SSL Basics
What
is SSL?
What
is a Server ID?
What
are authentication and encryption?
How
do Server IDs work?
What
is the difference between a 40-bit SSL Server ID and a 128-bit SSL Server ID?
Which
type of Server ID is right for my site?
--------------------------------------------------------------------------------
What
is SSL?
The
Secure Sockets Layer (SSL) protocol, originally developed by Netscape, has
become the universal standard on the Web for authenticating Web sites to Web
browser users, and for encrypting communications between browser users and Web
servers. Because SSL is built into all major browsers and Web servers, simply
installing a digital certificate, or Server ID, enables SSL capabilities.
--------------------------------------------------------------------------------
What
is a Server ID?
Installed
on your Web server, a Server ID is a digital credential that enables visitors
using Web browsers to verify your site's authenticity and to communicate with
it securely via SSL encryption.
--------------------------------------------------------------------------------
What
are authentication and encryption?
SSL
server authentication allows users to confirm a Web server's identity.
SSL-enabled client software, such as a Web browser, can automatically check
that a server's certificate and public ID are valid and have been issued by a
certificate authority (CA) - such as SafeScrypt - listed in the client
software's list of trusted CAs. SSL server authentication is vital for secure
e-commerce transactions in which users, for example, are sending credit card
numbers over the Web and first want to verify the receiving server's identity.
An
encrypted SSL connection requires all information sent between a client and a
server to be encrypted by the sending software and decrypted by the receiving
software, protecting private information from interception over the Internet.
In addition, all data sent over an encrypted SSL connection is protected with a
mechanism for detecting tampering - that is, for automatically determining
whether the data has been altered in transit. This means that users can
confidently send private data, such as credit card numbers, to a Web site,
trusting that SSL keeps it private and confidential.
--------------------------------------------------------------------------------
How
do Server IDs work?
A
customer contacts your site and accesses a secured URL: a page secured by a
Server ID (indicated by a URL that begins with "https:" instead of
just "http:" or by a message from the browser).
Your
server responds, automatically sending the customer your site's digital
certificate, which authenticates your site.
Your
customer's Web browser generates a unique "session key" to encrypt
all communications with the site.
The
user's browser encrypts the session key itself with the site's public key so
only the site can read the session key.
A
secure session is now established. It all takes only seconds and requires no
action by the user. Depending on the browser, the user may see a key icon
becoming whole or a padlock closing, indicating that the session is secure.
--------------------------------------------------------------------------------
What
is the difference between a 40-bit SSL (Secure Server) ID and a 128-bit SSL
(Global Server) ID?
The
primary difference between the two types of Server IDs is the strength of the
SSL session that each enable. SSL comes in two strengths, 40-bit and 128-bit,
which refer to the length of the "session key" generated by every
encrypted transaction. The longer the key, the more difficult it is to break
the encryption code. 128-bit SSL encryption is the world's strongest: according
to RSA Labs, it would take a trillion-trillion years to crack using today's
technology.
Microsoft
and Netscape offer two versions of their Web browsers, export and domestic,
that enable different levels of encryption depending on the type of Server ID with
which the browser is communicating.
40-bit
SSL (Secure Server) IDs, included with Secure Site and Commerce Site Services,
enable 40-bit SSL when communicating with export-version Netscape and Microsoft
Internet Explorer browsers (used by most people in the U.S. and worldwide), and
128-bit SSL encryption when communicating with domestic-version Microsoft and
Netscape browsers.
128-bit
SSL (Global Server) IDs, included with Secure Site Pro and Commerce Site Pro
Services, enable 128-bit SSL encryption - the world's strongest - with both
domestic and export versions of Microsoft® and Netscape® browsers.
Another
key difference between 128-bit SSL Global Server IDs and 40-bit SSL Secure
Server IDs is the number of server platforms that support them. Global Server
IDs are supported by many major platforms, while Secure Server IDs are
supported by a much longer, more comprehensive list of platforms.
--------------------------------------------------------------------------------
Which
type of Server ID is right for my site?
40-bit
SSL (Secure Server) IDs are ideal for security-sensitive intranets, extranets,
and low-volume Web sites. 128-bit SSL (Global Server)IDs are the standard for
large-scale online merchants, banks, brokerages, health care organizations, and
insurance companies worldwide.