SlideShare uma empresa Scribd logo

Choosing your ssl certificate V01

S
ssleuropa

Tips to help you make the right choice concerning your SSL Certificates.

Tecnologia
1 de 9
Baixar para ler offline
SSL Europa - 8 chemin des escargots - 18200 Orval - France T: +33 (0)9 88 99 54 09 Expert opinion How to choose your SSL certificate ? Date : 03/13/2014
Summary 1) What does the SSL certificate?........................................................................................................ 3 Certification Authority......................................................................................................................... 3 2) Use and implementation................................................................................................................. 4 3) The different types of certificates................................................................................................... 5 Types of validation .............................................................................................................................. 5 RGS* certificates.................................................................................................................................. 5 « Wildcard » certificates and SAN....................................................................................................... 5 SSL Unified Communication certificates ............................................................................................. 6 The period of validity........................................................................................................................... 6 Key sizes .............................................................................................................................................. 6 The multi-domain certificates ............................................................................................................. 6 Self-signed certificates ........................................................................................................................ 6 4) How to choose his SSL certificate?.................................................................................................. 6 Dynamic seal........................................................................................................................................ 7 5) How is it created? (for experts)....................................................................................................... 7 Asymmetric cryptography................................................................................................................... 7 Website authentication....................................................................................................................... 8 Encryption of data exchanges ............................................................................................................. 8 6) To conclude ..................................................................................................................................... 9
1) What does the SSL certificate? When you access to a website, data are not protected and can be intercepted. For exchanges between the web browser and website encrypted, the standard used by the web browsers editors and web servers is the Secure Socket Layer (SSL) also called Transport Layer Security (TLS). By installing a SSL electronic certificate on the web server makes you go HTTP to HTTPS, the secure version, and the exchanges are encrypted. A padlock appears on the browser or the address bar and it becomes https://www.siteweb.fr . Be careful, a padlock displayed on a webpage has no value. So, if you are asked for confidential information or even a Login/Password on a website, it is recommended to leave your information on a websites using a SSL certificate. If you own a website, make sure the version https://www.siteweb.fr does not have invalid certificate as it is often the case. Certification Authority The electronic certificate also ensures that the owner of the domain name is identified. If you click on the padlock you can see the Certification Authority that issued the certificate and information about the certificate owner. Certification Authorities (CA) signed a contract with the publishers of Internet browsers and agree to follow strict verification procedures before issuing a SSL certificate. This Certification Authority is audited every year. The web browser trusts the Certification Authority that issued after the required checks SSL electronic certificate to organizations for domain names as www.organisation.fr. CA is the trusted third party.
The Certification Authorities are gathered in the Certification Authorities (CA) and Browser Forum or CAB Forums https://www.cabforum.org/forum.html 2) Use and implementation SSL certificates can be used for web servers, but also to encrypt VPN or electronic messaging. To obtain a SSL certificate, you must first create the private key and the public key on the server. For this you can use commands such as OpenSSL or the graphic interface of the server. Then you install the private key on the server and send the public key at the Certification Authority you have chosen. This Certification Authority will do the usual checks, which may include a KBis, a call via the directory to the person who is registered on the KBis, depending on the type of certificate. Checks may take several days also, it is necessary to do it in advance. Third party Web site identification Encryted Certificate request You on the web
3) The different types of certificates There are several types of certificates based on the level of verification carried out by the Certification Authority (CA), the validity. Types of validation The Domain Validated (DV) certificates for which the CA checks the domain name belongs to its owner. It is the lowest level of security. It may be used for an Intranet for example and it’s delivered very quickly. The Organization Validated (OV) certificates for which the CA checks the existence of the organization that owns the domain name. It is the most used now and it may be used for a non- commercial website. The Extended Validation (EV) certificates for which the CA check the physical, legal and operational existence of the organization. It is the highest level of security and is more and more used. It has the advantage of displaying a green bar in the browser to reassure customers. The e-commerce websites use these certificates. RGS* certificates The French Government established a standard named Référentiel Général de Sécurité and defined validation processes for SSL certificates for public French organizations. They are certificates to use for public organizations. They are close to EV certificates. « Wildcard » certificates and SAN Certificates are valid for one or several domain names/subdomains as www.entreprise.fr, extranet.entreprise.fr, www.ecommerce.com, for example. It is said that the SSL certificate is valid for a main domain name as www.entreprise.com more than for Subject Alternative Name (SAN) such as extranet.entreprise.fr In some cases, organizations want to have a valid certificate for a domain name such as entreprise.fr and all subdomains such as extranet.entreprise.fr, intranet.entreprise.fr , ecommerce.entreprise.fr , etc. This allows to add subdomains names without having to recreate a new SSL certificate. Wildcard certificates are not the most secure because it is better to nominate the domain names and subdomains for which the certificates are valid. Wildcard certificates are available in OV and DV but not in EV and RGS*.
SSL Unified Communication certificates These certificates are identical to the DV, OV and EV. The name, Unified Communication simply means that these certificates are tested for electronic messaging and the associated documents are provided. The period of validity SSL certificates have a period of validity. The domain name may belongs to another person, the organization can evolve, etc. The periods of validity are 1 year, 2 years and 3 years, excepted for EV and RGS* certificates for which the period is limited to 1 year or 2 years. Some suppliers of SSL certificates offer them with an extra-period of 3 years, but these times are rarely requested, for security and costs reasons. Key sizes The key sizes of SSL certificates used to be of 1024 bits. Today, it is possible to defeat with success 1024 bit keys. Keys of SSL certificates are 2048 bits. Some browsers does not validate the keys of 1024 bits anymore. We also recommend you to choose the encryption algorithms of 256 bits or SHA2. The multi-domain certificates Some companies offer cheap SSL certificates or for free, packaged with other offers. You must be careful. They are often multi-domains certificates of different clients, as an ID card for several people. For your security and image, this is a practice to banish. Self-signed certificates The self-signed certificates can be generated by itself by using OpenSSL commands. These certificates are not validated by a CA and are not recognized by the internet browsers that generate an error. Even for an intranet, it is more convenient to use a SSL certificate delivered by a CA. For this last case, a DV certificate is sufficient. 4) How to choose his SSL certificate? Firstly, you must choose the types of SSL certificates you need. The CAs that deliver certificates also provide offers for which the organization and domain names are previously validated, and for which you own a graphic interface allowing you to auto-deliver you certificates included in this list of certificates previously validated.
When you buy a SSL certificate, you must choose the types of certificates that you need depending on your needs and contact a SSL certificates dealer. It is very important to have a good service quality to assist you in the key extraction and the installation of the certificates, having advices on the certificates to choose and the audit quality made. The prix fluctuate for a 1-year certificate depending on the type from 100€ to 700€. The annual tariffs are decreasing with years. They are also decreasing depending on the volume of certificates acquired. As for the cloud you may be sensitive to where the CA is and where information on your organization is stored. Choose a CA you trust. The transmission time will be between 1 day and 3 days depending on the type of certificate and this, from the moment you have gathered the necessary documents to verify. Dynamic seal Some CA offer a dynamic seal: “Secure by Keynectis” or “Norton Secure verified by Verisign” for example. When the user click on the logo on your webpage, information relative to the certificate are displayed in a new window in https at the domain name address of Keynectis.com or Verisign.com for example. 5) How is it created? (for experts) Asymmetric cryptography In 1975, Wilfried Diffie and Martin Hellman developed a mathematical algorithm that can be different to encrypt and decrypt a document. There was a key allowing to encrypt and a different one, allowing to decrypt the document. Someway, a key allows to close a locked safe and another one to open it. This technic was named asymmetric cryptography, as opposed to the symmetric cryptography. With symmetric cryptography, it was possible to deduct the decryption process thanks to the encryption method. This is not the case with the asymmetric cryptography. This discovery had a significant impact. The symmetric cryptography included major problems. It was necessary to give the encryption combination with the person who had to make the decryption. It was a different key to communicate with each party confidentially. It required an important list of keys. This technic was not efficient in the digital world. The asymmetric cryptography was the new solution because each person has his private key that nobody else knows and a public key that everybody knows and that can be freely exchanged.
If we encrypt a message with the public key, only the person with the corresponding private key can decrypt the message. It is no longer necessary for each person to keep confidential a set of symmetric keys for each partner with whom we want to communicate with an encrypted way Website authentication The SSL certificate of a web server has two keys. A public key and a private key. The public key is communicated to all and the private key is confidential and only kept by the web server for a domain name. The web browser uses the encryption public key to encode a random message. Only the web server can decrypt and send back this message because it is the only one to get the decryption private key. The web browser can clearly identify the website. Encryption of data exchanges The web browser and the web server negotiate the highest encryption level they can support both. The web browser sends a confidential symmetric encryption key by using to encrypt it the asymmetric public key of the web server. Only the web server can decrypt this symmetric session key. The web browser and the web server can communicate on an encrypted and confidential way by using a session key. 6) To conclude Sending a hazard Negociation of the encryption algorithm Sending the encryption session key Negociation of the encryption algorithm Decryption of the session key with the private key Sending the certificate and the signed hazard Generating an encryption key Encryption of the session key with the server public key Verification of the SSL certificate and the signature. The secret session key is shared
6) To conclude There are many types of certificates. The suppliers can help you in your choice and the installation. The number of certificates used on the internet reached, according to Netcraft, 2 885 224 valid certificates in Febuary 2014 with an average growth of 12 000 monthly. This trends is accelerating and the SSL has become an essential technology to protect its websites. SSL Europa 8 chemin des Escargots - 18200 Orval France www.ssl-europa.com

Recomendados

Internet et sécurité version 2014 01
Internet et sécurité version 2014 01Internet et sécurité version 2014 01
Internet et sécurité version 2014 01Profasser
 
Comment obtenir une clé de signature RGS avec SSL Europa?
Comment obtenir une clé de signature RGS avec SSL Europa? Comment obtenir une clé de signature RGS avec SSL Europa?
Comment obtenir une clé de signature RGS avec SSL Europa? ssleuropa
 
Comment obtenir un certificat SSL pour sécuriser son site internet?
Comment obtenir un certificat SSL pour sécuriser son site internet? Comment obtenir un certificat SSL pour sécuriser son site internet?
Comment obtenir un certificat SSL pour sécuriser son site internet? ssleuropa
 
Digital signature by SSL Europa
Digital signature by SSL EuropaDigital signature by SSL Europa
Digital signature by SSL Europassleuropa
 
Signature électronique par SSL Europa
Signature électronique par SSL EuropaSignature électronique par SSL Europa
Signature électronique par SSL Europassleuropa
 
Comment choisir son certificat ssl fr v01
Comment choisir son certificat ssl fr v01Comment choisir son certificat ssl fr v01
Comment choisir son certificat ssl fr v01ssleuropa
 
SSL Europa Cloud Security 2013
SSL Europa Cloud Security 2013SSL Europa Cloud Security 2013
SSL Europa Cloud Security 2013ssleuropa
 
Secure your digital world v01
Secure your digital world v01Secure your digital world v01
Secure your digital world v01ssleuropa
 

Recomendados

Internet et sécurité version 2014 01
Internet et sécurité version 2014 01Internet et sécurité version 2014 01
Internet et sécurité version 2014 01Profasser
 
Comment obtenir une clé de signature RGS avec SSL Europa?
Comment obtenir une clé de signature RGS avec SSL Europa? Comment obtenir une clé de signature RGS avec SSL Europa?
Comment obtenir une clé de signature RGS avec SSL Europa? ssleuropa
 
Comment obtenir un certificat SSL pour sécuriser son site internet?
Comment obtenir un certificat SSL pour sécuriser son site internet? Comment obtenir un certificat SSL pour sécuriser son site internet?
Comment obtenir un certificat SSL pour sécuriser son site internet? ssleuropa
 
Digital signature by SSL Europa
Digital signature by SSL EuropaDigital signature by SSL Europa
Digital signature by SSL Europassleuropa
 
Signature électronique par SSL Europa
Signature électronique par SSL EuropaSignature électronique par SSL Europa
Signature électronique par SSL Europassleuropa
 
Comment choisir son certificat ssl fr v01
Comment choisir son certificat ssl fr v01Comment choisir son certificat ssl fr v01
Comment choisir son certificat ssl fr v01ssleuropa
 
SSL Europa Cloud Security 2013
SSL Europa Cloud Security 2013SSL Europa Cloud Security 2013
SSL Europa Cloud Security 2013ssleuropa
 
Secure your digital world v01
Secure your digital world v01Secure your digital world v01
Secure your digital world v01ssleuropa
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 

Mais conteúdo relacionado

Último

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 

Último (20)

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 

Destaque

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

Destaque (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

Choosing your ssl certificate V01

  • 1. SSL Europa - 8 chemin des escargots - 18200 Orval - France T: +33 (0)9 88 99 54 09 Expert opinion How to choose your SSL certificate ? Date : 03/13/2014
  • 2. Summary 1) What does the SSL certificate?........................................................................................................ 3 Certification Authority......................................................................................................................... 3 2) Use and implementation................................................................................................................. 4 3) The different types of certificates................................................................................................... 5 Types of validation .............................................................................................................................. 5 RGS* certificates.................................................................................................................................. 5 « Wildcard » certificates and SAN....................................................................................................... 5 SSL Unified Communication certificates ............................................................................................. 6 The period of validity........................................................................................................................... 6 Key sizes .............................................................................................................................................. 6 The multi-domain certificates ............................................................................................................. 6 Self-signed certificates ........................................................................................................................ 6 4) How to choose his SSL certificate?.................................................................................................. 6 Dynamic seal........................................................................................................................................ 7 5) How is it created? (for experts)....................................................................................................... 7 Asymmetric cryptography................................................................................................................... 7 Website authentication....................................................................................................................... 8 Encryption of data exchanges ............................................................................................................. 8 6) To conclude ..................................................................................................................................... 9
  • 3. 1) What does the SSL certificate? When you access to a website, data are not protected and can be intercepted. For exchanges between the web browser and website encrypted, the standard used by the web browsers editors and web servers is the Secure Socket Layer (SSL) also called Transport Layer Security (TLS). By installing a SSL electronic certificate on the web server makes you go HTTP to HTTPS, the secure version, and the exchanges are encrypted. A padlock appears on the browser or the address bar and it becomes https://www.siteweb.fr . Be careful, a padlock displayed on a webpage has no value. So, if you are asked for confidential information or even a Login/Password on a website, it is recommended to leave your information on a websites using a SSL certificate. If you own a website, make sure the version https://www.siteweb.fr does not have invalid certificate as it is often the case. Certification Authority The electronic certificate also ensures that the owner of the domain name is identified. If you click on the padlock you can see the Certification Authority that issued the certificate and information about the certificate owner. Certification Authorities (CA) signed a contract with the publishers of Internet browsers and agree to follow strict verification procedures before issuing a SSL certificate. This Certification Authority is audited every year. The web browser trusts the Certification Authority that issued after the required checks SSL electronic certificate to organizations for domain names as www.organisation.fr. CA is the trusted third party.
  • 4. The Certification Authorities are gathered in the Certification Authorities (CA) and Browser Forum or CAB Forums https://www.cabforum.org/forum.html 2) Use and implementation SSL certificates can be used for web servers, but also to encrypt VPN or electronic messaging. To obtain a SSL certificate, you must first create the private key and the public key on the server. For this you can use commands such as OpenSSL or the graphic interface of the server. Then you install the private key on the server and send the public key at the Certification Authority you have chosen. This Certification Authority will do the usual checks, which may include a KBis, a call via the directory to the person who is registered on the KBis, depending on the type of certificate. Checks may take several days also, it is necessary to do it in advance. Third party Web site identification Encryted Certificate request You on the web
  • 5. 3) The different types of certificates There are several types of certificates based on the level of verification carried out by the Certification Authority (CA), the validity. Types of validation The Domain Validated (DV) certificates for which the CA checks the domain name belongs to its owner. It is the lowest level of security. It may be used for an Intranet for example and it’s delivered very quickly. The Organization Validated (OV) certificates for which the CA checks the existence of the organization that owns the domain name. It is the most used now and it may be used for a non- commercial website. The Extended Validation (EV) certificates for which the CA check the physical, legal and operational existence of the organization. It is the highest level of security and is more and more used. It has the advantage of displaying a green bar in the browser to reassure customers. The e-commerce websites use these certificates. RGS* certificates The French Government established a standard named Référentiel Général de Sécurité and defined validation processes for SSL certificates for public French organizations. They are certificates to use for public organizations. They are close to EV certificates. « Wildcard » certificates and SAN Certificates are valid for one or several domain names/subdomains as www.entreprise.fr, extranet.entreprise.fr, www.ecommerce.com, for example. It is said that the SSL certificate is valid for a main domain name as www.entreprise.com more than for Subject Alternative Name (SAN) such as extranet.entreprise.fr In some cases, organizations want to have a valid certificate for a domain name such as entreprise.fr and all subdomains such as extranet.entreprise.fr, intranet.entreprise.fr , ecommerce.entreprise.fr , etc. This allows to add subdomains names without having to recreate a new SSL certificate. Wildcard certificates are not the most secure because it is better to nominate the domain names and subdomains for which the certificates are valid. Wildcard certificates are available in OV and DV but not in EV and RGS*.
  • 6. SSL Unified Communication certificates These certificates are identical to the DV, OV and EV. The name, Unified Communication simply means that these certificates are tested for electronic messaging and the associated documents are provided. The period of validity SSL certificates have a period of validity. The domain name may belongs to another person, the organization can evolve, etc. The periods of validity are 1 year, 2 years and 3 years, excepted for EV and RGS* certificates for which the period is limited to 1 year or 2 years. Some suppliers of SSL certificates offer them with an extra-period of 3 years, but these times are rarely requested, for security and costs reasons. Key sizes The key sizes of SSL certificates used to be of 1024 bits. Today, it is possible to defeat with success 1024 bit keys. Keys of SSL certificates are 2048 bits. Some browsers does not validate the keys of 1024 bits anymore. We also recommend you to choose the encryption algorithms of 256 bits or SHA2. The multi-domain certificates Some companies offer cheap SSL certificates or for free, packaged with other offers. You must be careful. They are often multi-domains certificates of different clients, as an ID card for several people. For your security and image, this is a practice to banish. Self-signed certificates The self-signed certificates can be generated by itself by using OpenSSL commands. These certificates are not validated by a CA and are not recognized by the internet browsers that generate an error. Even for an intranet, it is more convenient to use a SSL certificate delivered by a CA. For this last case, a DV certificate is sufficient. 4) How to choose his SSL certificate? Firstly, you must choose the types of SSL certificates you need. The CAs that deliver certificates also provide offers for which the organization and domain names are previously validated, and for which you own a graphic interface allowing you to auto-deliver you certificates included in this list of certificates previously validated.
  • 7. When you buy a SSL certificate, you must choose the types of certificates that you need depending on your needs and contact a SSL certificates dealer. It is very important to have a good service quality to assist you in the key extraction and the installation of the certificates, having advices on the certificates to choose and the audit quality made. The prix fluctuate for a 1-year certificate depending on the type from 100€ to 700€. The annual tariffs are decreasing with years. They are also decreasing depending on the volume of certificates acquired. As for the cloud you may be sensitive to where the CA is and where information on your organization is stored. Choose a CA you trust. The transmission time will be between 1 day and 3 days depending on the type of certificate and this, from the moment you have gathered the necessary documents to verify. Dynamic seal Some CA offer a dynamic seal: “Secure by Keynectis” or “Norton Secure verified by Verisign” for example. When the user click on the logo on your webpage, information relative to the certificate are displayed in a new window in https at the domain name address of Keynectis.com or Verisign.com for example. 5) How is it created? (for experts) Asymmetric cryptography In 1975, Wilfried Diffie and Martin Hellman developed a mathematical algorithm that can be different to encrypt and decrypt a document. There was a key allowing to encrypt and a different one, allowing to decrypt the document. Someway, a key allows to close a locked safe and another one to open it. This technic was named asymmetric cryptography, as opposed to the symmetric cryptography. With symmetric cryptography, it was possible to deduct the decryption process thanks to the encryption method. This is not the case with the asymmetric cryptography. This discovery had a significant impact. The symmetric cryptography included major problems. It was necessary to give the encryption combination with the person who had to make the decryption. It was a different key to communicate with each party confidentially. It required an important list of keys. This technic was not efficient in the digital world. The asymmetric cryptography was the new solution because each person has his private key that nobody else knows and a public key that everybody knows and that can be freely exchanged.
  • 8. If we encrypt a message with the public key, only the person with the corresponding private key can decrypt the message. It is no longer necessary for each person to keep confidential a set of symmetric keys for each partner with whom we want to communicate with an encrypted way Website authentication The SSL certificate of a web server has two keys. A public key and a private key. The public key is communicated to all and the private key is confidential and only kept by the web server for a domain name. The web browser uses the encryption public key to encode a random message. Only the web server can decrypt and send back this message because it is the only one to get the decryption private key. The web browser can clearly identify the website. Encryption of data exchanges The web browser and the web server negotiate the highest encryption level they can support both. The web browser sends a confidential symmetric encryption key by using to encrypt it the asymmetric public key of the web server. Only the web server can decrypt this symmetric session key. The web browser and the web server can communicate on an encrypted and confidential way by using a session key. 6) To conclude Sending a hazard Negociation of the encryption algorithm Sending the encryption session key Negociation of the encryption algorithm Decryption of the session key with the private key Sending the certificate and the signed hazard Generating an encryption key Encryption of the session key with the server public key Verification of the SSL certificate and the signature. The secret session key is shared
  • 9. 6) To conclude There are many types of certificates. The suppliers can help you in your choice and the installation. The number of certificates used on the internet reached, according to Netcraft, 2 885 224 valid certificates in Febuary 2014 with an average growth of 12 000 monthly. This trends is accelerating and the SSL has become an essential technology to protect its websites. SSL Europa 8 chemin des Escargots - 18200 Orval France www.ssl-europa.com