United States site (Change)     HOME | CONTROL PANEL    
Sargasso Networks

SSL Certificates

Frequently Asked Questions

What is SSL?

The SSL (secure socket layer) protocol is the web standard for encrypting communications between users and web sites. Data sent via an SSL connection is protected by encryption, a mechanism that prevents eavesdropping and tampering with any transmitted data. SSL provides businesses and consumers with the confidence that private data sent to a web site, such as credit card numbers, are kept confidential. Web server certificates are required to initialize an SSL session.

What is QuickSSL?

QuickSSL is a web server certificate that allows consumers and web sites to conduct safe e-commerce with encrypted SSL connections. QuickSSL web server certificates are compatible with 99% of all browsers. Historically, most SSL certificates cost $350 or more. QuickSSL relies on GeoTrust's fully automated systems to verify that a certificate purchaser has appropriate administrative rights to a web server's domain - all within ten minutes. With QuickSSL, you can assure your customers that their transactions and information are secure on the Internet without having to pay an unreasonable price.

What is the difference between QuickSSL and QuickSSL Premium?

QuickSSL Premium comes with all the features and benefits of QuickSSL, but also includes the QuickSSL Premium smart seal with dynamic date/time stamp. The smart seal is dynamically generated by GeoTrust and ensures that GeoTrust has authenticated the domain. Visitors to your site will also be able to click on the smart seal to verify that your certificate is still valid with GeoTrust, giving your customers and extra piece of mind.

What is True BusinessID?

True BusinessID provides a simple way for your customers to view your validated organization information via a trusted third party. True BusinessID will increase transactions and revenue by giving your customers the confidence and assurance to trust the identity of your web site. The result- a substantial increase in consumer confidence regarding your web site information, services, and/or products. Even if you don't have a web site brand name, True BusinessID will let your customers know you are legitimate.

How does a server certificate work?

The end-user's browser requests a secure channel (via "https:") from the server, and then - if the server has a cert - the browser and the server negotiate their highest common encryption strength (e.g., 128-bits), and then exchange the corresponding encryption keys (this exchange is normally done using 1024-bit encryption strength). The 128-bit encryption key is then used for this particular instance of SSL, for all from-to exchanges between the browser and the server. The next https session will have a new session key. The certificate guarantees the security of the connection between the browser and the server. Once data is in the server, it is up to the server admin to make sure the data remains protected.

What is the encryption strength of GeoTrust certificates?

All GeoTrust certificates are 128-bit. For each and every session, the server and browser negotiate and choose the highest common encryption strength between them. So if a 40-bit browser user hits your SSL-secured site, the resulting connection will automatically become a 40-bit strength encryption.

GeoTrust recommends that end-user Subscribers select the 1024-bit encryption strength or the equivalent descriptor option when generating their certificate requests. When the certificate's key length is 1024 or longer, the SSL session key will be 128 bit. If the certificate key length is 512, the SSL session key will be 40 bit or 56 bit.

If you are running Windows, see Microsoft's bulletin Q300398: "You install a 128-bit high encryption certificate onto Internet Information Server (IIS) version 4.0 or 5.0, then browse with a 128-bit enabled Web browser to IIS by using https://. However, the Web browser only makes a 40-bit or 56-bit Secure Sockets Layer (SSL) session with IIS (size 7927 bytes, updated 6/13/2001 12:54:00 PM GMT)"

Why are static IP addresses required for the certificate to work?

You need to have a separate IP address for each domain you want to secure. The reason for this is because a certificate is bound only to a domain name but, the SSL protocol is bound to static IP addresses; therefore, any certificate-enabled web site must have its own unique IP address. The IP can be real (routable) or internal (RFC 1918 non-routable address) but, it must be unique on a server.

How to I move a certificate from one ISP to another ISP?

You may be able to move your certificate from one ISP to another. Per our certificate licensing agreement, you must purchase a new certificate if you plan on continuing to use the certificate on its current location. Otherwise, it largely depends on the server compatibility and the willingness of your current ISP to assist you.

Your current ISP will need to export your key pair file from the server hosting your web site. Once you have the complete key pair file, you can provide it to your new ISP to import on their server. If your current ISP will not provide you with the key pair file, you will need to purchase a new certificate to use with your new ISP. If you have to purchase another certificate, please let us know and we will expedite the processing of the new request. In addition, you will not have to resubmit your business documentation as long as nothing has changed.

Please be aware that if the two ISPs are running different server types, you may not be able to import the key pair file due to server compatibility issues. If this happens, a new certificate will have to be purchased.

What type of Web Servers/Web Browsers do GeoTrust certificates support?

Please see the knowledgebase articles linked below, Supported Browsers/Servers

See Also



About Us

© 2002, 2003, 2004, 2005, 2006, 2008 Sargasso Networks. E&OE.
Legal | Contact us
^ Top