Protect website / server
Solutions for protecting your website and network communication
Secure Socket Layer (SSL) certificates, also referred to as TLS certificates, protect your servers and websites and thus ensure the trust of your customers. Using SSL certificates, confidential data is encrypted during transmission via the SSL or TLS (Transport Layer Security) protocol. SSL certificates also contain trusted information on the certificate owner and hence confirm the identity of a website's or server's operator. An SSL certificate is issued by a trusted organisation – known as a certification authority (CA) – in a similar way to an identity card. Depending on the certificate type (Gold EV, Gold, Silver), different characteristics of the certificate owner are checked.
What are the benefits of SSL certificates?
SSL certificates increase the level of trust that your customers and partners place in your company’s website or web applications. A trusted CA such as SwissSign certifies the authenticity of your website by conducting a reliable check of your domain and other company information. In doing so, it ensures that you are also trusted by operating systems and browsers.
SSL certificates guarantee your customers and partners both privacy and data protection by allowing for secure encrypted access. SSL certificates offer protection against phishing and man-in-the-middle attacks. They also increase the visibility of your website, as the Google ranking rates websites with SSL/TLS encryption much higher than websites without SSL.
How can I find an appropriate SSL certificate?
The primary question when selecting the right certificate is the level of trust that the website or web application should provide the visitor. The higher the level of trust and security required, the more detailed the process for the verification of the owner’s identity and the information subsequently provided in the certificate.
Choice of validation level
A differentiation is made between three main certificate types for the identification check:
- The domain-validated (DV) certificate: SwissSign SSL Silver certificate
With this certificate, the domain is validated, i.e. it is checked whether this URL (www.example.ch) exists. The validation process is performed on an automated basis via e-mail and has the advantage that the check takes place within a matter of seconds. This certificate protects visitors using so-called session encryption and does not contain any information on the operator of the respective site/application.
- The organisation-validated (OV) certificate: SwissSign SSL Gold certificate
With this certificate type, the organisation, i.e. the company operating the site or application, is validated. Official entries are checked and confirmation is provided that the indicated organisation also actually exists. This information is indicated in the certificate and further confirms that this organisation is also the legally legitimate user.
- The extended-validation (EV) certificate: SwissSign SSL Gold EV certificate
This certificate type involves a validation process performed in accordance with the strict, internationally governed EV Guidelines of the CA/Browser Forum. All browsers display EV certificates using a green bar, meaning that the respective website or web application enjoys the highest level of trust upon being visited or used. The validation process includes the legal and operational check, verification of the company’s existence, a comparison with the applicant’s official details, authorisation of the certificate requester and the authentication of the domain ownership rights.
Definition of the number of domains to be certified
- Single domain
If the certificate is ordered with just one domain entry, the domain protection offered by SwissSign certificates includes with and without “www”.
- Several domains
With so-called SAN fields (Subject Alternative Name) within the certificate, it is decided which domains are to be protected. A certificate with just one SAN field that refers to a website is a single-domain certificate. If this SAN field includes a star in the domain name, it is a Wildcard certificate. And if the certificate has several SAN fields, it is a multi-domain certificate.
The Multi-Domain certificate is suitable for protecting several domains (mywebsite.com, yourwebsite.com, hiswebsite.ch) as well as several sub-domains (info.mywebsite.com, db.mywebsite.com) or several sub-sub-domains (test.info.mywebsite.com, int.info.mywebsite.com). The Multi-Domain certificate is ideal for use in a Microsoft Exchange or Lync environment and is frequently also referred to as a UCC/SAN certificate (Microsoft UCC environment). Multi-Domain certificates can also be issued at EV level.
Multi-Domain certificates with a long list of domain names can impact performance, as browsers initially load all of the certificate contents, i.e. all SAN names.
If there are a lot of SAN entries, the risk increases that the Multi-Domain certificate will need to be exchanged prematurely. Among the domains, there are often also some that do not belong to the same individual and for which a power of attorney had to be granted upon the certificate being issued. Should one of these domains cease to exist, the certificate becomes invalid and all used multi-domain certificates have to be exchanged.
An additional domain cannot be added subsequently without replacing the certificate. Should the private key for the certificate be lost, the certificate must also be exchanged on each device.
Wildcard certificates are suitable for an unlimited number of websites that are sub-domains of a defined domain name (example: main domain: mywebsite.com, sub-domains: info.mywebsite.com, db.mywebsite.com). They can also be used with restrictions for Microsoft UCC environments (Exchange, Lync). Wildcard certificates are not permitted at EV level.
The freedom as regards sub-domains entails a certain risk. Should somebody gain unauthorised access to your private certificate key and use it to set up a fake website, this is not easy to monitor. Let's assume that your website is called https://mywebsite.ch. Somebody with access to the certificate data now creates a new website called https://1.mywebsite.ch. This page is inconspicuous, uses a valid certificate and thus boasts undeserved authenticity. Those wishing to avoid this risk use Multi-Domain certificates.
These SwissSign partners will be happy to help you
Contact us to find the right partner for you
Do you have a question about our partners, do you need support in choosing the right partner, or are you interested in a partnership with SwissSign? Our partner manager, Christian Kühni, will be happy to support you.
Get in touch with us!