SSL Certf

[rainit2006]

Cybertrust Japan Sympathic

[rainit2006]

When you are buying buy an SSL certificate, you need to choose the number of domains you want to secure.

There are three levels of certifications: Single, Wildcard, and Multi-Domain.

1. Single Domain SSL Certificate Protection – Protects one domain name. A certificate purchased for www.domain.com will only allow you to secure all the pages on www.domain.com/ Ideal for – Suitable for a single website, small to medium business managing a limited number of websites.

2. Wildcard SSL Certificate Protection – Protects a single domain and all sub-domains of that domain. This certificate will secure www.domain.com, it also protects blog.domain.com, help.domain.com, etc. Ideal for – Suitable for fast growing business as this certificate will automatically secure any sub-domain added.

3. Multi-Domain SSL Certificate Protection – Allow to protect up to 100 domains. A multi-domain certificate can secure multiple different domains such as domain-a.com, domain-1.com.sg, etc Ideal for – Suitable for large business that has different entities. It's easy to manage and keep track using a single certificate.

[rainit2006]

Types of SSL certificate

There are three types of SSL certificate – Domain Validated (DV), Organizational Validated (OV), and Extended Validated (EV).

1. Domain Validated (DV)

Verification – DV only verifies that the applicant is the registrant of the domain. Implementation costs – It takes few minutes to few hours. The fee is minimal. Ideal for – Suitable for small websites or blogs.

2. Organizational Validated (OV)

Verification – OV verifies the ownership of the domain including full company name and address details. Implementation costs – It might take a few days. The fee is higher than DV. Ideal for – Suitable for organizations and medium-sized businesses.

3. Extended Validated (EV)

Verification – EV requires an extensive validation of the business that turns the address bar to green. Implementation costs – It might take up to weeks. EV is the most expensive SSL certificate. Ideal for – Suitable for websites that conduct financial transactions.

Despite the types of validation, all the certificates are having the same levels of data encryption. The only difference is the assurance about the identity of the business behind the website. You can compare SSL prices and features from all major brands at The SSL Store.

Example

Here are examples of different types of validation: Examples: Moz and Amazon (left) have the standard SSL validation (DV or OV) – The address bar shows “Secure”. Telling visitors that the connection between the browser and the website is encrypted. American Express and PayPal are using extended SSL validation – The company name is showing on the address bar in green color – The “Green Bar” Both companies went through extensive validation to make sure the business entity is legal.

[rainit2006]

FQDN: 「Fully Qualified Domain Name」の略で、 日本語では主に「完全に指定された(限定された)ドメイン名」などと訳されますが、 「絶対ドメイン名」と呼ばれることもあります。

CSR（Certificate Signing Request） SSLサーバ証明書を発行するための証明書署名要求のことです。CSRには公開鍵の情報と、組織名や所在地等の情報（Distinguished Name＝識別名）が含まれており、サイバートラストは提出されたCSRにサーバ認証機関の署名を行い、サーバ 証明書として発行します。

[rainit2006]

Let's encrypt: https://www.youtube.com/watch?v=m9aa7xqX67c

• Keyword: Free!
• But, it only provides DV, doesn’t support OV and EV.
• Let’s encrypt certificates are valid for only 90 days.
• Use “Certbot” tool to get the certification。Certbot is a free, open source software tool for automatically using Let’s Encrypt certificates on manually-administrated websites to enable HTTPS. https://certbot.eff.org/ Certbot renews certificates every 60 days.

[rainit2006]