What is Secure Sockets Layer or SSL?
What is encryption and how does it protect my business and my customers?
What is authentication and why is it important to SSL?
How can I optimize my Web site for trust and security?
What is the VeriSign Trust Seal?
Do all SSL Certificates provide the same security and trust for our business?
Why do different SSL Certificates contain different information?
How do consumers view the authentication information?
Do VeriSign SSL Certificates work with all browsers?
What information does VeriSign require to verify my business identity?
What does VeriSign do to verify my right to use a domain name?
How long does verification take?
What is EV SSL?
What documentation is required for an Extended Validation authentication?
What is a Certificate Signing Request or CSR?
Can I secure multiple servers with a single certificate?
Can I try an SSL Certificate before purchasing?
How do I manage my SSL Certificates?
What is a VeriSign Trust Center Enterprise Account?
What is Express Renewal?
What is AutoPay Renewal Service?
What is Secure Sockets Layer or SSL?
The Secure Sockets Layer (SSL) is a security protocol used by Web browsers and Web servers to help users protect their data during transfer. An SSL Certificate contains a public and private key pair as well as verified identification information. When a browser (or client) points to a secured domain, the server shares the public key with the client to establish an encryption method and a unique session key. The client confirms that it recognizes and trusts the issuer of the SSL Certificate. This process is known as the "SSL handshake" and it can begin a secure session that protects message privacy and message integrity. Read our Beginner's Guide to SSL Certificates to learn more.
Back to Top
What is encryption and how does it protect my business and my customers?
Encryption is a mathematical process of coding and decoding information. Encryption ensures that information is scrambled in transit so that only the intended recipient can decode it. The number of bits (40-bit, 56-bit, 128-bit, 256-bit) tells you the size of the key. Like a longer password, a larger key has more possible combinations. In fact, 128-bit encryption is one trillion times one trillion times stronger than 40-bit encryption. At current computing speeds, a hacker with the time, tools, and motivation to attack would require a trillion years to break into a session with 128-bit encryption. SSL Certificates with server-gated cryptography (SGC) enable 128- or 256-bit encryption for over 99.9% of Internet users. True 128-bit SSL Certificates
Back to Top
What is authentication and why is it important to SSL?
Authentication is 3rd party verification of a Web site's identity to establish trust. Before Web visitors share username and password, payment information or other personal data, they need to know that they can trust the Web site requesting it. A company logo or brand name is not enough. These can be faked. To protect against fraud and phishing sites, Web visitors look for proof that your business entity and Web site are legitimate. This can be provided by a VeriSign® SSL Certificate. Similar to the way a government agency verifies a birth date before issuing an identification card, an SSL provider (Certificate Authority) verifies an organization's right to use a domain name and other required identification information. SSL Certificates are uniquely issued to a specific domain and Web server.
How can I optimize my Web site for trust and security?
VeriSign SSL Certificates with additional trust features offer more than encryption and authentication for your online business. Our SSL Certificate, daily Web site malware scanning and vulnerability assessment (available with Extended Validation and Pro SSL Certificates) work together to secure your site and help defend against attacks. The VeriSign Trust™ Seal and Seal-in-Search™ technology help drive traffic to your site and reduce abandoned transactions by assuring your customers that your site is safe from search to browse to buy.
Back to Top
What is the VeriSign Trust Seal?
The VeriSign Trust Seal is a dynamic, animated graphic that displays on Web pages secured by VeriSign SSL Certificates and Web sites authenticated by VeriSign. When users click the VeriSign seal, it opens a VeriSign-generated verification page containing information about your VeriSign SSL Certificate, your organization, and the status of your malware scan. The VeriSign seal, the most recognized trust mark on the Internet, is viewed up to 650 million times per day on over 100,000 Web sites in 165 countries and in search results on enabled browsers as well as partner shopping sites and product review pages. FAQ: VeriSign Seal
Back to Top
Do all SSL Certificates provide the same security and trust for our business?
VeriSign SSL Certificates provide more security and trust at no additional cost. An automatic vulnerability assessment (included with Extended Validation and Pro SSL Certificates) identifies the most exploitable weaknesses on your Web site. Daily Web site malware scanning (included with all VeriSign SSL Certificates) alerts you if your Web site is infected with malicious software. The combination helps extend security beyond https to your public-facing Web pages and reduce the risk of being blacklisted by Google or other search engines. Seal-in-Search displays the VeriSign Trust Seal next to your link on browsers enabled with a free plug-in as well as on partner shopping sites and product review pages. The seal differentiates your link in search and shows that malicious code has not been detected in a daily malware scan. Learn more: The VeriSign Seal
Back to Top
Why do different SSL Certificates contain different information?
Certificate Authorities use different authentication methods and levels to verify information provided by organizations. The most basic SSL Certificate only verifies domain name control, a low-level of authentication that may be used by fraudsters to make their sites appear trusted. VeriSign, the leading Certificate Authority, secures more than 1 million Web servers worldwide and is well known and trusted because of our rigorous authentication methods and highly reliable infrastructure. VeriSign® SSL Certificates are issued with either full business authentication or Extended Validation (EV) authentication. The VeriSign Trust Seal verification page also includes the status of your daily Web site malware scan and vulnerability scan results (included with Extended Validation or Pro SSL Certificates).
Back to Top
How do consumers view the authentication information?
When a browser connects to a server, the server sends the identification information to the browser. To view a Web sites' credentials do one of the following:
- Click the closed padlock in a browser window
- Click the trust mark (such as the VeriSign Trust™ Seal)
- Look in the green address bar*
*Only SSL Certificates with EV trigger high-security Web browsers to display your organization's name in a green address bar and show the name of the Certificate Authority that issued it. Learn more: SSL Security and Extended Validation
Back to Top
Do VeriSign SSL Certificates work with all browsers?
Most Web site users do not know which Certificate Authorities to trust so they rely on their Web browsers to help them. An SSL Certificate issued by a Certificate Authority that a Web browser does not recognize or trust will generate a security alert. As the leading Certificate Authority, VeriSign® SSL Certificates work with virtually all popular Web browsers used since 1996.
Back to Top
What information does VeriSign require to verify my business identity?
When you request an SSL Certificate, VeriSign verifies the existence of your business, the ownership of your domain name, and your employment status or authority to request the SSL Certificate. We may require official government documentation proving your right to do business. These may include:
- Articles of Incorporation
- Certificate of Formation
- Charter Documents
- Business License
- Doing Business As
- Registration of Trade Name
- Partnership Papers
- Fictitious Name Statement
- Vendor/Reseller/Merchant License
- Merchant certificate
Our authentication and verification procedures are based on more than 15 years of practice authenticating commercial businesses. These procedures are audited annually by KPMG using Statement of Auditing Standard 70 Type II, established by the American Institute of Certified Public Accountants.
Back to Top
What does VeriSign do to verify my right to use a domain name?
VeriSign first tries to authenticate your company's management responsibility through publicly available domain name registration information. If we cannot automatically authenticate your domain name control, we require an authorization letter from that domain's owner. This step prevents applicants from fraudulently or accidentally obtaining SSL Certificates for domains that do not belong to them.
Back to Top
How long does verification take?
Authentication for new certificates could take as little as 1 hour or up to several days, depending on the verification information you provide and whether or not your certificates are pre-approved.
- If your organization is the legal holder of the domain, you can expect to receive your certificate within 1 hour of your request.
- VeriSign® Trust Center Enterprise Account stores pre-approved domain, organizational and contact information. When you submit a certificate request that contains the authenticated information, VeriSign instantly issue your certificate. See SSL for the Enterprise.
- Processing times for EV SSL Certificates may take longer due to additional verification requirements mandated by the Extended Validation (EV) SSL Guidelines. FAQ: Extended Validation SSL
What is EV SSL?
In 2006, the CA/Browser Forum, a group of leading SSL Certificate Authorities (CAs) and browser vendors, approved Extended Validation (EV) SSL Guidelines, standard practices for certificate validation. To issue an EV SSL Certificate, a CA must adopt the EV practices and pass an audit. Browsers were enhanced to make it easy for Web site visitors to recognize the higher standard of EV SSL. A site secured by an SSL Certificate with EV triggers high-security Web browsers to display the organization’s name in a green address bar and show the name of the Certificate Authority that issued it. The browser and the Certificate Authority control the display, making it difficult for phishers and counterfeiters to hijack your brand and your customers. Learn more: Extended Validation and SSL Security
Back to Top
What documentation is required for an Extended Validation authentication?
In addition to our standard verification requirements, a legal opinion letter may be required to confirm that the requestor has the authority to obtain SSL Certificates on behalf of the company. The legal opinion letter also may be used to confirm the organization registration, organization address, telephone number, domain ownership, and the organization’s business status. The physical address may be confirmed by a physical site visit if necessary. Once confirmed, the requestor may purchase additional SSL Certificates based on the original letter. If a legal opinion letter cannot be obtained, our Certification Practice Statement outlines alternate authentication and verification processes.
Back to Top
What is a Certificate Signing Request or CSR?
The CSR is a string of text generated by your server software. You provide this string of text to VeriSign during the enrollment process to enable VeriSign to issue an SSL Certificate unique to your Web server. Express Renewal allows you to use the same CSR for up to 6 years (up to 2 years with EV). You will need to know what kind of server software is running on your Web server to generate a CSR.
Back to Top
Can I secure multiple servers with a single certificate?
Sharing certificates on multiple servers increases risk of exposure. Auditing becomes more complex, reducing accountability and control. If a private key becomes compromised, it can be difficult to trace and all servers sharing that certificate are at risk. Because sharing certificates degrades security, the VeriSign certificate subscriber agreement prohibits customers from using a certificate on more than one physical server or device at a time, unless the customer has purchased additional server licenses. VeriSign’s licensing policy allows licensed certificates to be shared in the following configurations: redundant server backups, server load balancing, and SSL accelerators. See About SSL Certificate Licensing.
Back to Top
Can I try an SSL Certificate before purchasing?
You can either test SSL in a pre-production environment with a trial SSL Certificate free for 30 days, or you can try a production level SSL Certificate risk-free for 30 days. This is true for Secure Site Pro with EV, Secure Site Pro, Secure Site with EV and Secure Site SSL Certificates. Learn more about our Trial SSL Certificates.
Back to Top
How do I manage my SSL Certificates?
When you buy or renew an SSL Certificate, an account is automatically created for you in the VeriSign Trust Center, a Web-based, self-service console with complete and secure access to manage all your SSL Certificates. With a single sign-in, you can renew and manage any number of VeriSign® SSL Certificates, update your payment and account settings, access a backup SSL Certificate, or activate additional services.
Back to Top
What is a VeriSign Trust Center Enterprise Account?
A VeriSign Trust Center Enterprise Account is for customers who purchase 10 or more SSL Certificates per year. These account holders benefit from volume discounts and instant issuance for pre-approved domains and organizational and contact information. VeriSign Trust Center Enterprise Account also provides robust reporting and audit capabilities for managing your full portfolio of certificates. Learn more about VeriSign Trust Center Enterprise Account.
Back to Top
What is Express Renewal?
Express Renewal streamlines the renewal of SSL certificates with a new way of handling certificate validity and expiration. Just as with traditional certificates, you select the service period, and upon expiration, you can continue to use the same certificate. With Express Renewal, you no longer have to reinstall the certificate or generate a CSR for up to six consecutive years.
Back to Top
What is AutoPay Renewal Service?
AutoPay Renewal Service (AutoPay) allows you to further automate certificate renewal payments. Activate AutoPay at enrollment or within your VeriSign Trust Center account. AutoPay requires payment through credit or debit cards.
Back to Top
Feedback