expiration date.
Key-Usage: Purpose of the public key (e.g. encipherment, signature, certificate signing...).
Public Key: The public key to encrypt a message to the named subject or to verify a signature from the named subject.
Thumbprint Algorithm: The algorithm used to hash the certificate.
Thumbprint: The hash itself to ensure that the certificate has not been tampered with.
- Class 1 for individuals, intended for email
- Class 2 for organizations, for which proof of identity is required
- Class 3 for servers and software signing, for which independent verification and checking of identity and authority is done by the issuing certificate authority
- Class 4 for online business transactions between companies
- Class 5 for private organizations or governmental security
The EU Directive 1999/93/EC on a Community framework for electronic signatures defines the term qualified certificate as "a certificate which meets the requirements laid down in Annex I and is provided by a certification-service-provider who fulfils the requirements laid down in Annex II":
Annex I: Requirements for qualified certificates
Qualified certificates must contain:
(a) an indication that the certificate is issued as a qualified certificate;
(b) the identification of the certification-service-provider and the State in which it is established;
(c) the name of the signatory or a pseudonym, which shall be identified as such;
(d) provision for a specific attribute of the signatory to be included if relevant, depending on the purpose for which the certificate is intended;
(e) signature-verification data which correspond to signature-creation data under the control of the signatory;
(f) an indication of the beginning and end of the period of validity of the certificate;
(g) the identity code of the certificate;
(h) the advanced electronic signature of the certification-service-provider issuing it;
(i) limitations on the scope of use of the certificate, if applicable; and
(j) limits on the value of transactions for which the certificate can be used, if applicable.
Annex II Requirements for certification-service-providers issuing qualified certificates
(a) demonstrate the reliability necessary for providing certification services;
(b) ensure the operation of a prompt and secure directory and a secure and immediate revocation service;
(c) ensure that the date and time when a certificate is issued or revoked can be determined precisely;
(d) verify, by appropriate means in accordance with national law, the identity and, if applicable, any specific attributes of the person to which a qualified certificate is issued;
(e) employ personnel who possess the expert knowledge, experience, and qualifications necessary for the services provided, in particular competence at managerial level, expertise in electronic signature techology and familiarity with proper security procedures; they must also apply administrative and management procedures which are adequate and correspond to recognised standards;
(f) use trustworthy systems and products which are protected against modification and ensure the technical and cryptographic security of the process supported by them;
(g) take measures against forgery of certificates, and, in cases where the certification-service-provider generates signature-creation data, guarantee confidentiality during the process of generating such data;
(h) maintain sufficient financial resources to operate in conformity with the requirements laid down in the Directive, in particular to bear the risk of liability for damages, for example, by obtaining appropriate insurance;
(i) record all relevant information concerning a qualified certificate for an appropriate period of time, in particular for the purpose of providing evidence of certification for the purposes of legal proceedings. Such recording may be done electronically;
(j) not store or copy signature-creation data of the person to whom the certification-service-provider provided key management services;
(k) before entering into a contractual relationship with a person seeking a certificate to support his electronic signature inform that person by a durable means of communication of the precise terms and conditions regarding the use of the certificate, including any limitations on its use, the existence of a voluntary accreditation scheme and procedures for complaints and dispute settlement. Such information, which may be transmitted electronically, must be in writing and in redily understandable language. Relevant parts of this information must also be made available on request to third-parties relying on the certificate;
(l) use trustworthy systems to store certificates in a verifiable form so that:
- only authorised persons can make entries and changes,
- information can be checked for authenticity,
- certificates are publicly available for retrieval in only those cases for which the certificate-holder's consent has been obtained, and
- any technical changes compromising these security requirements are apparent to the operator.
The most common use of certificates is for HTTPS-based web sites. A web browser validates that an SSL (Transport Layer Security) web server is authentic, so that the user can feel secure that their interaction with the web site has no eavesdroppers and that the web site is who it claims to be. This security is important for electronic commerce. In practice, a web site operator obtains a certificate by applying to a certificate provider with a certificate signing request. The certificate request is an electronic document that contains the web site name, contact email address, and company information. The certificate provider signs the request, thus producing a public certificate. This public certificate is served to any web browser that connects to the web site and proves to the web browser that the provider believes it has issued a certificate to the owner of the web site. Before issuing a certificate, the certificate provider will request the contact email address for the web site from a public domain name registrar, and check that published address against the email address supplied in the certificate request. Therefore, an https web site is only secure to the extent that the end user can be sure that the web site is operated by someone in contact with the person that registered the domain name.
As an example, when a user connects to
with their browser, if the browser gives no certificate warning
message, then the user can be theoretically sure that interacting with
is equivalent to interacting with the entity in contact with the email
address listed in the public registrar under "example.com", even though
that email address may not be displayed anywhere on the web site. No
other surety of any kind is implied. Further, the relationship between
the purchaser of the certificate, the operator of the web site, and the
generator of the web site content may be tenuous and is not guaranteed.
At best, the certificate guarantees uniqueness of the web site, provided
that the web site itself has not been compromised (hacked) or the
certificate issuing process subverted.
- ^ Ran Canetti: Universally Composable Signature, Certification, and Authentication. CSFW 2004, http://eprint.iacr.org/2003/239
- ^ OpenSSL: Contribution, Misc
- ^ "Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures". Official Journal L 013 , 19/01/2000 P. 0012 - 0020. Annex II. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31999L0093:EN:HTML. Retrieved 2010-02-17.
- RFC 5280 Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile