What is a Self-Signed Certificate – SSL Certificate or Secure Socket Layer is a technology created to bring more security in the exchange of information between a visitor and the server that hosts the site.
The purpose of an SSL certificate is actually to prevent malicious people from capturing sensitive information from users, such as access data in the customer area on purchase sites or even credit card numbers and passwords.
This type of encryption-based technology is increasingly being adopted, especially in financial applications and online stores where sensitive and confidential data from visitors are sent at all times.
However, with all this innovation, many doubts arise regarding the types of certificate and how each one works, mainly because there are several models available in the market.
And you, the one who created your virtual store recently, probably already know that it is necessary to use an SSL Certificate to enable purchase through credit card, but still, ask yourself the kind of question, what is the best way and best cost to protect my store with this technology?
Well, I understand your frustration at not knowing how this works, encryption is a complicated technology and often not even technicians know exactly what is the best way forward.
So I decided to create this definitive guide with the main questions that come up when you are faced with the need to use a certificate, many of these questions came from partners who sought a suitable certificate for your online store or needed to protect an online application.
I’m sure many of your questions will be answered in this article because I want to make sure you get the most appropriate certificate and do not have unnecessary costs.
If even after reading this content you still have questions, feel free to ask me any question in the comments section at the end of this content, I will be grateful to answer it.
What is SSL Certificate and what is it?
SSL Certificate is used to protect important information from users browsing your website, preventing it from being intercepted, captured or viewed while transferring the data to the server hosting the application.
This protection is created from a strong encryption key that shuffles the information sent by the user so that it is impossible to discover the content from within the key and the only place that can unscramble this content is the server where the SSL Certificate is installed.
So any attempt to capture a data packet becomes irrelevant, even if someone is able to intercept the data, it will be impossible to read the content.
How do I know if a site uses SSL Certificate?
It is relatively simple to identify a site that uses SSL since they all have basically the same visual characteristic.
Soon after accessing the site you want to check, take a look in your browser’s address bar and make sure you have a green padlock left the side of the website domain (-> https://www.Example.com ).
You can only rely on the protection of the certificate if it has the green lock, if you are of another color, be careful with the information you share on the site.
There are two more colors that the padlock can have, but this is a contest that we will see a little later, stay calm.
In some cases, the certificate is not used in the entire site, only in the sessions where data exchange occurs, in this case, go to the Login or Create Account area and check the address bar.
It is important to keep in mind that https:// should always be displayed in the URL of pages that request user and password.
I would like to warn you that if you are going to buy something on the internet, it is strictly necessary for the website to have a certificate if you have any questions regarding the purchase I strongly recommend that you read our article on how to know if a virtual store is reliable.
What kind of SSL Certificates are there?
Certificates for domain validation
This type of certificate is the simplest and also the one that has the fastest emission process, taking in average 30 minutes to activate it.
The domain validation process is done by email, verifying that the person who requested the certificate has administrative access to the email accounts of your domain.
This type of certificate can also be validated through a text file inserted in your website, the certifier will access it and validate your information if they are correct the certificate will be validated.
As the certificate with the lowest level of data validation is also the cheapest, it is the best selling type, every 10 certificates sold about 9 are those with domain validation (this information is based on SECNET sales and not the global market).
With this type of certificate, you get a static stamp to insert into your site, showing your visitors that you use an SSL certificate and that they are secure.
Certificates for Organizational Validation
Certificates with validation for the organization are already more complete and need more information to finalize the issuing process.
You’ll need to verify data such as your phone number, street address, CNPJ, and your company’s fancy name, so you demonstrate a higher level of assurance to visitors to your website, proving that your organization really exists.
In this case, the issue takes about 2 days, taking into consideration that you will receive a call from the certifier to confirm your data (call-back).
With this type of certificate, you will receive a dynamic stamp to insert on your site, showing all the confirmed data about your organization by hovering the mouse on or clicking, this information will be sought from the certifier itself in real time.
Certificates for extended validation
Extended validation is the best in the digital certificate market and is a symbol of digital security status.
These certificates have the highest degree of validation, with the need to send physical documents from your organization, in addition to the data requested in the type of organization validation.
Its issuance takes an average of 5 days considering the delivery time of the documents and the confirmation call from the certifier (call-back).
Although it is the most expensive certificate on the market, it is solely responsible for leaving the address bar of your browser completely green (Green Bar), in this case, it is not just a padlock but a green bar that contains the fancy name of your organization.
Financial organizations are the major companies that acquire this type of certificate since money is a sensitive issue and people need to feel more comfortable exchanging sensitive information across the site.
This is not to say that it can not be acquired by any other business, several virtual stores are already using the extended validation certificate.
Which SSL Certificate is DV, OV or EV more secure?
In fact, the only difference between certificates is the type of validation, since all have the same level of security (encryption) compared to each other.
That way you do not have to worry about spending a lot of money to protect your website since even the cheapest certificate guarantees a high level of security.
When to use a single domain, wildcard or multi domain certificate?
Single domain certificates are used when you need to certify only 1 domain, this domain can be an online application, an institutional site or even a virtual store such as https://www.Yourdomain.com.
Wildcard certificates are the ones that validate all subdomains in a given domain and are usually used when you need multiple names before your domain, for example, https://www.Yourdomain.com, https://blog.subdomain.com, https://client1.Yourdomain.com.
This type of certificate will ensure the protection of ALL servers and names that are issued this way https://*.Yourdomain.com.
Wildcard certificates are required in multi-server environments, or with names in their subdomains belonging to a particular application.
Multi Domain certificates are used when you want to protect more than one site, application, or server with the same certificate.
In this case, when acquiring the certificate you can protect 3 different domains, for example, https://www.Yourdomain1.com, https://www.Yourdomain2.com, and https://www.Yourdomain3.com, with the possibility of protecting up to 100 domains with the same certificate.
What is the difference between the static and the dynamic seal?
The static stamp is just a common image with your certifier’s logo, this image is used to indicate that the website is using an SSL Certificate and does not have any type of validation.
This is the only function of the static seal and also the reason many do not use this type of seal on their pages, relying solely on the green padlock.
Already the dynamic seal is an image whose function is to present relevant information of your organization to visitors, this happens when someone hovers the mouse or clicks on the seal, it depends on the certifier that issued the certificate.
We call this stamp dynamic because it will inform your organization’s information in real time through the certifier itself, without the need for human intervention.
What do I do when my certificate expires?
All certificate types have a validity period, and after issuing this period can not be changed in any way.
When your certificate expires you must renew it, in fact, this is just the name (mistakenly) given to the process since it will be necessary to purchase a new certificate and perform a new installation.
One tip that may be helpful to you is to purchase the certificate for the longest possible period because if you do not know how to install it on the server you will need to hire someone to do this each time the certificate expires.
Another very important tip is to note the date that the certificate will expire in your calendar, so you can advance a new certificate before it even expires and does not suffer from unreliable website messages, which will surely cause you a big headache.
What is the period of validity of the certificates?
By March 2015 the certificates could be issued with periods longer than 5 years, but the legislation has changed and now it is this way:
Certificates for domain validation (DV) and organization validation (OV) can be issued up to a maximum of 3 years, and the certificates for extended validation (EV) have a maximum term of 2 years.
If I buy a lower validation certificate can I upgrade?
Unfortunately, it is not possible to perform a validation upgrade on the certificates.
If you purchased a certificate for domain validation and want to switch to an organization validation will not be possible, the only way to do this is by purchasing a new certificate.
Does the same certificate work on different servers?
SSL Certificates are multi platform and work yes on different servers, you can easily use a wildcard certificate on several servers with different platforms.
If you want to use the certificate on different servers the only procedure you need to do is to encode the certificate for that particular web server, so it will be compatible with other types of applications and sites.
Who is responsible for renewing the Certificate at maturity?
The certificate is the responsibility of the consumer, so the consumer must take appropriate measures to ensure that the environment remains safe.
Again I advise you to put an appointment in the agenda about 30 days before expiry of the certificate so as not to forget and go through bad morsels.
Remember that you need to reinstall the certificate on all servers, this can often take hours and even days to complete.
The padlock is not green, what do I do?
What can happen to your site, in this case, is that it is not configured correctly to receive the certificate, this happens when SSL is installed and there are still parts of the site that are doing HTTP requests instead of HTTPS.
This situation can be easily resolved by your developer, if it occurs with your site contact him and explain the situation, this information is found with the debug of your browser.
If you are taking care of everything yourself, you can see how to resolve this situation in this Common Error with SSL Certificate content.
I installed the certificate but HTTPS does not work, now what?
If HTTPS does not automatically appear when you access the site you will need to create a redirect, so the site will be forced to open with HTTPS every time it is accessed.
This type of configuration can be done in several ways, but the most recommended is that it is done through your web server.
If you use WordPress you can see how to configure HTTPS full in this post, if you have any questions please feel free to ask me in the comment session at the end of this content, so I can with your doubt enrich this content for other people.
Does every certificate need fixed IP?
No, this is a myth! Nowadays it is no longer necessary to make use of a fixed IP for each certificate acquired, but since it has taken a while, it is normal that this doubt is still very popular, but it is little publicized since many providers still charge by fixed IP for install the certificates.
From Windows Vista, all browsers developed are compatible with a technology called SNI or Service Name Indication.
This technology enables your hosting provider to use its own IP (and only this IP, no need for additional) to install multiple certificates on the server.
But when using SNI technology, Windows XP users can not access your site (there are exceptions, but using Internet Explorer will not be possible), because this system has already been discontinued and does not receive updates, this is a way to maintain the market up-to-date and secure operating system.
Is my online store new, do I need an SSL Certificate?
Absolutely yes! SSL Certificate plus a security system has already become a prerequisite for online shoppers as they are much more concerned about their internet security.
Another important issue that you should take into account is the integration with payment gateways, which enable payment of purchases through credit card. These gateways only work on sites with SSL Certificate.
In addition, Google started to better classify sites with SSL Certificates installed correctly because secure sites bring a better browsing experience to visitors.
Is it worth using a free certificate?
I do not recommend using free certificates, precisely because I do not have any kind of guarantee on the part of the certifier, and if nobody can guarantee the security of your site is not feasible for you, let alone for your customers.
The leading certifiers in the market give you full assurance that no one can break your encryption, so all certificates have a very high refund value in case this happens.
To give you an idea the cheapest certificate that SECNET offers costs $ 99.90 per year, but the value of the guarantee in case of a break in encryption is $ 10,000.
Does SSL Certificate protect my site from hackers?
Unfortunately, the purpose of the certificate is to ensure that the information exchanged between the visitors and the server is secure, ensuring that no one can intercept this data during the transmission.
There is another solution that can protect you from large-scale attacks and is called CloudFlare, this tool is a CDN or Content Delivery Network that in addition to speeding up your website creates a very strong layer of security.
What is a self-signed certificate?
SSL Certificates are usually issued by Certificate Authority that is independent and has worldwide recognized trust, browsers already know of its existence and therefore trust the certificates that are issued by these entities.
But you can produce your own certificate, the self-signed, let’s say these are the certificates of “home” edition since you who play the role of certifier and says that this is a valid certificate.
What happens is that these self-produced certificates are not recognized by browsers, so those messages are demonstrated by saying that your site is not trusted by visitors.
This message may end up scaring your customers and in the end, the cheap can be expensive as the saying goes, so think hard before using a certificate of this type.
How do I know if a certificate was installed correctly?
Luckily there are online tools that can help you in that part by doing the analysis in a few seconds. Click here to verify that any certificates have been installed correctly on your site or elsewhere.