2. BEGINNERS GUIDE TO THAWTE SSL/TLS
INTRODUCTION
WITH THE EVER-INCREASING FEAR OF CYBERCRIME, SECURING
USER TRUST ONLINE IS NOW MORE VITAL TO THE SUCCESS OF AN
ONLINE BUSINESS THAN EVER BEFORE.
Whether you’re in ecommerce or electricals, holiday cottages or hedge funds, your website
is one of your most important business assets. It’s your 24/7 shopfront, and you need to
ensure that it’s secure and performing at its best.
SSL/TLS certificates provide the security that your website requires, and creates the trust
that visitors increasingly expect before interacting with it.
The Beginner’s Guide to Thawte SSL/TLS will rapidly demystify how SSL/TLS technology
creates this trust, and explains why all SSL/TLS certificates and the Certificate
Authorities issuing them are not created equal.
Sirlei De Fatima Jabali
3. BEGINNERS GUIDE TO THAWTE SSL/TLS
SO, WHAT IS SSL/TLS?
SSL STANDS FOR SECURE SOCKETS LAYER, AND IT IS A SECURITY
PROTOCOL DEVELOPED BY NETSCAPE IN 1995. TRANSPORT LAYER
SECURITY (TLS) IS THE SUCCESSOR TO THE SECURE SOCKETS
LAYER (SSL).
Over the last twenty years, SSL/TLS has become the foundation of modern website security,
and is now a universal technology used to secure data transmissions across the Internet. It
is built into every major web server and web browser today.
Many People associate SSL/TLS only with encryption, but an SSL/TLS certificate actually
provides four distinct features - all of which are critical to ensuring privacy and security:
encryption, integrity, authentication, and non-repudiation.
It may seem complicated, but SSL/TLS is actually simple to understand. So essential is
the security it provides, it’s now difficult to imagine the Internet without it.
Sirlei De Fatima Jabali
4. BEGINNERS GUIDE TO THAWTE SSL/TLS
WHY DOES YOUR
BUSINESS NEED SSL/TLS?
ANY ORGANISATION TRANSACTING BUSINESS ONLINE NEEDS SSL/TLS.
Why? Because, once you understand exactly what dark forces you are up against by failing to
encrypt your data and that of your customers to the highest levels, and how that failure can have a
devastating effect on your online business and reputation, the ‘Must’ will become self-evident.
Unprotected sensitive data is the bread and butter of attackers, leading to identity theft, fraud and
theft of financial resources from your customers. And the attackers aren’t fussy about what size of
business you are either. Data breaches happen to large and small, public and private companies.
So, if you think it’s only the more high-profile enterprises they have in their sights, you are wrong.
Whatever the scale and reach of your business online, failure to protect your customers’ data –by
not encrypting the data or neglecting to protect the encryption keys – is like opening the bank
vault and saying to the hackers: “Help yourself.” Anyone who’s suffered a data breach will know
that the costs associated with that can be punitive and wide reaching, particularly lost sales, and
brand and reputational damage. And yet, many businesses are still leaving themselves and their
online customers dangerously exposed.
Sirlei De Fatima Jabali
5. BEGINNERS GUIDE TO THAWTE SSL/TLS
HOW SSL/TLS ACTUALLY WORKS
IN A SIMPLIFIED FASHION, THIS IS WHAT HAPPENS WHEN A CUSTOMER
VISITS A WEBSITE SECURED WITH AN SSL/TLS CERTIFICATE. IT ALL
HAPPENS IN A MATTER OF MILLISECONDS AND IT’S KNOWN AS THE
SSL/TLS HANDSHAKE.
1 The customer’s browser attempts to connect to the website secured with SSL/TLS.
2 The browser requests that the web server identify itself.
3 The server sends the browser a copy of its SSL/TLS certificate.
4 The browser checks whether it trusts the SSL/TLS certificate.
5 The browser also checks the certificate status to see if it is valid, or if it has been revoked.
6 Your server shares the public key with the browser. They use that key to securely agree
on the session key that is used to set up a secure and encrypted channel to exchange
data through.
7 Once a secure, encrypted connection is established, the customer will see that the
website address begins ‘https’ rather than just ‘http’.
Sirlei De Fatima Jabali
6. BEGINNERS GUIDE TO THAWTE SSL/TLS
THE SSL/TLS
END-USER EXPERIENCE
VISITORS TO A WEBSITE DON’T NEED TO BE IT EXPERTS TO SEE THAT IT IS
PROTECTED WITH AN SSL/TLS CERTIFICATE, THEIR WEB BROWSERS
PROVIDE VISUAL CUES TO LET THEM KNOW.
One prominent visual cue is that the web address will start with https:// instead of http://.
In addition, most browsers including Google Chrome, Internet Explorer, Firefox, and Safari
display a padlock icon. When clicked it displays details about the SSL/TLS certificate, including
which Certificate Authority issued it, and which company owns it.
Sirlei De Fatima Jabali
7. BEGINNERS GUIDE TO THAWTE SSL/TLS
SSL/TLS ALSO AUTHENTICATES
WHEN ISSUED BY A REPUTABLE CERTIFICATE AUTHORITY (CA), SSL/TLS
CERTIFICATES ALSO SERVE TO AUTHENTICATE A WEBSITE, A PROCESS
THAT REQUIRES THE CA TO PROVE THAT THE OWNER OF THE SITE IS
WHO THEY CLAIM TO BE.
The CA takes the time to research the site and verify its authenticity, a step that provides assurance
that it is legitimate. Usually, a CA will request business registration documents and other types of
proof to confirm the information.
While it is possible to self-sign SSL/TLS certificates - where an individual creates a certificate and
claims legitimacy - only if a website has been authenticated by an independent CA, everyone can
trust that it is genuine.
Websites that use self-signed certificates may trigger some browsers to display a warning
to end-users suggesting that the connection may not be trusted.
Sirlei De Fatima Jabali
8. BEGINNERS GUIDE TO THAWTE SSL/TLS
THE DIFFERENT TYPES
OF SSL/TLS CERTIFICATES
THERE ARE THREE MAIN TYPES OF SSL/TLS CERTIFICATES CURRENTLY
AVAILABLE - ORGANISATION VALIDATED (OV) CERTIFICATES, DOMAIN
VALIDATED (DV) CERTIFICATES, AND EXTENDED VALIDATION (EV)
CERTIFICATES.
The most crucial thing to note is that all three levels of SSL/TLS certification essentially do the
same thing: they check the legitimacy of the domain owner and they enable the encryption of
information exchanged on your website, such as credit card information or an email address. In
essence, each level provides exactly the same standard of security. Where they differ is in the
extent of vetting involved and, therefore, how long the validation takes to complete – from
minutes for domain validation to up to ten business days for extended validation – and how much
confidence they command.
Sirlei De Fatima Jabali
9. BEGINNERS GUIDE TO THAWTE SSL/TLS
DV SSL/TLS
DUE TO CUSTOMER PRESSURE TO PRODUCE A LOWER-COST
ALTERNATIVE, SOME CA’s OFFER ‘DOMAIN VALIDATION ONLY’ OR
DV SSL/TLS CERTIFICATES WHERE THE CA ONLY VERIFIES THE
DOMAIN NAME.
As a result, domain-validated certificates are issued very quickly, but no company information
is checked or displayed on the certificate, making it easier for internet criminals to gain this
type of certificate from irresponsible CAs.
WHEN TO USE DV:
Situations where trust and credibility are less important
✔ Easy to obtain
✔ Fast issuance
✔ Use only for web-based applications that are not at risk for phishing or fraud
✘ Don't use for public facing sites or sites that handle sensitive data, like log in's
SirleiDe Fatima Jabali
10. OV SSL/TLS
OV SSL/TLS CERTIFICATES ARE THE ORIGINAL SSL/TLS CERTIFICATE,
AND CA’s USE A ROBUST VERIFICATION PROCESS BEFORE A
CERTIFICATE IS ISSUED.
This might include checking the address where the company is registered and the name of a
specific contact. This vetted company information is displayed to visitors on the certificate,
making the ownership of the site much more visible.
WHEN TO USE OV:
Public-facing websites dealing with less sensitive transactions
✔ More thorough vetting process than DV
✔ Company information is displayed to users
✔ Provides a certain level of trust about the company who owns the website.
✘ Doesn’t offer the highest visible display of trust like EV SSL (green browser bar)
BEGINNERS GUIDE TO THAWTE SSL/TLS
Sirlei De Fatima Jabali
11. BEGINNERS GUIDE TO THAWTE SSL/TLS
EV SSL/TLS
EV SSL/TLS CERTIFICATES TAKE CUSTOMER TRUST TO THE NEXT LEVEL
AND TURN THE ADDRESS BAR IN CUSTOMERS’ WEB BROWSERS GREEN
TO ASSURE AT A GLANCE.
EV verification guidelines, drawn up by the CA/Browser Forum, require the CA to run a much
more rigorous identity check on the organisation or individual applying for the certificate.
This can be a time consuming process, but it’s worth it.
WHEN TO USE EV:
E-commerce sites and websites handling credit card and other sensitive data
✔ Use EV SSL for the highest visible display of online trust
✔ Comes with the green browser address bar
✔ Increase user trust and lower bounce rates and shopping cart abandonments
✔ Recoup the extra cost of an EV certificate in the form of increased revenue
✔ Strengthen your credibility and brand by showcasing your commitment to online security
Sirlei De Fatima Jabali
12. BEGINNERS GUIDE TO THAWTE SSL/TLS
CHOOSING THE RIGHT
SSL/TLS PROVIDER
RECENT RESEARCH SHOWS THAT 86% OF SHOPPERS LOOK FOR TRUST
MARKS1
– LOGOS FROM ONLINE SECURITY COMPANIES - AND THEN FEEL
MORE CONFIDENT DISCLOSING PERSONAL INFORMATION.
Therefore, choosing a recognisable and credible SSL/TLS provider can be one of the most
important business decisions you make.
Before purchasing an SSL/TLS certificate, do some research and find out if the company is a
well-known and credible SSL/TLS provider.
Working with a provider that specialises in SSL/TLS security and associating your company
with its brand can also help bolster your site’s reputation and trustworthiness.
1. “Consumer Online Shopping Fears”; survey conducted by Javelin Strategy:
http://www.firstdata.com/downloads/thought-leadership/fd_consumeronlineshoppingfears_research.pdf
Sirlei De Fatima Jabali
13. BEGINNERS GUIDE TO THAWTE SSL/TLS
GETTING SSL/TLS
ON YOUR WEBSITE
DEPLOYING AN SSL/TLS CERTIFICATE ON YOUR WEBSITE IS A
SIMPLE PROCESS.
Depending on the type of SSL/TLS certificate you purchase, it can take between a few minutes to a
few days for the CA to issue the certificate.
To obtain it you will first need to generate a certificate signing request (CSR) from your web server
to the issuing Certificate Authority.
Once you receive your certificate, you will then need to install it on your web server.
Installation is straightforward, and reputable CAs like Thawte provide all the support and
instructions you need.
Sirlei De Fatima Jabali
14. BEGINNERS GUIDE TO THAWTE SSL/TLS
THE MANY BENEFITS OF SSL/TLS
✔ An SSL/TLS certificates today is vital for the safety of online sales and interactions
✔ Using an SSL/TLS certificate on your site sends a clear message that you care about the
safety of people who visit, and your site can be trusted
✔ Consider opting for EV SSL/TLS to build greater trust in your site and better protect your
online reputation
✔ Not all certificates are created equal - choose a credible Certificate Authority such
as Thawte.
Sirlei De Fatima Jabali
15. BEGINNERS GUIDE TO THAWTE SSL/TLS
8 KEY FEATURES OF THAWTE
Strongest SSL encryption
Protect confidential information exchanged during shopping, banking, secure sign in, and account selfservice
interactions with up to 256-bit encryption.
Increase conversions
As the world's first international Certificate Authority, Thawte has a 20-year proven track record of providing
world-class security to customers in 190 countries, creating customer confidence with globally recognized
local-language trust seals, and enabling more people to navigate the web securely in their own language.
Universal Browser compatibility - What 99+% Compatibility Means to You:
When you buy an SSL certificate, you expect it to secure transactions no matter how your users connect. But not all
web browsers, operating systems and SSL certificates enable strong enough encryption to protect valued data. And
not all SSL certificates are trusted the same way. Thawte® SSL Certificates offer maximum encryption and trust.
Industry Leading support – We are here to help:
Thawte has secured thousands small business web sites worldwide since 1995. Easy enrollment and expert support
help you get up and running fast. Timely renewal notices and online management ensure that your business stays
secure online. Let us help you pick the right SSL certificate for your business.
Sirlei De Fatima Jabali
16. BEGINNERS GUIDE TO THAWTE SSL/TLS
8 KEY FEATURES OF THAWTE
Convenience – We value your time:
Thawte delivers easy and efficient ordering and management of certificates, from product selection to certificate
management, to expert, multi-lingual customer support. Our Thawte Certificate Center mstreamlines your
certificate management process by enabling you to keep track of all of your certificates in one place and easily
renew, revoke and reissue from one central location.
Value for money – The Smart choice:
Thawte’s combination of digital certificate products, uncompromised infrastructure, global reputation, security
track record and world-class multilingual support make Thawte the world’s best value in online protection.
Infrastructure - A practical choice without compromise:
Thawte-branded certificates benefit from the strength and reliability of the Symantec authentication infrastructure.
Because SSL is our core business, we constantly improve our products to deliver the tools and features our
customers want and need.
Scalability – We grow with you:
At Thawte, we understand the unique challenges you’re going through – in fact, we started in a garage, just like
many of our customers. Because we’ve walked in your shoes, our SSL certificates are ideally suited to ease your
growing pains and provide stable online security through each step of your business journey.
Sirlei De Fatima Jabali
17. More Information
If you have further questions, or would like to speak with a Sales Advisor, please feel free to contact us:
Via phone
US toll-free: +1 888 484 2983 UK: +44 203 450 5486 South Africa: +27 21 819 2800 Germany: +49 69 3807 89081 France: +33 1 57 32 42 68
Email sales@thawte.com
Visit our website at https://www.thawte.com/ssl
Sirlei De Fatima Jabali