All about SSL, Secure Socket Layer, server certificate, wildcard cerificates, omnidomaine certificates

Company Presentation References Timeline Identity Contacts Press PR Documents Former news Our solutions Ecommerce Hosting companies IT companies Enterprises Public Sector Aerospace Business areas Certificates Consulting Encyclopedia Your account Certificates Pitux Encyclopedia

Tel : +33-2-7630-5900

About ssl

Enhancement of data transfer safety level and the growth of the SSL technology is due to the increasing number of online transactions.

Daily used, the SSL protocole is totally transparent and works without any manipulation from the webuser.

What is it ? How does it work ?

What's SSL ?
What's a digital certificate ?

The server certificate
The developer certificate
The Wildcard certificate
The multiple sites certificate

What's SSL ?

Developed by Netscape, the SSL (Secure Socket Layer) or TLS (Transport Layer Security), is a protocole used to secure online transactions.

It has several missions:

Authentify the server
Guarantee the confidentiality of exchanged datas
Assure those datas integrity
Optionaly identify a client through its digital certificate

HOW DOES IT WORK ?

The SSL protocole creates a communication channel between a client and a server independently from the protocole, it secures online transactions (HTTP protocole) as well as FTP, IMAP or POP protocoles connexions.

That communication channel is an opaque tunnel that prevents anybody to see the content of the transaction.

In a schematic way:

Transport de données non sécurisé d'un ordinateur à un serveur : pas de certificat SSL

Transport de données sécurisé via un certificat SSL : opacité du canal de communication

It can be compared to the mechanism of a lock (public key) and its key (private key):

The privet key is saved on the server.
The public key, known by anybody encrypts sending datas, that are decoded on the server by the privet key.

What's a digital certificate ?

A SSL certificate is a digital ID whose goal is to identify the owner of a server, a website or an Email address.

It is issued by a trusted third part called a certification authority,such as Thawte,that testifies the certificate's owner identity.

The server certificate

To make the SSL security work (for online transactions for example) a server certificate is required.

A server certificate carries:

The name of the privet key owner
The name of the certification authority that has issued the certificate
The certificate validity period
A serial number...

WHAT DOES THE WEBUSER SEE

When surfing, a webuser can see information about websites on the address bar.

On Firefox 3 :

Barre d'adresse : identification confirmée

Firefox 3 discerns 5 kinds of websites according to the information they deliver. Each kind owns its proper warning alert:

No information about the identity of the website's owner.The website does not carry any certificate.

Situated between non-secured websites and EV certificates. It gathers 1-factor certificates (aka domain-validated : low safety level, there's a cypherment but the website owner's not known), 2-factor (domain and organization validated) and 3-factor (domain, organization and physical existence validated).

High safety level provided by an EV certificate (extended validation). All the information about the website's owner are known. The connexion between the client and the server is entirely encrypted. The green bar is displayed.

The website's certificate is disabled or contains false information.

Appears on websites registered on your browser's known dangerous websites list.The access of the website is submited to your full acceptance.

ON OTHER BROWSERS :

SAFETY LOCK DISPLAY :

The wildcard certificate

A Wildcard certificate can secure several subdomain names (such as:*.domain.com). It works the same way than a classical server certificate and carries the same kind of information.

Instead of displaying a classical domain name,it contains a generic web address : *.domain.com.The star is instinctively replaced by the browser that searches if a certificate has been issued for the subdomain.

the multiple sites certificate

The multiple sites technology enables several websites,hosted on a same server, to be secured by one certificate. It prevents websites owners to purchasing a different certificate for each one of their sites.

That kind of certificate is issued by Comodo.You can secure 5 or 12 SANs (Subject Alternative Names) with the Comodo UCC or 3 SANs with the Comodo Multi Sites EV.

Pros of the multiple sites certificate :

One purchase for several domain
One audit:time saving
Money saving

PARTICULAR CASE :

The Comodo UCC certificate is adapted to:

Exchange 2007
Office communication server 2007
Office collaboration server 2007
Exchange 2010

The Comodo UCC is recommended by MICROSOFT to secure its products exchange 2007 and exchange 2010.

Consult Comodo's certificates prices

tariffs

All about purchasing and installing a certificate!

useful reading

Sales department
+33-2-7630-5901
ventes@tbs-certificats.com

contact

Creating trust online

© TBS Internet, all rights reserved. All reproduction, copy or mirroring prohibited. Legal notice.
Our prices are in euro VAT-less and order-time payment, see also our general sales terms.
Last modified: 24 June, 2010

Comodo
About SSL The certificates Zoom on the Comodo UCC Tariffs / Order Guides & Ressources Quote request Payment facilities Learn more
VeriSign
Thawte
TBS X509
GlobalSign
ChamberSign
Geotrust

Brands comparison chart

FAQ
The Lab