Shulou(Shulou.com)06/01 Report--

SSL certificate must know must be SSL certificate type

Classified by way of audit

Domain name verification DV SSL certificate

Enterprise verifies OV SSL certificate

Enterprise enhanced / extended validation of EV SSL certificates

Classify by function

Multi-domain name UCC/SAN SSL certificate

Strong encryption SGC SSL certificate

Wildcard Wildcard SSL certificate

Code signing Code Signing SSL certificate

By brand (main trusted CA institutions)

RapidSSL certificate

GeoTrust SSL certificate

COMODO SSL certificate

VerSign SSL certificate

Symantec SSL certificate

Thawte SSL certificate

Trustwave SSL certificate

GlobalSign SSL certificate

AlphaSSL SSL certificate

According to the audit method, general CA institutions provide three types of SSL certificates: domain name SSL (DV SSL), enterprise SSL (OV SSL) and enhanced SSL (EV SSL) certificates.

1.EV SSL certificate-extended authenticated SSL certificate

EV SSL is the abbreviation of Extended Validation SSL, refers to the SSL certificate issued in accordance with the global unified strict authentication standards, is currently the highest security level of SSL certificate in the industry. When a user visits a website with an EV SSL certificate deployed, not only will the browser address bar display the security lock flag, but also the browser address bar will turn green.

Extended Validation SSL Certificate, abbreviated as: EV SSL certificate, means: SSL certificate issued in accordance with the global unified and strict authentication standard. The EV SSL certificate was born to deal with the increasingly rampant crime of online fraud and to restore and boost confidence in online transactions.

In order to solve the problem of rampant online fraud, the world-famous digital certificate authority and mainstream browser developers have created digital certificates and browser forums. It is intended to develop a solution to solve the online trust crisis and effectively prevent the crime of online fraud. EV SSL certificate is the first development product to protect users from online transactions with online merchants that have not been strictly authenticated. All digital certificate authorities that issue EV SSL certificates must strictly authenticate applicants in accordance with a unified standard, while browsers can recognize EV SSL certificates and make the address bar green. Online consumers can know very clearly who they are doing business with.

2.OV SSL Certificate-SSL Certificate for Institution Verification

The standard SSL certificate is the OV SSL certificate (Organization Validation SSL).

OV SSL is the abbreviation of Organization Validation SSL, which refers to the standard SSL certificate that needs to verify the true identity of all units of the website. This kind of certificate is the normal SSL certificate, which can not only encrypt the confidential information of the website, but also prove the true identity of the website to the user. Therefore, it is recommended to be used in all e-commerce sites, because e-commerce requires online trust and online security.

Click on the security lock flag, "View Certificate" to get the "details"-"subject" of this kind of certificate. The subject displays the O field (O is Organization, and the O field is used to display the name of the unit).

If you see that there is no "O =" in the certificate subject information, or "O =" is not the company name, but the website domain name, it is not an OV SSL certificate.

3.DV SSL Certificate-Domain name Verification SSL Certificate

DV SSL is the abbreviation of Domain Validation SSL, which refers to the simple SSL certificate that only verifies the ownership of the domain name of the website. This kind of certificate can only encrypt the confidential information of the website and cannot prove the true identity of the website to the user. Therefore, it is not recommended to deploy DV SSL certificates on e-commerce sites, because what e-commerce needs first is online trust, followed by online security.

DV SSL certificate is only suitable for personal websites or non-e-commerce websites. This kind of low-end SSL certificate, which only verifies the ownership of domain names, has been abused by various fraudulent websites abroad.

DV SSL is a completely automatic SSL certificate that only verifies the ownership of a domain name. It greatly reduces the cost without human intervention (no manual authentication). The price is very cheap, and you don't have to wait 3-5 days to get the certificate in 10 minutes.

Click on the security lock flag, "View Certificate" to "details"-"subject" of this kind of certificate, you can find that there is no O field in the subject (O is Organization, O field is used to display the name of the organization), or the O field shows not the company name, but the website domain name.

4.IV SSL certificate (similar to OV certificate)

IV SSL is the abbreviation of Individuals Validation SSL, which refers to the professional (Class level 2) SSL certificate that needs to verify the true identity of website operators (individuals). It can not only encrypt the confidential information of the website, but also prove the true identity of the website to users.

Click the security lock sign, in the WIN7 system, click "View Certificate" to see the "details"-"user" of this kind of certificate, and the user displays the O field (shows the name of the website operator).

By function: SAN,Wildcard (wildcard matching), SGC

Multi-domain name certificate UCC/SAN SSL Certificate (Subject Alternative Names Certificates)

First-level subdomain name certificate: one level of subdomains

SGC (Server-Gated Cryptography):

An enhanced key usage (EKU) is added to the existing SSL certificate standard, which is mainly introduced in consideration of the US government's export restrictions on high-strength encryption algorithms (128bit) before 2000. With the upgrading of computer hardware, the encryption strength established by the SSL protocol through negotiation sessions (such as 40 bits, 56 bits) can no longer meet the secure transmission of a lot of commercial data. SGC is a kind of SSL certificate used by the server, which can affect the choice of encryption strength when talking between the client and the server.

After more than 10 years of development, various browsers have already supported 128bit encryption, and there is no need for SGC technology to achieve 128bit encryption at all. In January 2000, the US government relaxed the restriction of 128bit encryption technology, that is to say, since January 2000, all browsers no longer need SGC technology to implement 128bit encryption, so many certificate authorities no longer sell SSL certificates that support SGC.

Classified products abbreviated as product description

Audit method EV Extended Validation: extended verification, the most rigorous certificate audit process

Green Bar: green address bar, which can identify phishing sites at a glance

OV Organization Validation: organizational verification, verify the legal identity of the enterprise, establish a trustworthy image of the enterprise, improve the click-through rate and rate of return of the website.

DV Domain Validation: domain name verification, only need to be confirmed by domain name manager

Function SAN Subject Alternative Name field for Unified Communications: one SSL certificate supports multiple different domain names

Up to 100 domain names can be added depending on the product.

It is suitable to append multiple domain names to the same server to facilitate simultaneous management.

Wildcard supports SSL certificates for * .domain.com

Unlimited number of subdomain names

Suitable for all sites in the same subdomain on the same server

SGC Server Gated Cryptography: enforces 128bit encryption, even for users using older browsers

Extended reading:

Several different types of SSL certificates are available. We're going to go over them so that you have a better understanding of which one is going to be best for your particular needs. While SSL may seem hard to understand at first, all it takes is a little time and studying to learn the differences between the different types of certificate's available.

DV (domain validation)

Domain validation or DV certificates are verified according to the domain name. Typically, this is done by sending an email to an address listed in the WHOIS record from the domain. This is similar to an AV certificate, which is listed next, but it's different in that a DV cert is intended to be used by SSL/TLS-enabled websites.

AV (address validation)

AV, email address validation, is similar to DV certificates, but Mozilla and others in the industry think it deserves its own classification because it deals only with the fact that a person has control of an email address from a particular domain. This type of certificate is used for S/MIME email.

OV (organization validation)

Next up is an OV SSL certificate, which refers to organization validation. For this type, the certificate authority will verify the actual business that is attempting to get the certificate. This is usually used by corporations, governments and others for SSL/TLS-enabled websites, code signing, as well as other uses.

EV (extended validation)

With EV (extended validation) a Certificate Authority is going to use the "EV SSL Certificate Guidelines" that can be found in the CA/Browser Forum. While similar to an OV (organizational validation) certificate, this is separate and distinct from an OV SSL certificate. See EV SSL Requirements for more about EV SSL.

IV (individual / identity validation)

An IV (individual validation or identity validation) SSL certificate verifies the identity of an individual and is typically used for email, SSL/TLS client authentication, and various other uses. A person's email is also going to be validated before this type of SSL certificate is issued.

Other SSL Certificates

While we've gone over the major types usually issued, in a future post, we'll go over Shared Certificates, Wildcard Certificates, and Multi-Domain Certificates. All of these act like a standard SSL certificate, but they also offer features. If you have any questions, be sure to leave a comment below so that we can give you the answers you need. Thanks.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.