Contact QuoVadis Support at
QuoVadis SSL Site Seal
Create more attention and trust. Install the interactive Site Seal in your website.
The Basics of SSL Security for Websites
What's the funny padlock?
The array of online services seems to grow every day, with users becoming more confident in revealing personal information and making financial transactions over the Internet. At the same time, the web is attracting a constantly evolving mix of con artists and criminals seeking to exploit the technology.
All users should understand the basics of Secure Sockets Layer (SSL) certificates and how they can reduce some of the risks of working online.
What does SSL do?
SSL certificates increase your security in two ways:
- They encrypt your information as it travels across the internet
- They identify the origin (and often the owner) of the website
You should look for SSL on any web page that requires a login, or any web page that requests or displays sensitive information over the web including account or credit card numbers or personal information.
How do I know when SSL is working?
You can tell when SSL encryption is in use in one of two ways:
- The web address of encrypted web pages begins with https://
- Your browser will show a special indicator, such as the padlock in Internet Explorer or the enhanced favicon in Firefox.
You should pay attention if your browser gives alerts relating to SSL as they usually indicate problems or security weaknesses with the website you are viewing.
The internet is comprised of many computers and servers around the world. Data on the web is normally sent in clear text across these networks until it reaches its destination. This means that the passwords you submit, or the sensitive information you view, pass through many computers that are totally unconnected with you or the website you are visiting. If an attacker has compromised any one of those computers, they can “listen” to your data in what’s called a “man-in the middle” attack. SSL encryption enhances your privacy by using encryption to establish a direct private connection between you and your destination that is impervious to network eavesdropping.
If you don't see the padlock (or equivalent in other browsers), then your information is vulnerable as it travels across the internet.
SSL certificates can also help you authenticate the legitimacy of the website you are viewing. In general there are two types of SSL certificate, which display differently in the browser. The following examples are shown in Internet Explorer.
What are SAN?
QuoVadis issues SSL with multiple domains (using the SAN fields). SAN certificates are used with servers that need to securely process communications for multiple domains and multiple hostnames within domains. SAN certificates are preferred to wildcard certificates as they are not limited to a single domain, yet specify exactly which hosts and domains are to be protected.
Business SSL simply confirm that the person or organisation that applied for the SSL certificate also owns or has been granted control of the website address shown in the SSL. You should always confirm that the website address in the certificate matches the website you think you should be viewing. This type of certificate is typically used for simple logins or encryption.
Extended Validation (EV) SSL have a different security indicator and expliclty name the legal entity that owns the website. If you click the padlock, the certificate provides further information on the owner's address, jurisdiction of incorporation, and official registration number. This type of certificate is typically used for e-commerce, financial services, or other sites where users absolutely need to confirm that they are dealing with the legitimate website.