The OpenSRS Trust Service offers SSL Certificates that encrypt communications between users and SSL (Secure Socket Layer) e-commerce sites. Data sent via an SSL connection is protected by encryption, a mechanism that prevents eavesdropping and tampering with any transmitted data. SSL provides businesses and consumers with the confidence that private data sent to a Web site, such as credit card numbers, are kept confidential. Web server certificates (also known as secure server certificates or SSL Certificates) are required to initialize an SSL session.
Customers know when they have an SSL session with a website when their browser displays the little gold padlock and the address bar begins with a https rather than http. SSL Certificates can be used on Web servers for Internet security and mailservers such as IMAP, POP3, and SMTP for mail collection and sending security.
Business websites must have an SSL Certificate to:
- Validate online businesses by a globally recognized third party
- Encrypt sensitive data such as credit card numbers or passwords
All Trust Services offered through OpenSRS have the highest encryption levels available, compatible with over 99% of all browsers and include globally recognized certification seals.
The OpenSRS Trust Services offering includes certificates from Comodo, GeoTrust, SiteLock, Symantec, thawte, and Trustwave.
The terms vary by supplier and product, and range from one to two years.
The OpenSRS Trust Service includes products from the most trusted and most recognized certificate providers: Comodo, GeoTrust, SiteLock, Symantec, thawte, and Trustwave.
- Comodo offers a comprehensive range of highly-trusted SSL certificate products designed to meet the needs of every business.
- GeoTrust is one of the world's largest SSL certificate providers, with more than 100,000 customers in over 150 countries. Its product line is extremely popular with small businesses.
- SiteLock offers website security products that meet the needs of small business without requiring CSRs or web server installation scripts. It performs daily malware, network, and spam scans, and provides a trust seal that lets visitors know that the site is safe.
- Symantec resonates very well with large companies and corporations that want to obtain the highest levels of security possible.
- thawte is a leading provider of domain, business and extended validation SSL certificates. Its brand is particularly strong in Europe, and appeals to European businesses.
- Trustwave helps companies of all sizes reduce SSL costs while maintaining a high level of trust and security.
Types of SSL certificates
The type of SSL certificate that you choose depends on whether you want to validate a single domain or an entire enterprise, and also the level of validation that you want to provide.
SSL Certificates for domains ensure that the domain has been authenticated by a recognized certificate provider. Visitors to the site can click on the seal to verify that the certificate is still valid, giving site visitors extra peace of mind.
The provisioning time for domain certificates is 10 minutes.
When corporate identity verification is important, an SSL Certificate for the organization assures customers that the website is trustworthy and secure.
The provisioning time for organization certificates is two to four business days.
Wildcard SSL Certificates may be used for situations where several same-domain web sites need to be secured but the hostnames or sub-domains vary. You can secure as many sub-domains on one physical box as you like as long as they share the same second level domain name. To do this, the domain/common name in the CSR needs to be "*.mydomain.com". The asterisk is a place holder and enables you to secure different sub-domains that share the same base/second level domain name such as "mydomain.com" in our example. If you need to secure sub-domains on multiple boxes, you need to purchase separate wildcards for each box.
The provisioning time for wildcard certificates is two to four business days.
Subject Alternative Name (SAN) certificates allow you to specify a list of additional domains or other entities that will be covered by a single SSL certificate. This means that, depending on the product, you may be able to specify multiple top-level domains, subdomains, IP addresses, internal server names, and more. The total number that you can protect with a single certificate varies by product.
Note: SAN certificates are sold as packages, so if you purchase a SAN certificate that can secure four additional domains, but you specify only two, you will still be charged the same price. You may be able to add more domains to a package for an additional charge. For more information on pricing, see http://www.opensrs.com/site/services/ssl.
These multi-domain certificates are more flexible than wildcard certificates because they are not limited to the same domain or the same number of levels.
The provisioning time for SAN certificates is two to four business days.
Extended Validation (EV) certificates
With Extended Validation, as well as displaying the certificate seal, the address bar is displayed in green, providing customers with an extra level of confidence. The green address bar is a strong visual indication that the site has an Extended Validation Certificate. The Security Status bar displays the organization name and the name of the Certificate Authority (CA).
The provisioning time for EV certificates is five to seven business days.
A site seal certifies the owner of the site has been verified and that the site is free of malware.
Seal products can be used in two ways:
- By site owners who don't require an SSL certificate but want to add an additional layer of assurance/reputability to their business.
- By site owners who already have an SSL certificate but want to add an additional layer of security.
Every website protected by SiteLock goes under an evaluation which includes:
- Verification of the website owner's contact information.
- Checks for malware, viruses, SQL injections and cross-site scripting vulnerabilities.
- Verifies email addresses and servers haven't been included on spam blacklists.
No CSRs or web server installation scripts are required.