SSL Certificate

What are SSL certificates?

SSL certificates are a tool which protects internet sites and also guarantees the confidentiality of data which was sent electronically. To achieve complete security, communication between computers is encrypted. SSL certificates are registered for a given domain name and contain information on the domain owner, their address, etc. Data is secured cryptographically, and it is unauthorised changes to it are impossible.

SSL certificates date back to 1994, when Netscape created the Secure Socket Layer protocol, used for secure transmissions of an encrypted data stream. Its effectiveness, easy use and installation, meant that it quickly found use in securing on-line banking transactions, particularly during on-line auctions and as part of on-line payment systems.

SSL certificates are required by all entities which provide their services over the internet or local networks to ensure:
  • security – connection encryption, safe transfer of personal data,
  • credibility – WWW or server identity in the internet is confirmed,
  • trust – the provided services are in line with world standards.

SSL certificates issued by CERTUM PCC feature Polish language technical support and compliance with international standards as confirmed by the WebTrustSM/TM certificate.

Trusted SSL certificates

CERTUM General Certification Authority is the only one in Poland authorised to issue SSL certificates.

In 2008, more than 3,000,000 servers and WWW sites all over the world used SSL certificates, however according to NetCraft research (www.netcraft.com) only about a third of those were considered safe and credible. The remaining SSL certificates featured an inappropriate cryptographic security level or were issued by unidentified entities.

The WebTrust standard comprises globally accepted collection of “”good practices”” within the scope of activity associated with information security and the provision of certification services. It delivers trust amongst the most popular search engines used around the world, server software and operating system. For trusted SSL certificates, an encrypted connection is established automatically. Whereas if a certificate is issued by an unknown certification authority, a message with a warning appears before a connection is made, indicating the lack of trust and a question whether despite this the user wants to go ahead and establish a connection. Currently CERTUM PCC – www.certum.pl, is the only Polish certification authority able to issue SSL certificates in accordance with the WebTrust standard.

SSL certificates issues in accordance with the WebTrust standard authenticate secured servers and websites, ensure safe data exchange and their global trust helps to build a positive image of businesses or institutions which use them in the eyes of potential customers all over the world.

Communication in the internet

Only a small fraction of internet users are aware of how computers which are on-lien communicate and exchage data. Simplifying greatly – the procedure takes place using protocols, or a “”language”” of a kind. To a large extent, internet users have vary little say as top the principles on which it is based. In as much as that situation is convenient, a series of questions as to the nature of safely using networked resource arise.

Standard protocol vs. SSL/TLS protocol

One of the most common ways to secure internet data transmissions is an SSL/TLS protocol. The application of cryptographic technologies and public key certificates, in this case called SSL certificates, facilitates an encrypted connection between a server and the user’s computer. The SSL/TLS protocol guarantees security through the use of Public Key Infrastructure (PKI). When connection is being established, a symmetric key is created which will be sued to secure the data exchange between the parties to the session.

To compare a standard protocol with an SSL/TLS protocol lets imagine a situation where whilst paying in an on-line ship using a credit card we announce our card number, expiry date and CVS code to all other purchasers, granting them unobstructed access to our money. If encrypted connections are used, it is not possible for anyone to eavesdrop on such important data.