BEGINNERS GUIDE TO THAWTE SSL/TLS

INTRODUCTION
WITH THE EVER-INCREASING FEAR OF CYBERCRIME, SECURING
USER TRUST ONLINE IS NOW MORE VITAL TO THE SUCCESS OF AN
ONLINE BUSINESS THAN EVER BEFORE.
Whether youre in ecommerce or electricals, holiday cottages or hedge funds, your website
is one of your most important business assets. Its your 24/7 shopfront, and you need to
ensure that its secure and performing at its best.
SSL/TLS certificates provide the security that your website requires, and creates the trust
that visitors increasingly expect before interacting with it.
The Beginners Guide to Thawte SSL/TLS will rapidly demystify how SSL/TLS technology
creates this trust, and explains why all SSL/TLS certificates and the Certificate
Authorities issuing them are not created equal.

BEGINNERS GUIDE TO THAWTE SSL/TLS

SO, WHAT IS SSL/TLS?

SSL STANDS FOR SECURE SOCKETS LAYER, AND IT IS A SECURITY
PROTOCOL DEVELOPED BY NETSCAPE IN 1995. TRANSPORT LAYER
SECURITY (TLS) IS THE SUCCESSOR TO THE SECURE SOCKETS
LAYER (SSL).
Over the last twenty years, SSL/TLS has become the foundation of modern website security,
and is now a universal technology used to secure data transmissions across the Internet. It
is built into every major web server and web browser today.
Many People associate SSL/TLS only with encryption, but an SSL/TLS certificate actually
provides four distinct features - all of which are critical to ensuring privacy and security:
encryption, integrity, authentication, and non-repudiation.
It may seem complicated, but SSL/TLS is actually simple to understand. So essential is
the security it provides, its now difficult to imagine the Internet without it.

BEGINNERS GUIDE TO THAWTE SSL/TLS

WHY DOES YOUR

BUSINESS NEED SSL/TLS?
ANY ORGANISATION TRANSACTING BUSINESS ONLINE NEEDS SSL/TLS.
Why? Because, once you understand exactly what dark forces you are up against by failing to
encrypt your data and that of your customers to the highest levels, and how that failure can have a
devastating effect on your online business and reputation, the Must will become self-evident.
Unprotected sensitive data is the bread and butter of attackers, leading to identity theft, fraud and
theft of financial resources from your customers. And the attackers arent fussy about what size of
business you are either. Data breaches happen to large and small, public and private companies.
So, if you think its only the more high-profile enterprises they have in their sights, you are wrong.
Whatever the scale and reach of your business online, failure to protect your customers data by
not encrypting the data or neglecting to protect the encryption keys is like opening the bank
vault and saying to the hackers: Help yourself. Anyone whos suffered a data breach will know
that the costs associated with that can be punitive and wide reaching, particularly lost sales, and
brand and reputational damage. And yet, many businesses are still leaving themselves and their
online customers dangerously exposed.
BEGINNERS GUIDE TO THAWTE SSL/TLS

HOW SSL/TLS ACTUALLY WORKS

IN A SIMPLIFIED FASHION, THIS IS WHAT HAPPENS WHEN A CUSTOMER
VISITS A WEBSITE SECURED WITH AN SSL/TLS CERTIFICATE. IT ALL
HAPPENS IN A MATTER OF MILLISECONDS AND ITS KNOWN AS THE
SSL/TLS HANDSHAKE.
1
2
3
4
5
6

The customers browser attempts to connect to the website secured with SSL/TLS.
The browser requests that the web server identify itself.
The server sends the browser a copy of its SSL/TLS certificate.
The browser checks whether it trusts the SSL/TLS certificate.
The browser also checks the certificate status to see if it is valid, or if it has been revoked.
Your server shares the public key with the browser. They use that key to securely agree
on the session key that is used to set up a secure and encrypted channel to exchange
data through.
Once a secure, encrypted connection is established, the customer will see that the
website address begins https rather than just http.

BEGINNERS GUIDE TO THAWTE SSL/TLS

THE SSL/TLS
END-USER EXPERIENCE
VISITORS TO A WEBSITE DONT NEED TO BE IT EXPERTS TO SEE THAT IT IS
PROTECTED WITH AN SSL/TLS CERTIFICATE, THEIR WEB BROWSERS
PROVIDE VISUAL CUES TO LET THEM KNOW.
One prominent visual cue is that the web address will start with https:// instead of http://.
In addition, most browsers including Google Chrome, Internet Explorer, Firefox, and Safari
display a padlock icon. When clicked it displays details about the SSL/TLS certificate, including
which Certificate Authority issued it, and which company owns it.

BEGINNERS GUIDE TO THAWTE SSL/TLS

SSL/TLS ALSO AUTHENTICATES

WHEN ISSUED BY A REPUTABLE CERTIFICATE AUTHORITY (CA), SSL/TLS
CERTIFICATES ALSO SERVE TO AUTHENTICATE A WEBSITE, A PROCESS
THAT REQUIRES THE CA TO PROVE THAT THE OWNER OF THE SITE IS
WHO THEY CLAIM TO BE.
The CA takes the time to research the site and verify its authenticity, a step that provides assurance
that it is legitimate. Usually, a CA will request business registration documents and other types of
proof to confirm the information.
While it is possible to self-sign SSL/TLS certificates - where an individual creates a certificate and
claims legitimacy - only if a website has been authenticated by an independent CA, everyone can
trust that it is genuine.
Websites that use self-signed certificates may trigger some browsers to display a warning
to end-users suggesting that the connection may not be trusted.

BEGINNERS GUIDE TO THAWTE SSL/TLS

THE DIFFERENT TYPES

OF SSL/TLS CERTIFICATES
THERE ARE THREE MAIN TYPES OF SSL/TLS CERTIFICATES CURRENTLY
AVAILABLE - ORGANISATION VALIDATED (OV) CERTIFICATES, DOMAIN
VALIDATED (DV) CERTIFICATES, AND EXTENDED VALIDATION (EV)
CERTIFICATES.
The most crucial thing to note is that all three levels of SSL/TLS certification essentially do the
same thing: they check the legitimacy of the domain owner and they enable the encryption of
information exchanged on your website, such as credit card information or an email address. In
essence, each level provides exactly the same standard of security. Where they differ is in the
extent of vetting involved and, therefore, how long the validation takes to complete from
minutes for domain validation to up to ten business days for extended validation and how much
confidence they command.

BEGINNERS GUIDE TO THAWTE SSL/TLS

DV SSL/TLS
DUE TO CUSTOMER PRESSURE TO PRODUCE A LOWER-COST
ALTERNATIVE, SOME CAs OFFER DOMAIN VALIDATION ONLY OR
DV SSL/TLS CERTIFICATES WHERE THE CA ONLY VERIFIES THE
DOMAIN NAME.
As a result, domain-validated certificates are issued very quickly, but no company information
is checked or displayed on the certificate, making it easier for internet criminals to gain this
type of certificate from irresponsible CAs.
WHEN TO USE DV:
Situations where trust and credibility are less important
Easy to obtain
Fast issuance
Use only for web-based applications that are not at risk for phishing or fraud
Don't use for public facing sites or sites that handle sensitive data, like log in's

BEGINNERS GUIDE TO THAWTE SSL/TLS

OV SSL/TLS
OV SSL/TLS CERTIFICATES ARE THE ORIGINAL SSL/TLS CERTIFICATE,
AND CAs USE A ROBUST VERIFICATION PROCESS BEFORE A
CERTIFICATE IS ISSUED.
This might include checking the address where the company is registered and the name of a
specific contact. This vetted company information is displayed to visitors on the certificate,
making the ownership of the site much more visible.
WHEN TO USE OV:
Public-facing websites dealing with less sensitive transactions
More thorough vetting process than DV
Company information is displayed to users
Provides a certain level of trust about the company who owns the website.
Doesnt offer the highest visible display of trust like EV SSL (green browser bar)

BEGINNERS GUIDE TO THAWTE SSL/TLS

EV SSL/TLS
EV SSL/TLS CERTIFICATES TAKE CUSTOMER TRUST TO THE NEXT LEVEL
AND TURN THE ADDRESS BAR IN CUSTOMERS WEB BROWSERS GREEN
TO ASSURE AT A GLANCE.
EV verification guidelines, drawn up by the CA/Browser Forum, require the CA to run a much
more rigorous identity check on the organisation or individual applying for the certificate.
This can be a time consuming process, but its worth it.
WHEN TO USE EV:
E-commerce sites and websites handling credit card and other sensitive data
Use EV SSL for the highest visible display of online trust
Comes with the green browser address bar
Increase user trust and lower bounce rates and shopping cart abandonments
Recoup the extra cost of an EV certificate in the form of increased revenue
Strengthen your credibility and brand by showcasing your commitment to online security

BEGINNERS GUIDE TO THAWTE SSL/TLS

CHOOSING THE RIGHT

SSL/TLS PROVIDER
RECENT RESEARCH SHOWS THAT 86% OF SHOPPERS LOOK FOR TRUST
MARKS1 LOGOS FROM ONLINE SECURITY COMPANIES - AND THEN FEEL
MORE CONFIDENT DISCLOSING PERSONAL INFORMATION.
Therefore, choosing a recognisable and credible SSL/TLS provider can be one of the most
important business decisions you make.
Before purchasing an SSL/TLS certificate, do some research and find out if the company is a
well-known and credible SSL/TLS provider.
Working with a provider that specialises in SSL/TLS security and associating your company
with its brand can also help bolster your sites reputation and trustworthiness.
1. Consumer Online Shopping Fears; survey conducted by Javelin Strategy:
http://www.firstdata.com/downloads/thought-leadership/fd_consumeronlineshoppingfears_research.pdf

BEGINNERS GUIDE TO THAWTE SSL/TLS

GETTING SSL/TLS
ON YOUR WEBSITE
DEPLOYING AN SSL/TLS CERTIFICATE ON YOUR WEBSITE IS A
SIMPLE PROCESS.
Depending on the type of SSL/TLS certificate you purchase, it can take between a few minutes to a
few days for the CA to issue the certificate.
To obtain it you will first need to generate a certificate signing request (CSR) from your web server
to the issuing Certificate Authority.
Once you receive your certificate, you will then need to install it on your web server.
Installation is straightforward, and reputable CAs like Thawte provide all the support and
instructions you need.

BEGINNERS GUIDE TO THAWTE SSL/TLS

THE MANY BENEFITS OF SSL/TLS

An SSL/TLS certificates today is vital for the safety of online sales and interactions
Using an SSL/TLS certificate on your site sends a clear message that you care about the
safety of people who visit, and your site can be trusted
Consider opting for EV SSL/TLS to build greater trust in your site and better protect your
online reputation
Not all certificates are created equal - choose a credible Certificate Authority such
as Thawte.

BEGINNERS GUIDE TO THAWTE SSL/TLS

8 KEY FEATURES OF THAWTE

Strongest SSL encryption
Protect confidential information exchanged during shopping, banking, secure sign in, and account selfservice
interactions with up to 256-bit encryption.
Increase conversions
As the world's first international Certificate Authority, Thawte has a 20-year proven track record of providing
world-class security to customers in 190 countries, creating customer confidence with globally recognized
local-language trust seals, and enabling more people to navigate the web securely in their own language.
Universal Browser compatibility - What 99+% Compatibility Means to You:
When you buy an SSL certificate, you expect it to secure transactions no matter how your users connect. But not all
web browsers, operating systems and SSL certificates enable strong enough encryption to protect valued data. And
not all SSL certificates are trusted the same way. Thawte SSL Certificates offer maximum encryption and trust.
Industry Leading support We are here to help:
Thawte has secured thousands small business web sites worldwide since 1995. Easy enrollment and expert support
help you get up and running fast. Timely renewal notices and online management ensure that your business stays
secure online. Let us help you pick the right SSL certificate for your business.

BEGINNERS GUIDE TO THAWTE SSL/TLS

8 KEY FEATURES OF THAWTE

Convenience We value your time:
Thawte delivers easy and efficient ordering and management of certificates, from product selection to certificate
management, to expert, multi-lingual customer support. Our Thawte Certificate Center mstreamlines your
certificate management process by enabling you to keep track of all of your certificates in one place and easily
renew, revoke and reissue from one central location.
Value for money The Smart choice:
Thawtes combination of digital certificate products, uncompromised infrastructure, global reputation, security
track record and world-class multilingual support make Thawte the worlds best value in online protection.
Infrastructure - A practical choice without compromise:
Thawte-branded certificates benefit from the strength and reliability of the Symantec authentication infrastructure.
Because SSL is our core business, we constantly improve our products to deliver the tools and features our
customers want and need.
Scalability We grow with you:
At Thawte, we understand the unique challenges youre going through in fact, we started in a garage, just like
many of our customers. Because weve walked in your shoes, our SSL certificates are ideally suited to ease your
growing pains and provide stable online security through each step of your business journey.

BEGINNERS GUIDE TO THAWTE SSL/TLS

More Information
If you have further questions, or would like to speak with a Sales Advisor, please feel free to contact us:

Via phone
US toll-free: +1 888 484 2983

UK: +44 203 450 5486

South Africa: +27 21 819 2800

Germany: +49 69 3807 89081

Email sales@thawte.com
Visit our website at https://www.thawte.com/ssl

France: +33 1 57 32 42 68