subscribe to the RSS Feed

Saturday, February 4, 2012

SSL In Brief

Posted by leepeng on August 25, 2010

Why SSL?
SSL stands for Secure Socket Layer.
SSL pages/sites are start with HTTPS (e.g. https://www.ctc.com.sg/paygate/payment.php)
You will see a lock icon in browser if it is SSL

It provide 2 main function: Encryption and Authentication.

Encryption
When we fill in a form in browser and submit, in default setting, the information in the form is transmit to the server as plain text.
This become not secure if the form ask us for sensitive information like NRIC, credit card info etc.
SSL can encrypt the transmission of info to ensure security.

Authentication
When a visitor come to a website, especially those require payment, he will always want to be sure that the identity of the website is what it claim to be.
Consider the website www.sony-asia.com. How we know this website really belongs to Sony. I can always register a domain call www.sony-southafrica.com and impersonalized as Sony.

SSL contains Digital Certificate to certified the website as who it claimed to be.

SSL Selection
There are many SSL provider and price can be very different depends on function and brands.

In general, there are 2 groups

SSL Cert with Domain name Authentication Only
This will certified that the domain A is really belongs to domain A.
We will recommend this if the website is just a pure online store and the business is not of big brand.
Another reason is the website only need SSL to utilise the encryption feature and authentication is not a big concern.

** Notice the Common Name (CN) and Organization (O) are the domain name.

Here are some package options
https://www.godaddy.com/gdshop/ssl/ssl.asp   (Standard SSL)

https://www.thawte.com/ssl-digital-certificates/ssl123/index.html

http://www.geotrust.com/ssl/quick-ssl-certificates/

SSL Cert with Business Identity Authentication
This will certified that the website belongs to a certain business.
The approval might require more email authentication or event submit a fax or telephone call.

** Notice the Organization (O) is stated as TakeMeToAsia Pte Ltd

Here are some package options
https://www.godaddy.com/gdshop/ssl/ssl.asp  (Deluxe SSL)

https://www.thawte.com/ssl-digital-certificates/ssl/index.html

http://www.geotrust.com/ssl/ssl-certificates/

http://www.verisign.com.sg/ssl/buy-ssl-certificates/secure-site-ssl-certificates/

Comments: Be the First to Comment

Filed Under: Web Design, Web Development, Web Hosting

Tags: , ,

home top