2. WHAT IS SSL?
SSL is an acronym for Secure Sockets Layer.
SSL is the current popular method of encrypting data transfer
between you and the Web Apps powering Websites & Mobile Apps.
SSL is implemented using SSL Certificate files installed on Web (App)
servers.
These certificates can be self-created (self-signed), or can be issued
by a trusted Certifying Authority (CA).
In addition to enforcing the level of encryption for data transfer, the
certificates, if issued by a trusted / branded CA, can also attest to the
ownership of the website / domain name.
COPYRIGHT 2014 IWEBZ 2
3. WHY DO YOU NEED SSL?
There are THREE reasons for using SSL:
COPYRIGHT 2014 IWEBZ 3
1. Ensuring security of Data
Transfer based on Security &
Privacy concerns
2. Establishing trust by
proving Domain Name
ownership
3. SEO
• Banking & Insurance websites
• E-commerce & Bill payment
websites
• Payment gateway services
• Any website desiring PCI
compliance
• Social Networking websites
• Web-based E-mail websites
• Online File storage websites
• Remote HTTP Web API
services
• Websites of known
brands
• Websites that load
using SSL / HTTPS
links will get ranked
better.
See Google
announcement:
http://googleonlinese
curity.blogspot.co.uk/
2014/08/https-as-
ranking-signal_6.html
4. ENSURING SECURITY USING SSL
There are THREE steps to setting up SSL security:
COPYRIGHT 2014 IWEBZ 4
Certificate Signing Request
(CSR) generation
SSL Certificate generation SSL Certificate installation
• Running a command on
the Web server where
certificate needs to be
installed.
OR
• Using the Control Panel
provided by your Web
Host.
• Self-signed certificate
generation using
commands on the Web
server.
OR
• Apply for appropriate
certificate from a trusted
CA (see slide on
Establishing Trust).
• Depends on your Web
server software and the
server Operating
System.
5. ESTABLISHING TRUST WITH SSL
TWO important tips to keep in mind:
COPYRIGHT 2014 IWEBZ 5
Select a well-known CA (brand) Apply for the right certificate type
• RapidSSL
• GeoTrust
• Thawte
• Comodo
• Symantec
Only a well-known / branded CA
will be trusted by most mobile &
web browsers and have the
resources to constantly upgrade
encryption security. Avoid others.
• Domain Validated (DV)
• Organization Validated (OV)
• Extended Validation (EV)
Detailed explanation for all the
above & more can be found at the
link below:
http://www.iwebz.net/index.php/
ssl-certificates/types-and-
features-of-ssl-certificates/