Embed Size (px)
Citation preview
John Hergenrather
Level2 Support
MarkMonitor
Frank Agurto-Machado
Senior Systems Engineer
Symantec
Gaining Customer Trust with SSL Certificates
Agenda
What is SSL? And how does it work?
Why SSL: Benefits of using SSL Certificates
Choose wisely: Pick the right SSL Certificate for your website
Expert tips: SSL Certificate best practices
What is SSL?
Let’s look at how it works
What is SSL?
SSL stands for Secure Socket Layer.
It’s used in Web browsers, instant messaging programs, email clients, and other software.
Establishes an encrypted session between two machines. Most frequently it is between a browser and a website.
What is SSL?
Let’s define some terms you will hear us talk about.
CSR (Certificate Signing Request)
A block of encrypted text that is generated on the server that the certificate will be used on.
Key Pair A combination of the public key and private key. These are generated on the server that you wish to protect. The public key is present in the final cert for everyone to encrypt messages to you, and only the private key on the server can decrypt them.
What is SSL?
Let’s define some terms you will hear us talk about.
CA (Certificate Authority)
A trusted entity that issues electronic documents that verify a digital entity's identity on the Internet. Example: Symantec. You’d send your CSR to the CA.
SAN (Subject Alternative Name)
Allows multiple values to be associated with a security certificate.
UCC (Unified Communications Certificate)
A single SSL certificate that secures multiple domain names and multiple host names within a domain name.
How SSL Works
SSL Certificates uses a Public Key Infrastructure (PKI) cryptographic system which consists of two keys:
Public key known to everyone and used to encrypt
Private or secret key known only to the organization that procured the SSL Cert and used to decrypt
The keys work together to establish an encrypted connection
Process:
SSL Certificates are from the Public Certification Authority (PCA)
CSR administrator will install it at the organization’s web server.
How SSL Works
How does the SSL Certificate create a secure connection?
Note that the SSL Certificate resides on your server. - It establishes trust. - It encrypts traffic between
the client browser and your server.
Browser sends “Hello” and requests a secure session from web server.
Web server responds by sending over its server certificate, containing information about the site, Certificate Authority, etc. and a public key.
After the browser verifies the certificate, it sends a one-time “session” key encrypted with the server’s public key.
Server decrypts the one-time “session” key using its private key.
A secure connection has been established. The padlock icon appears in the browser.
Why SSL?
Benefits of SSL Certificates
Do I need SSL?
It’s in the news almost everyday:
hacked accounts stolen credit cards identity theft
Your customers are VERY concerned!
Do I need SSL?
You need SSL if any of these apply to you:
Sites which require log-in or personal information
Domains used as email or name servers
E-commerce sites
Online banking
VPN access
Database and application servers
If you transmit the following sensitive information:
• Social Security Numbers
• Personal information
• Login credentials
Do I need SSL?
And you need it for other reasons too:
Trust: Your site visitors and customers feel safe when they
know their information is encrypted and secure between their machine and your server.
Maximize your potential: A lot of visitors will choose not to browse your website if it isn’t secure. Search engines also have started penalizing rankings of websites that aren’t protected by SSL. So in order to maximize the potential of your website or online business, you have to use SSL.
Prepare for the future: Non-secure sites are being phased out as more and more websites start using SSL.
Trust might seem like a fuzzy, intangible asset, but it delivers real, tangible results for your company.
“
Example of Trusted Websites
Example of Untrusted Website
Unsecured SSL Certificate "Red Site"
Choose Wisely
What type of SSL certificate do you need?
Where to Start?
The most reliable SSL certificates are issued by established, trusted certificate authorities. When you have one of these SSL certificates, you instill trust among visitors to your site.
• Examples of CAs – Symantec
– Digicert
– Comodo
Symantec SSL Certificates
Global reach
Compatible with every major browser
Maintains most strict validation processes for OV and EV Certificates
Includes three brands: Symantec
GeoTrust
Thawte
Extended Validation Standard
Most stringent validation criteria
SSL Certificate Authorities (CA) authenticates:
Domain ownership
Organizational identity (including business registration number)
Individual approver’s employment
Individual approver’s authority to obtain the SSL Certificate
Organization older than 3 years
Common name or organization on list of denied countries, blacklists or known phishing lists
Why Extended Validation (EV) SSL?
The pinnacle of proving to end users that this site has done the most to protect their data
Green address bar represents secure website
93% of users prefer to shop on sites with EV Certs
Shoppers are more likely to share credit card information
Supported by all browsers
93%
of users prefer to shop on sites with EV certs
Choosing the Right SSL Certificate
What are your specific security requirements?
Questions to ask:
Internal or external facing?
Is your site a marquee branded site?
Is your site customer facing
Are you collecting personal information?
Can the data being transmitted be used against you or your customers?
Is your site prone to Phishing attacks?
Are SAN values needed?
New Entrants to SSL Certs or Internal Applications
GeoTrust Quick SSL Premium
Concerned with cost above all else
Domain vetting
Fast turnaround
Unlimited server licensing
External Facing SSL Certs
Symantec Secure Site with EV
Openly shows security to users
Marquee Branded Sites, eCommerce, sites prone to Phishing attacks
The presence of the Norton Secured Seal means that information shared between the user and the website is encrypted. When clicked, a verification page opens containing information about your organization, the status of your malware scan, and SSL Certificate details.
Hosting Multiple Domains on a Single Server
GeoTrust True Business ID Wildcard Cert provides unlimited subdomains on a single server
Easier to manage than 5+ QuickSSL single certs
GeoTrust True Business ID with SAN values Cert provides coverage for up to 99 additional SAN values to be included
SAN values do not need to be of the same domain name but ownership must be validated
Each additional SAN value adds to the cost of the cert
Unlimited server licensing
Cert Process
Website administrator generates Certificate Signing Request (CSR)
Validation Install Cert
Expert Tips
SSL Certificate best practices
SSL Certificate Management Best Practices
Utilize management solution that allows quick and secure ordering
Centrally manage certs and domains within a single secure online environment
Ensure visibility into all issued certificates and track expiration dates
Ensure consistency between the domain name ownership (WHOIS), the
organization listed within the CSR, and the requesting organization for
fastest order processing
Never give out private key
Track the Key Pairs “Movement” within an Enterprise; multi-server environments
Leading the Way
• MarkMonitor and Symantec are trusted industry leaders
• We are committed to leading the way in website security
Management Solutions
Q&A
Thank You!
For information on MarkMonitor solutions, services and complimentary educational events:
Contact via email: [email protected]
Visit our website: www.markmonitor.com
Contact via phone: US: 1 (800) 745 9229 Europe: +44 (0) 203 206 2220
