{"id":11901,"date":"2019-12-26T10:49:31","date_gmt":"2019-12-26T15:49:31","guid":{"rendered":"https:\/\/www.thesslstore.com\/blog\/?p=11901"},"modified":"2023-05-24T12:12:41","modified_gmt":"2023-05-24T16:12:41","slug":"what-is-a-website-security-certificate-and-what-does-it-do-for-your-business","status":"publish","type":"post","link":"https:\/\/www.thesslstore.com\/blog\/what-is-a-website-security-certificate-and-what-does-it-do-for-your-business\/","title":{"rendered":"What Is a Website Security Certificate and What Does It Do for Your Business?"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\" id=\"h-understanding-what-this-validation-and-encryption-tool-does-is-the-first-step-to-protecting-your-website-and-customers-alike\">Understanding what this validation and encryption tool does is the first\nstep to protecting your website and customers alike<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">In a way, a website security certificate is like a driver\u2019s license.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In both cases, you use it to <strong>assert identity<\/strong> so you\ncan conduct your business. A website security certificate is useful for not\nonly helping clients (your users\u2019 web browsers) recognize your website (web\nserver), but also for helping the users themselves identify that the website is\nactually your page and not the fake site of an imposter. It\u2019s just like making\nan Amazon purchase \u2014 you\u2019d want to make sure you\u2019re on Amazon\u2019s official site\nfirst, right? Identity is essential.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">But <em>why<\/em> is identity such a big concern? It probably has something to do with the fact that <a href=\"https:\/\/www.thesslstore.com\/blog\/33-alarming-cybercrime-statistics-you-should-know\/\">cybercrime is occurring at record levels<\/a> and cost businesses and consumers worldwide at least $1.5 trillion in 2018 alone. And identity theft is also soaring at unprecedented levels. Oh, and criminals like to set up fake websites to look like legitimate businesses to trick them into a false sense of security\u2026<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Do we really need to list more reasons? Well, another benefit is that a website security certificate also helps you to facilitate a secure, encrypted connection between clients and the server. Combined with the authentication benefit, this means that users can feel confident and comfortable engaging in transactions because they know that their information is protected and being shared with a verified source.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">It is for these reasons that a website security certificate\nis essential for every business or organization regardless of whether you\ncollect or handle personal information. (Although they\u2019re <em>especially<\/em>\nimportant for businesses that do.) But what is a website security certificate\nand why is it so important?<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Let\u2019s hash it out.<span id=\"newline\"><\/span><\/p>\n\n\n<span style=\"--tl-form-height-m:150.25px;--tl-form-height-t:121.4583px;--tl-form-height-d:121.4583px;\" class=\"tl-placeholder-f-type-shortcode_12753 tl-preload-form\"><span><\/span><\/span>\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-are-website-security-certificates\">What Are Website Security Certificates?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Essentially, a website security certificate is a digital\nstamp of approval from an industry-trusted third party known as a certificate\nauthority (CA). More specifically, it\u2019s a digital file containing information\nthat\u2019s issued by a CA that indicates that the website is secured using an\nencrypted connection. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A website security certificate is also known as an SSL certificate (or, more accurately, a TLS certificate), an HTTPS certificate, and an SSL server certificate. It\u2019s the thing that allows you to display that nifty padlock in the web address bar. So, regardless of what you prefer to call them, the objective of SSL certs is important \u2014 to secure websites, assert identity, and bring happiness and joy to people throughout the world.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"317\" height=\"71\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/website-security-certificate-browser-padlock-1.png\" alt=\"Screenshot: A website security certificate padlock indicator\" class=\"wp-image-11903\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/website-security-certificate-browser-padlock-1.png 317w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/website-security-certificate-browser-padlock-1-300x67.png 300w\" sizes=\"auto, (max-width: 317px) 100vw, 317px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">Okay, the last part is a bit of a stretch. But, in a way, it\u2019s also kind of true. If people are using authentic, secure websites to conduct their business or make purchases, and they can rest assured knowing that you\u2019ve taken the necessary measures to keep their information safe and they\u2019ll be more likely to return to do business again in the future. This makes for happy customers and a happy chief financial officer for your organization. Everybody wins.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-why-website-security-certificates-are-important\">Why Website Security Certificates Are Important:<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">With a website security certificate, users can be confident\nthat:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>They\u2019re connected to the correct, official\nserver for the website they\u2019re trying to visit (not a hacker-run fake), and<\/li>\n\n\n\n<li>Nobody can intercept data they send to the\nwebsite and use it for nefarious purposes.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">But how does all of this work?<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-how-does-an-https-certificate-work\">How Does an HTTPS Certificate Work?<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">In a nutshell, you use this type of certificate to assert\nyour organization\u2019s identity and to mutually authenticate clients and your web\nserver to establish a secure, encrypted connection through a process known as a\n<a href=\"https:\/\/www.thesslstore.com\/blog\/explaining-ssl-handshake\/\">TLS\nhandshake<\/a>. In layman\u2019s terms, it\u2019s like those \u201csecret\u201d handshakes you\u2019d do\nwith your friends as a kid \u2014 only you guys know the specific combination of finger\nsnaps, hand clasps, high fives, and other motions that would identify you\u2019re\npart of that specific social circle. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">From a technical standpoint, it\u2019s the groundwork to perform\nall the cryptographic functions that are necessary to allow clients to connect with\nyour website via the secure HTTPS protocol. This involves:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Exchanging cipher suites and parameters to\nfigure out which cryptographic features both parties support,<\/li>\n\n\n\n<li>Authenticating one or both parties in the\nexchange, and<\/li>\n\n\n\n<li>Exchanging keys and generating symmetric session\nkeys. &nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Once the handshake is complete, it\u2019s through this secure\nconnection that users can transmit their information to your site without\nman-in-the-middle (MitM) attackers and other schmucks being able to decrypt any\ndata they intercept. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">It\u2019s a pretty cool process \u2014 and one that many countries, industries, and institutions agree is necessary to <a href=\"https:\/\/www.thesslstore.com\/blog\/10-data-privacy-and-encryption-laws-every-business-needs-to-know\/\">protect data integrity and privacy<\/a>. But what happens when the wrong people get their hands on a certificate?<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-the-other-side-of-website-security-certificates-why-secure-doesn-t-always-equal-safe\">The Other Side of Website Security Certificates: Why Secure Doesn\u2019t Always Equal\nSafe <\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Wait, didn\u2019t we literally just get through saying that an\nSSL certificate makes your website more secure? Yes, and it does. However, just\nbecause a website is <em>secure<\/em> doesn\u2019t mean that it\u2019s also <em>safe<\/em>. What\nwe mean by this is that a website can use a basic SSL certificate but still be\na malicious site. That\u2019s because <a href=\"https:\/\/www.thesslstore.com\/blog\/a-sneaky-online-security-threat-encrypted-malware-in-ssl\/\">the\nbad guys also use encryption<\/a>. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In fact, the Anti-Phishing Working Group (APWG) reports that\n<a href=\"https:\/\/www.thesslstore.com\/blog\/58-of-phishing-websites-now-use-https\/\">more\nthan half of the world\u2019s phishing websites<\/a> now use the HTTPS protocol.\nYeah, phishing isn\u2019t just an email concern. Cybercriminals use phishing\nwebsites to trick users into providing their information. They do this by using\ndomain validated (DV) SSL certificates, which are the most basic type of SSL\ncertificates available. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Now, as you may or may not know, you don\u2019t have to pay for some\nDV SSL certs. This is because some certificate authorities (CAs) hand out certificates\nfor free\u2026 like bead necklaces at Mardi Gras \u2014 only you don\u2019t have to take\nanything off to get an SSL cert. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Now, we\u2019re not bringing up the free guys just to throw mud\nin their eyes \u2014 there is a point here, and it boils down to understanding how\nto fight against the tide of this growing trend. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This is where identity comes into play. <\/p>\n\n\n<span style=\"--tl-form-height-m:861.156px;--tl-form-height-t:899.625px;--tl-form-height-d:899.625px;\" class=\"tl-placeholder-f-type-shortcode_12653 tl-preload-form\"><span><\/span><\/span>\n\n\n<h2 class=\"wp-block-heading\" id=\"h-authentication-trust-website-security-certificates-help-people-know-that-you-re-you\">Authentication &amp; Trust: Website Security Certificates Help People Know That\nYou\u2019re You<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">When it comes to verification of an organization\u2019s identity,\ncommercial SSL certificate have higher standards of validation than their free\nSSL CA counterparts. Sure, it\u2019s true that they sell commercial DV certificates,\nbut commercial CAs also provide organization validation (OV) and extended\nvalidation (EV) SSL certs. Both of these certificates offer forms of business\nvalidation \u2014 OV is the intermediate level of verification and EV, much like the\nname describes, requires the most extensive verification. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">With EV SSL certificates, for example, the CA typically has\nto spend several days looking into your organization, reviewing records, and\nverifying that your organization is legitimate and isn\u2019t just some shady\ncharacter setting up a phishing site. While this may sound like a ginormous\npain in the butt for you as the website owner, it\u2019s really not. But it does\nmean that you have to be able to prove, using legitimate documentation and\nchannels, that your website is authentic and that you\u2019re a real, established\norganization. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">We argue that making the ability to identify whether a\nwebsite is legitimate as easy as possible is important. And using a website\nsecurity certificate is one of the most effective ways to help do that. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-how-to-use-a-website-security-certificate-to-check-an-organization-s-information\">How to Use a Website Security Certificate to Check an Organization\u2019s\nInformation<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">We\u2019ve been talking all about asserting organizational identity\non websites. But if someone wants to check the information on an SSL cert, how\ndo they do it? <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">On the website you wish to verify, check the web address bar\nand ensure that there\u2019s a padlock, which indicates that SSL encryption is\nenabled. Next, to view the identifying information of the website security\ncertificate itself, you\u2019ll want to: <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Click on the padlock to access the drop-down\nmenu. In Google Chrome, this will display certificate information that looks\nlike this:<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"418\" height=\"381\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/connectionissecure.png\" alt=\"Screenshot: Connection is secure information in Chrome\" class=\"wp-image-11904\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/connectionissecure.png 418w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/connectionissecure-300x273.png 300w\" sizes=\"auto, (max-width: 418px) 100vw, 418px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">In Mozilla Firefox, it looks like this:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"409\" height=\"280\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/firefox-padlock.png\" alt=\"Screenshot: Website security certificate information\" class=\"wp-image-11905\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/firefox-padlock.png 409w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/firefox-padlock-300x205.png 300w\" sizes=\"auto, (max-width: 409px) 100vw, 409px\" \/><\/figure>\n<\/div>\n\n\n<ul class=\"wp-block-list\">\n<li>In Chrome, click on <strong>Certificate<\/strong> to view\nadditional information. This will pop-up a three-tab window. Under the General\ntab, which auto displays, it will show that the certificate was issued to \u201cwww.thesslstore.com.\u201d\n<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">In Firefox, simply click on the arrow next\nto the green <strong>Connection secure<\/strong> verbiage to display the website\u2019s\nverified organization information. <\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"406\" height=\"282\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/firefox-website-security-certificate-information.png\" alt=\"\" class=\"wp-image-11906\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/firefox-website-security-certificate-information.png 406w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/firefox-website-security-certificate-information-300x208.png 300w\" sizes=\"auto, (max-width: 406px) 100vw, 406px\" \/><\/figure>\n<\/div>\n\n\n<ul class=\"wp-block-list\">\n<li>In Google Chrome, under the Details tab, select\nthe <strong>Subject<\/strong> field and you will be able to view specific, verified\ninformation about the organization that validates its identity. In the case of\nour extended validation certificate, you can see information about The SSL\nStore, which is a property of Rapid Web Services, LLC and is based in St.\nPetersburg, Florida. <\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"409\" height=\"491\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/certificate-info.png\" alt=\"Graphic: Website security certificate information\" class=\"wp-image-11907\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/certificate-info.png 409w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/certificate-info-250x300.png 250w\" sizes=\"auto, (max-width: 409px) 100vw, 409px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">That\u2019s it. As you can see, it\u2019s a pretty simple process. But verifying the identity of an organization before handing over any personal or financial information could save a lot of users headaches if they took just a few seconds to do so. <\/p>\n\n\n<span style=\"--tl-form-height-m:801.312px;--tl-form-height-t:638.344px;--tl-form-height-d:638.344px;\" class=\"tl-placeholder-f-type-shortcode_12763 tl-preload-form\"><span><\/span><\/span>","protected":false},"excerpt":{"rendered":"<p>Understanding what this validation and encryption tool does is the first step to protecting your website and customers alike In a way, a website security certificate is like a driver\u2019s&#8230;<\/p>\n","protected":false},"author":17,"featured_media":11908,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[16,25],"tags":[581,11619],"class_list":["post-11901","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hashing-out-cyber-security","category-ssl-certificates","tag-ssl-certificate","tag-website-security-certificate","post-with-tags"],"views":82829,"jetpack_featured_media_url":"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/12\/website-security-certificate-padlock-lr.jpg","_links":{"self":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/11901","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/comments?post=11901"}],"version-history":[{"count":0,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/11901\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media\/11908"}],"wp:attachment":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media?parent=11901"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/categories?post=11901"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/tags?post=11901"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}