SSL Certificates FAQ
- What is an SSL certificate?
- Do I need an SSL certificate for my website?
- Which SSL certificate should I order?
- How do I order (or renew) an SSL certificate?
- What is a Certificate Signing Request (CSR)?
- How do I generate a CSR?
- How do I install my SSL certificate?
What is an SSL certificate?
An SSL (Secure Sockets Layer) certificate has two main purposes:
- Security/Data Encryption: To provide a secure connection between two hosts by encrypting any data transferred between them, thereby ensuring that the data is only readable by the intended recipient.
- SSL certs are often encountered when entering sensitive data into an online form on a website, such as credit card numbers, banking information, passwords, or other personal information.
- The URL of a secure website will be prefaced with https instead of the usual http. (i.e. https://webmail.execulink.ca)
- Validation: To validate the identity of the organization for which the SSL certificate has been installed.
- Typically, there is some degree of organizational vetting that occurs when an SSL certificate is ordered. This can range from very basic to very in depth.
- The main purpose of this validation is to assure customers who may visit the SSL-protected website/server that they are interacting with a trusted host or legitimate organization.
Do I need an SSL certificate for my website?
If your website requires a user to enter any sort of sensitive information (i.e. passwords, financial or personal information, etc.), you should definitely have an SSL certificate. Some people also obtain SSL certificates to enhance a client's trust in their company's online identity and security.
Which SSL certificate should I order?
There are a slew of different SSL products out there from a myriad of different vendors, so it can quite confusing as to which one you should be looking at. Generally, there are 4 main considerations when looking at securing an SSL certificate:
Certificate Authority (Brand)
Execulink is able to offer SSL certificates through a number of the most recognized Certificate Authorities:
- Symantec (formerly VeriSign)
How many different domains and/or host names do you need to secure? The answer to that question will let you know what type of SSL cert to order:
- Standard SSL Certs: Usually secure only a single host name for a single domain (i.e. www.execulink.ca), though some will also allow the root domain (execulink.ca) to be secured as well.
- A separate Standard SSL certificate would be required for each additional host name that needs securing.
- SAN SSL Certs: SAN (Subject Alternative Name) certificates allow for multiple host names across multiple domains to be secured.
- For example, a single SAN SSL certificate could secure webmail.execulink.ca, www.execulink.ca, execulink.com, and www.execulink.com.
- The cost for the SAN SSL cert increases based on the number of host names that require securing. The more host names, the higher the cost.
- Wildcard SSL Certs: Secure all first-level sub-domains for one specific domain.
- Specifically, a Wildcard SSL cert will secure *.execulink.ca, where * represents one or more alpha-numeric characters. (Dashes are also permitted provided they are sandwiched between alpha-numeric characters.)
- This would include subdomain.execulink.ca, testing-123.execulink.ca, etc. It would not include a.b.execulink.ca (as this is a second-level sub-domain), xyz-.execulink.ca (since there is a trailing '-' on the sub-domain name), etc.
- Some Wildcard certs may also secure the root domain (i.e. execulink.ca), but by default, they usually will not.
How much vetting of your organization do you want the Certificate Authority (CA) to perform? The following validation levels are available:
- Domain Validation (DV): The Certificate Authority verifies the applicant's right to use the domain name in question, usually via an automated process. No other vetting is performed.
- This is generally the least expensive of the validation options, since no real vetting is performed by a live person. As a result, it also happens to be the quickest SSL cert to issue.
- The cost savings and convenience come at a price, however, as although these SSL certs with Domain Validation do offer the required encryption between servers and hosts, they do not vouch for the legitimacy of the underlying server/website/organization otherwise.
- SSL certs with only Domain Validation are generally not recommended for commercial use.
- Organization Validation (OV): This level of validation includes all steps completed for Domain Validation, plus the Certificate Authority also performs some vetting of your organization. This usually includes having a live person verify that your organization is registered with a valid government agency, amongst other things.
- SSL certs with Organization Validation are pricier than certs which offer only Domain Validation, and they also take longer to issue due to the additional vetting that is required.
- Organization Validation is the minimum validation level recommended for commercial use.
- Extended Validation (EV): This level of validation includes all verification steps completed for both the Domain and Organization Validation SSL certs, plus the Certificate Authority also performs an in depth vetting of your organization. This includes verifying your organization's legal, physical, and operational existence.
- Certs with Extended Validation tend to be the most expensive, and they also take the longest to issue due to the in depth vetting that must occur.
- Due to the extra vetting that is required for an Extended Validation SSL cert, they tend to give customers more confidence that they are interacting with a trusted website/server.
How much do you want to spend?
- Typically, Standard SSL certs are cheaper than SAN SSL certs which, depending upon the number of sub-domains that require securing, are cheaper than Wildcard SSL certs.
- Similarly, as the level of vetting/validation increases, so too does cost.
How do I order (or renew) an SSL certificate?
SSL certificates can be ordered (or renewed) through our Sales team. Feel free to reach out by phone (1-866-706-1994) or e-mail (firstname.lastname@example.org) to discuss your options. It is quite helpful if you have some idea about why you want an SSL certificate in the first place, and what features you may be looking for.
What is a Certificate Signing Request (CSR)?
A CSR is an encrypted block of text comprised of the following:
- Common Name (Host Name): The host name(s) that the SSL certificate is for.
- Organization Name: The legal name of your organization.
- Organization Unit: The division/department of your organization reponsible for the SSL certificate.
- Location Information: City, province, country.
- Contact E-mail Address: A contact address for your organization.
- Public Key: The public key used for your certificate.
- Note: A CSR must be generated with a minimum key size of 2048 bits.
A CSR must be generated on the server that the SSL certificate will be installed on. This must be done before an SSL certificate can be ordered.
How do I generate a CSR?
If your website is hosted with Execulink, we'll be able to generate the CSR on your behalf. To generate a CSR for any other (non-Execulink) server, you'll need to reach out to that particular server's administrator. (There are also a slew of online resources that specify the steps required to generate a CSR on different servers.)
How do I install my SSL certificate?
If the SSL certificate was ordered for a website that is hosted on one of Execulink Telecom's web servers, our web hosting admins will complete the certificate installation for you. If the SSL certificate was ordered for a 3rd party (non-Execulink) server, the installation of the SSL certificate is wholly the responsibility of the administrator of that 3rd party server.