The cryptographic protocol for secure communication is SSL. Myths about paid certificates
Browsers periodically check the quality of certificates, if there are violations, then incompatibility occurs, as they say, they did not agree on the characters, and then a divorce and each with his own, you are with an inappropriate certificate and the browser does not owe you anything, and as a result – the collapse of hopes and loss of time. Therefore, it is critical to be sure of the validity of the cryptographic protocol you have purchased.
Let’s Encrypt. A trusted and trusted organization that issues free SSLs. The project is supported financially by many large IT companies to make the Internet safer.
Global Sign by GMO. One of the largest certified centers. GlobalSign has been issuing SSL certificates since 1996. The center is trusted by such companies as Microsoft, Netflix, Airbnb.
Sectigo (former Comodo). Also one of the most reputable centers for obtaining a certificate. Attention, at the moment it does not work on the territory of the Russian Federation and the Republic of Belarus.
Symantec. The company has been producing a large number of products for the IT sector, which have been recognized all over the world for about 30 years. Do not issue certificates to users from the Russian Federation.
However, the most reliable and easiest way is to purchase it from your hosting provider. This will save you time, nerves and give you hope for a safer future. After all, the process of connecting your clients via a secure connection takes milliseconds, and a damaged reputation – distrust of your service is remembered for many years.
Let’s figure out how to conquer the world without attracting the attention of orderlies or connect an SSL certificate correctly.
What are the types of SSL certificate verification and how do they differ?
DV certifications (Domain Validation). This certificate confirms ownership of a domain name. It can be ordered by both an individual and a legal entity. The issue is carried out quite quickly, for everything about everything 10-15 minutes.
OV certificates (Organization Validation). These certificates are issued exclusively for legal entities. The certification authority checks whether you are the owner of the domain, and also checks the real existence of the organization according to data from b2b open sources or public registries.
The issuance of such a certificate can take from 1 to 3 days.
EV certifications (Extended Validation). They are the most reliable certificates. They can only be obtained by legal entities, and for validation it will be necessary to provide an extended package of documents. The control check will be a call from a specialist of the certification center to the city contact phone number of the organization.
Also, EV-certificates are distinguished by the presence of a green address bar, where the company name will appear. For example, banks use these certificates to protect the data of their customers. It takes up to 14 days to issue an EV certificate.
Using the example of our company, we will tell you how to place an order and how to validate a particular type of certificate.
After paying for the order, you will receive an e-mail where you need to go through the activation of the certificate, for this you can use the instruction.
Activation in your personal account takes place in several stages:
Generating a CSR Request
Entering contact details
The next step for (DV, OV, EV certificates) is domain name validation.
If necessary, you can use the instruction.
After the certificate is validated by the certification authority, the certificate itself and the chain of certificates will be sent to your contact mail.
This completes the receipt of the DV certificate, it remains to install it.
For type OV and EV certificates, validation is ongoing.
To pass the validation of a legal entity, you must:
For companies in the Russian Federation, it is necessary to provide the TIN / OGRN number or an extract from the Unified State Register of Legal Entities;
Links to open b2b databases, where the full name of the company, legal address, city phone number will appear.
Also, the manufacturer has the right to request a DUNS number (at the moment this happens quite rarely)
If the company is not listed in the D&B directory, then you must complete the procedure for obtaining a DUNS number.
In Russia there is a representative office of Dun & Bradstreet – “Interfax – Dun & Bradstreet”, which can help you get a DUNS number.
Based on information obtained from open sources, the manufacturer has the right to change the name of the organization to the corresponding public information. An e-mail will be sent asking you to confirm the data change.
If the data cannot be filled in or confirmed, the manufacturer has the right to refuse to issue a certificate.
The final stage is a validation call to the specified contact person with several questions about the organization (clarification of the name of the organization, last name and first name of the contact person, domain name, as well as confirmation of the certificate order). The call is made by the provider in English.
After validation, an email with a certificate will be sent to you.
To install a certificate on the site, you can contact us either use the instruction.
How to check if an SSL certificate is installed
By using this service you can check if your site has an SSL certificate installed.
The service will contain information: which SSL certificate is installed on your site, the provider of the SSL certificate, the period until which the certificate is valid, as well as other technical details. To start checking, you need to enter in the field “server hostname“name of your site and click the button”Check SSL“.
Sayings from the Internet and the judgments of those who sell SSL
Considering how a free SSL certificate differs from a paid one, in addition to the obvious savings, it is necessary to note their validity period. Free certificates are relatively short-lived and require constant re-issuance. For example, the popular Let`s Encrypt certificate needs to be reissued every three months.
The truth is that both certificates look the same, and the free one has even more advantages. it can be installed in one click.
You should also pay attention to the level of guarantees. The certification authority that issues a free certificate is not responsible for the integrity of the resource where it is installed. Paid digital signatures (OV), on the contrary, make it possible to verify the owner of the site. The presence of such guarantees form a high confidence in the site among users and in search engines.
But in fact, no one is watching or checking it. This is more marketing for those who sell such certificates.
Another significant difference between paid certificates and free ones is that they have financial guarantees. In case of leakage of user data from a resource where a paid SSL certificate is installed, the affected party will receive compensation from the certification authority. The amount of financial guarantees depends on the specific type of certificate.
But in fact, there were no such courts yet, because. Proving that an SSL certificate has been hacked is almost impossible.
Installing free certificates involves solving a number of technical problems that require certain skills.
Without knowledge of linux, installing such a certificate on the server yourself and setting up automatic release will be difficult.
Free certificates, however, have a key advantage – accessibility. They are often used by low-budget projects, startups and individuals who cannot afford the paid ones.
Well, or just know how to put them;)