SSL Certificates
What Is An SSL Certificate?
SSL (Secure Socket Layer) is a protocol developed by Netscape that enables a web browser and a web server to communicate securely. Security is provided in two different ways:
The SSL protocol requires that the web server should have a digital certificate installed in order to make an SSL connection. This is where thawte comes into the picture.Through an SSL-enabled web server and a thawte SSL certificate, a customer connecting to a secure website is assured of 3 things:
Verification and Authentication:
For thawte SSL Web Server and SGC SuperCerts products, the certificate verifies that the company that installed the certificate is the true owner of the website.
For thawte SSL123 product, the certificate validates the domain name in the certificate.
Message privacy: Using a unique session key, SSL encrypts all information exchanged between your web server and your customers, such as credit card numbers and other personal data. This ensures that personal information cannot be viewed if intercepted by unauthorized persons.
Message integrity: The data cannot be tampered with over the Internet.
SSL is the de facto standard for securing Internet transactions and is implemented by all major software vendors. Your users do not need any installation of additional software on their server or browser. When implemented correctly the process is seamless to the user.
How Does An SSL Certificate Work?
You can control which method and strength of encryption is required. There are options that allow you for example, to see if 128-bit encryption is supported by the browser. If you have a policy of enforcing very strong encryption, then you can send a message back to the user suggesting they download a 128 bit enabled browser.
Once both the browser and the server are using the same secret key for encrypting and decrypting their information, they can then have a certain amount of comfort in knowing their information cannot be intercepted and decoded by a third party. Of course, this depends on whether strong or weak encryption is used.
For the visitor to your site, the little lock icon will appear on their browser. As long as you continue to use the https: protocol, everything between the browser and your scripts are encrypted without you having to worry about the details.
what is SSL crypto strength?
SSL (Secure Sockets Layer) provides encryption between web browsers and web servers. This encryption, based on the RSA algorithm, can be done at different strengths, depending on what the software supports at each end (i.e. the web browser and the web server).
The strength of the encryption is typically specified by the size of the session key (a unique value involved in the encryption that differs for every customer every time he/she visits the site). The session key can be either 40 bits, 56 bits or 128 bits in size.
Cryptographers consider 128-bit encryption impossible to crack, as it would take millions of years with the fastest computers to try all the combinations. On the other hand, 40- and 56-bit keys are not as strong and it is feasible to try all the combinations.
Historically, the USA restricted the export of strong encryption products. This meant that the browser versions developed for export from the US were not automatically enabled to encrypt communications using 128-bit encryption. All secure communications using these international browsers used 40-bit encryption. It is important to realize that a substantial number of browsers used in the US today are international browsers. So even if you only serve US customers, you may still require an SGC SuperCert to provide them with the strongest possible encryption.
What is SGC technology that is found in thawte's SGC SuperCerts?
SGC technology stands for Server Gated Cryptography and thawte has been issued a license by the US Bureau of Export Administration (BXA), allowing the issue of certificates that enable 128-bit SSL sessions in older browsers that are usually restricted to 40/56-bit encryption. The difference between SGC SuperCerts and normal SSL Web Server certificates is that whenever one of these older browsers connects to a site that has a SGC SuperCert installed, the SSL session will be automatically 'stepped-up' to 128-bits, instead of being negotiated at an encryption level that the browser has been defaulted to (40/56 bits).
IE 4.X or Netscape 4.06 and later)
thawte's SGC SuperCerts automatically step up to 128-bit encryption for certain end-users with the Windows 2000 operating system who, in the past, would not receive 128-bit encryption irrespective of the version of Internet Explorer used. The systems affected are those that shipped prior to about March of 2001 and did not subsequently have Microsoft's High Encryption pack or Service Pack 2 installed. thawte's SGC SuperCert ensures that all these site visitors enjoy the protection of the strongest SSL encryption available.
An SGC SuperCert from thawte will allow your clients to extend 128-bit encryption to their customers, even if they use browsers (IE 4.X or Netscape 4.06 and later) limited to 40-bit or 56-bit encryption capabilities.
Why Is Documentation Needed For Certain Certificates?
Before thawte can issue your Digital Certificate, we fully authenticate that your organization actually exists. We do this using appropriate government issued documentation. We need to do this to verify that:
SSL (Secure Socket Layer) is a protocol developed by Netscape that enables a web browser and a web server to communicate securely. Security is provided in two different ways:
- Authenticating the web server to the client using a digital certificate;
- Encrypting all information sent.
The SSL protocol requires that the web server should have a digital certificate installed in order to make an SSL connection. This is where thawte comes into the picture.Through an SSL-enabled web server and a thawte SSL certificate, a customer connecting to a secure website is assured of 3 things:
Verification and Authentication:
For thawte SSL Web Server and SGC SuperCerts products, the certificate verifies that the company that installed the certificate is the true owner of the website.
For thawte SSL123 product, the certificate validates the domain name in the certificate.
Message privacy: Using a unique session key, SSL encrypts all information exchanged between your web server and your customers, such as credit card numbers and other personal data. This ensures that personal information cannot be viewed if intercepted by unauthorized persons.
Message integrity: The data cannot be tampered with over the Internet.
SSL is the de facto standard for securing Internet transactions and is implemented by all major software vendors. Your users do not need any installation of additional software on their server or browser. When implemented correctly the process is seamless to the user.
How Does An SSL Certificate Work?
- The browser asks to start a secure session with the server.
- The server returns the site's certificate.
- The browser checks the certificate information for validity
- The browser creates a session key, which is encrypted with the server's public key, which is then sent to the server
- The server then decrypts this information using its private key.
- Both the browser and the server now are using the same session key
You can control which method and strength of encryption is required. There are options that allow you for example, to see if 128-bit encryption is supported by the browser. If you have a policy of enforcing very strong encryption, then you can send a message back to the user suggesting they download a 128 bit enabled browser.
Once both the browser and the server are using the same secret key for encrypting and decrypting their information, they can then have a certain amount of comfort in knowing their information cannot be intercepted and decoded by a third party. Of course, this depends on whether strong or weak encryption is used.
For the visitor to your site, the little lock icon will appear on their browser. As long as you continue to use the https: protocol, everything between the browser and your scripts are encrypted without you having to worry about the details.
what is SSL crypto strength?
SSL (Secure Sockets Layer) provides encryption between web browsers and web servers. This encryption, based on the RSA algorithm, can be done at different strengths, depending on what the software supports at each end (i.e. the web browser and the web server).
The strength of the encryption is typically specified by the size of the session key (a unique value involved in the encryption that differs for every customer every time he/she visits the site). The session key can be either 40 bits, 56 bits or 128 bits in size.
Cryptographers consider 128-bit encryption impossible to crack, as it would take millions of years with the fastest computers to try all the combinations. On the other hand, 40- and 56-bit keys are not as strong and it is feasible to try all the combinations.
Historically, the USA restricted the export of strong encryption products. This meant that the browser versions developed for export from the US were not automatically enabled to encrypt communications using 128-bit encryption. All secure communications using these international browsers used 40-bit encryption. It is important to realize that a substantial number of browsers used in the US today are international browsers. So even if you only serve US customers, you may still require an SGC SuperCert to provide them with the strongest possible encryption.
What is SGC technology that is found in thawte's SGC SuperCerts?
SGC technology stands for Server Gated Cryptography and thawte has been issued a license by the US Bureau of Export Administration (BXA), allowing the issue of certificates that enable 128-bit SSL sessions in older browsers that are usually restricted to 40/56-bit encryption. The difference between SGC SuperCerts and normal SSL Web Server certificates is that whenever one of these older browsers connects to a site that has a SGC SuperCert installed, the SSL session will be automatically 'stepped-up' to 128-bits, instead of being negotiated at an encryption level that the browser has been defaulted to (40/56 bits).
IE 4.X or Netscape 4.06 and later)
thawte's SGC SuperCerts automatically step up to 128-bit encryption for certain end-users with the Windows 2000 operating system who, in the past, would not receive 128-bit encryption irrespective of the version of Internet Explorer used. The systems affected are those that shipped prior to about March of 2001 and did not subsequently have Microsoft's High Encryption pack or Service Pack 2 installed. thawte's SGC SuperCert ensures that all these site visitors enjoy the protection of the strongest SSL encryption available.
An SGC SuperCert from thawte will allow your clients to extend 128-bit encryption to their customers, even if they use browsers (IE 4.X or Netscape 4.06 and later) limited to 40-bit or 56-bit encryption capabilities.
Why Is Documentation Needed For Certain Certificates?
Before thawte can issue your Digital Certificate, we fully authenticate that your organization actually exists. We do this using appropriate government issued documentation. We need to do this to verify that:
- We are issuing it to the correct company
- The company owns the Internet domain name in the request.
- The company is registered in one or more countries.
- The registered company name is the same as the name on the certificate request.
posted by theStudent at
3:25 PM
0 Comments:
Post a Comment
<< Home