VeriSign Extended Validation Certificate




Extended Validation Certificates (EV) are a special type of X.509 certificate which requires more extensive investigation of the requesting entity by the VeriSign, Thawte, GoTrust before being issued.

The criteria for issuing EV certificates are defined by the Guidelines for Extended Validation Certificates, currently at version 1.1. The guidelines are produced by the CA/Browser Forum, a voluntary organization whose members include leading CAs and vendors of Internet software, as well as representatives from the legal and audit professions

An important motivation for using digital certificates with SSL was to add trust to online transactions by requiring website operators to undergo vetting with a certificate authority (CA) in order to get an SSL certificate. However, commercial pressures have led some CAs to introduce "domain validation only" SSL certificates for which minimal verification is performed of the details in the certificate.

Most browsers' user interfaces did not clearly differentiate between low-validation certificates and those that have undergone more rigorous vetting. Since any successful SSL connection causes the padlock icon to appear, users are not likely to be aware of whether the website owner has been validated or not. As a result, fraudsters (including phishing websites) have started to use SSL to add credibility to their websites.

By establishing stricter issuing criteria and requiring consistent application of those criteria by all participating CAs, EV SSL certificates are intended to restore confidence among users that a website operator is a legally established business or organization with a verifiable identity.

EV SSL Certificate issuing criteria

Only CAs who passes an independent audit as part of their Web Trust (or equivalent) review may offer EV, and all CAs globally must follow the same detailed issuance requirements which aim to:
  • Establish the legal identity as well as the operational and physical presence of website owner;
  • Establish that the applicant is the domain name owner or has exclusive control over the domain name; and

  • Confirm the identity and authority of the individuals acting for the website owner, and that documents pertaining to legal obligations are signed by an authorized officer.

VeriSign EV SSL Certificate at User interface

Browsers with EV support display more information for EV certificates than for previous SSL certificates. Microsoft Internet Explorer 7, Mozilla Firefox 3, Safari 3.2, Opera 9.5, and Google Chrome all provide EV support.


The Extended Validation (EV) guidelines require participating Certificate Authorities to assign a specific EV identifier, which is registered with the browser vendors who support EV once the Certificate Authority has completed an independent audit and met other criteria. The browser matches the EV identifier in the SSL certificate with the one it has registered for the CA in question: if they match, and the certificate is verified as current, the SSL certificate receives the enhanced EV display in the browser's user interface.

VeriSign Extended Validation certificate identification

EV certificates are standard x.509 digital certificates. The primary way to identify an EV certificate is by referencing the Certificate Policies extension field. Each issuer uses a different object identifier (OID) in this field to identify their EV certificates, and each OID is documented in the issuer's Certification Practice Statement.

What is Extended Validation's effect on phishing?

In 2006, Stanford University students conducted a usability study of the EV display in Internet Explorer 7. The study attempted to measure users' ability to distinguish real sites from fraudulent sites when presented with various kinds of phishing attacks.

Due to the small size of the study's sample base (nine test subjects per cell) the margin for error of each result was several times the actual measurement, and therefore no useful conclusion was possible. However, this study led the way for other researchers to present results of a statistically significant nature. In January 2007, usability research firm Tec-Ed published its results of running 384 North American test subjects through purchasing simulations on sites with and without green address bars.

Tec-Ed concluded that latent understanding of green address bars was very high, with 93% of test subjects recognizing a site with a green address bar as a safer shopping experience than one without. With regard to Extended Validation's defense against phishing, the Tec-Ed research reveals that when a site adopts green address bars, then 77% of users visiting what appears to be the same site but without the green address bar will decline to complete the transaction. Apparently, though, these results followed some training, so it is difficult to infer what untrained users would do.

To get VeriSign EV Certificate at lowest price visit: https://www.clickssl.com
[Read More...]


More about RapidSSL Certificate



As you know RapidSSL is largest SSL Certificate seller in the world. As a CA (Certificate Authority) RapidSSL strongly follow industry standard in SSL issuance and validation process.

What validation processes does RapidSSL use?

Trust hierarchy demands that entities "vouch" for each other. Companies that issue SSL certificates are in the business of establishing that entities on the web are, in fact, who they claim to be. The potential for criminal activity on the web (in relevance to SSL anyway), is in online ‘hijacking’ of sites or connections to siphon encrypted data. Persons so inclined can easily "copy" web site interfaces and pose as well known vendors, simply to collect these data.


SSL certificates work to prevent this through ensuring that www.abc.com is, in fact, ABC Co. In the “real world”, RapidSSL use identification procedures like photo ids, telephone calls and papers of incorporation to know with whom we’re dealing. If products or services are defective, buyers can seek recourse. In the “online world”, companies wishing to use SSL certificates must prove to the certificate authority that they have the right to present themselves online as ABC Co.
This is done through a variety of means in different SSL products. For simplicity’s sake, consider the method started and championed by Verisign, as the ‘traditional’ model. The process involves certificate petitioners faxing in their articles of incorporation, and then waiting several days to be granted a certificate to do business online under that name. There is a fair amount of overhead related to this task, as these credentials are examined and reviewed, and full-service products in this arena can cost hundreds of dollars.

There are newer, lower-cost alternatives in which certificates are issued more quickly. These SSL certificates verify that the certificate holder is the owner of that domain, ensuring customers that URL “owners” are who they claim to be.
[Read More...]


Is self sign SSL safe or not?



There are two types of SSL certificates on basis on issuance type.
  • Self signed SSL certificates
Self-signed certificate is an identity certificate that is signed by its own creator. That is, the person that created the certificate also signed off on its legitimacy.
  • CA issued SSL certificates
A CA issues digital certificates that contain a public key and the identity of the owner. The matching private key is not similarly made available publicly, but kept secret by the end user who generated the key pair. The SSL certificate is also an attestation by the CA that the public key contained in the certificate belongs to the person, organization, server or other entity noted in the certificate. A CA's obligation in such schemes is to verify an applicant's credentials, so that users and relying parties can trust the information in the CA's certificates. CAs use a variety of standards and tests to do so.

A CA issues digital certificates that contain a public key and the identity of the owner. The matching private key is not similarly made available publicly, but kept secret by the end user who generated the key pair. The certificate is also an attestation by the CA that the public key contained in the certificate belongs to the person, organization, server or other entity noted in the certificate. A CA's obligation in such schemes is to verify an applicant's credentials, so that users and relying parties can trust the information in the CA's certificates. CAs uses a variety of standards and tests to do so.

It the user trusts the CA and can verify the CA's signature, then he can also verify that a certain public key does indeed belong to whomever is identified in the certificate.

Now let’s talk about Self Signed SSL Certificate. Self signed SSL is created by individual to install on intranet / internet website. If your website is installed with self signed SSL certificate and any one browse website on secure channel HTTPS:// then he/she will get error (Error: Security Failed. Invalid Certificate Found).

What this error means? (Error: Security Failed. Invalid Certificate Found).

Well you have installed self signed SSL certificate so it is trusted by your own server/pc only. SSL certificates are always authenticated by Root CA certificates. Self signed SSL does not have Global Root CA certificate as it is created on your in-house server and user PC is not installed with that Root CA certificate. So whenever anyone will browse your website on secure channel HTTPS://, SSL certificate installed on website will not be authenticated as a trusted SSL certificate and there will be SSL certificate Security error. Visitor will see error and will jump out from your website as he/she feels unsecure providing confidential details like Credit Card Number, Security Code, User name, Password, etc.

If you want to work Self signed SSL certificate then you need to install Root SSL Certificate central CA on each user PC. If you are on intranet and you have to install it in few PCs then it is possible. What about PC on internet? How can you install on website visitor PC, before he visit your website? This is not possible at all as you can not guess who will visit your website and what time he will visit your website?

For example read this.

In a web of trust certificate scheme there is no central CA, and so identity certificates for each user can be self-signed. In this case, however, it is additional signatures from other users which are evaluated to determine whether a certificate should be accepted as correct. So, if users A, B, and C have signed Mary’s certificate, user E may decide to trust that the public key in the certificate is Mary's (all these worthies having agreed by their signatures on that claim). But, if only user A has signed, E might (based on his knowledge of A) decide to take additional steps in evaluating Alice's certificate. On the other hand, C's signature alone on the certificate may by itself be enough for E to trust that he has Alice's public key (C being known to E to be a reliably careful and trustworthy person).

There is of course, a potentially difficult regression here, as how can E know that A, B, Ted, or C have signed any certificate at all unless he knows their public keys (which of course came to him in some sort of certificate)? In the case of a small group of users who know one another in advance and can meet in person (e.g., a family), users can sign one another's certificates when they meet as a group, but this solution does not scale to larger settings. This problem is solved by fiat in X.509 PKI schemes as one believes (i.e., trusts) the root certificate by definition. The problem of trusting certificates is real in both approaches, but less easily lost track of by users in a Web of Trust scheme.

Credit: http://en.wikipedia.org/wiki/Self-signed_certificate
[Read More...]


SSL Security Site Seal



ClickSSL.com provides a free Secure Site Seal to all SSL Certificate Customers, which helps them to educate web visitors on the security technology they employ to protect against phishing attacks and eavesdropping. Security Site Seal clearly shows that the transactions performed on the website are securely encrypted by strongest SSL technology. When visitor click on SSL site seal, it displays website security information. If you have installed true value SSL (Organization Verified SSL Certificate) then you can show True Site Seal.


This shows organizations details such as domain name, business name, address and etc. This way you can give your website visitors visible, real-time assurance that the website is authentic and protected.

Visitors like only user friendly and visible things to see on website. Now if you have installed SSL certificate on website and you do not display SSL Security Site Seal then some visitors may jump out from your website. SSL Security Site is a brand image, especially for online shopping cart websites.

You should be aware of SSL Security Site Seal use and misuse. Following are few assistance on misuse of SSL Security Site Seal.

Who should display SSL Security Site Seal on website?

1. If you have installed verified SSL Certificate on your website, then only you can use SSL Security Site Seal.

Who should not display SSL Security Site Seal on website?

1. If your website is not installed SSL Certificate and you display SSL Site seal then it is SCAM.
2. If you have purchased SSL Certificate but did not install on website and you display Site Seal then it is SCAM.
3. If you have already installed SSL certificate but SSL certificate validity is expired and you display SSL Security site seal then it is SCAM.
4. If you have SSL purchased for one of your company website and you display SSL Security Site Seal on all company website, then it is SCAM.
5. You can display SSL Security Site Seal on SSL Certificate installed website.

Warning:

SSL Security Site Seal misuse is SCAM and anyone (SSL Provider /Reseller / Issuer / Customer / Visitor) can claim for this SCAM. As they can believe that either you store personal information like Credit Card number and security code, username, password, credential information.

For more information on the new site seal service, please visit: ClickSSL.com

About ClickSSL.com

ClickSSL is Platinum Reseller of VeriSign. VeriSign is leading SSL Provider company is website security. ClickSSL.com offers publicly trusted SSL, including EV SSL Certificates, Code Signing Certificates for use on all platforms including mobile devices. Its Trusted Root solution uses the widely distributed Equifax and VeriSign Root CA certificates to provide immediate PKI trust for Microsoft CA and enterprise CAs, eliminating the costs associated with using trusted Root Certificates. ClickSSL also provides SSL Certificate for email security.

[Read More...]


Are you shopping online using credit card?




Hey, are you shopping online using credit card? Wait first read this before you provide your credit card detail on any website.

Hi, I am Jay from CLICKSSL. I would like to share some security facts about your website, email risks.

How any one can hack information from website?

Hackers are always there on internet to steal your credit card numbers, email passwords and credential information. When you start paying on website you enter your credit card number and secret code on website. This information will go on internet. Now if the information does not pass on secure way then hacker will hijack your credit card. To know more visit: ClickSSL.com

How can I know that website is secured or not?

Well, it is so simple to identify secure website. Website should work on HTTPS:// protocol. For example: https://www.clickssl.com. SSL Certificate is only a security solution that can provide secure way to transfer data over internet.

How SSL Secures data?

SSL Certificate use Data encryption and decryption technology for data transmission. SSL use 256 bit encryption level to encrypt data. So no one can hack your information.

When you open site with HTTPS:// site should work fine without any error or warning message. Now you can see SSL Lock Icon on browser window.


What type of SSL Certificate website should have?

Below is list for SSL Providers CA (Certificate Authority).


VeriSign | GeoTrust | Thawte | RapidSSL


All of these CA are well known and trusted. VeriSign offers high value SSL Certificate as well GeoTrust EV SSL Certificates are built on high level encryption including Green Address Bar. When visitor will browse website address bar color will be changed to Green. EV SSL Certificates are high value SSL Certificates It will look like this.


However, there so many SSL types you can use for your website. Following are few recommendations:
First you have to identify that what type of website you hold.

My website is
Recommended SSL Certificate Type
E-Commerce Website : Low Volume Business
Thawte SSL123
E-Commerce Website : High Volume Business
GeoTrust True BusinessID
Intranet Website
RapidSSL
Unlimited Sub domain website(*.domainname.com)
RapidSSL Wildcard
Mail Server - Webmail
GeoTrust Quick SSL Premium
Banking and Finance Website
VeriSign EV SSL Certificate
Exchange & SharePoint Server
Thawte SSL Web Server
Website know by business brand
Green Address Bar SSL Certificate

About CLICKSSL

ClickSSL is a leading SSL Provider and reseller for VeriSign, GeoTrust, Thawte and RapidSSL. ClickSSL is a Platinum Partner of VeriSign. We offers instant issued SSL Certificates at high discount prices. You can save up to 80% of SSL Spending with us. ClickSSL offers clock around support and quick reference guide. We offer FREE Site Seal and Root CA certificates.
[Read More...]


 
Return to top of page ClickSSL - Start your E-Business with SSL Certificates