How to secure your business with SSL?
When you have decided to apply SSL/TLS to secure your business, you probably want to find out which certificate is the right one, and moreover how you can reduce the number of certificates needed to simplify administration. In general the price of a certificate follows the security level and the number of domains covered. You certainly don’t want to pay more than needed. This article therefore contains an introduction to help choose the certificate most appropriate for your business.
Finding the certificate with correct assurance (security) level
Buypass provides three SSL/TLS certificate products supporting different assurance levels. An assurance level corresponds to the validation procedure applied to verify the ownership of a domain. The usage of the certificates and the desired level of trust with your customers determine which.
If you need to secure communication between servers, or make sure that your customer get visual cues in the browser such as the padlock our basic product SSL Domain is the right choice for you. This product will also avoid any “not secure” messages to pop up in the browser. This certificate contains domain name information only and is used where confidentiality is the most important factor.
SSL Business is recommended when you handle customer information. This is our most popular product. It includes information about your organisation (organisation validation) and the domain name(s). This makes your customers confident that they are communicating with your organisation’s website.
SSL Evident is our high-end security product. A green bar will be displayed in your browser. This is an important visual indicator ensuring a high level of trust for the end user. We recommend this product for services where confidence is of uttermost importance.
Encryption of credit cards details is mandatory following PCI DSS. SSL/TLS is a proven technology for satisfying this requirement.
How to simplify administration by minimising the number of certificates
A Buypass SSL/TLS certificate may be configured to cover several main domains and even an unlimited number of subdomain (or even subsubdomains). This reduces the number of certificates needed, and make administration of certificates easier.
An SSL/TLS certificate which covers several domains is commonly referred to as a multidomain certificate. Such certificates are useful for services spanning multiple domain names. This simplifies certificate management - and you pay less.
Choosing the wildcard option allows your certificate to secure an unlimited number of subdomains (or subsubdomains). Buypass even offers for advanced cases the possibility of combining multiple domains and wildcard within the same certificate. Wildcards can be configured for several levels in the same certificate.
Find below some examples illustrating the configuration options of Buypass SSL-certificates
Keep in mind that the wildcard will only cover subdomain names on that specific domain level. Therefore, the wildcard *.yourdomain.com will not cover the subdomain on the fourth level, such as sub.sub.yourdomain.com.
If you need to secure all subdomains on different levels, you need to include one wildcard for every level.
Which certificates do I need for Microsoft Skype and Exchange
Microsoft Skype for Business and Microsoft Exchange services are popular products world wide. Microsoft recommends to secure these services with SSL/TLS certificates to gain trust between the communicating parties. Skype for Business or Microsoft Exchange consist of several services and it’s convenient to combine this into one multi domain certificate. These certificates are commonly referred to as SAN or UC Certificates.
Buypass SSL/TLS certificates satisfy Microsofts security requirements for Skype for Business.
- EKU (Enhanced Key Usage) contain Server Authentication
- Contain CRL Distribution Point
- Issued only with SHA256 as the hash algorithm
- Requirements for RSA and at least 2048 bits key
A typical domain composition in Unified Communications (UC) environments may look like the following:
How to get SSL/TLS Certificate?
Before ordering an SSL/TLS certificate the webmaster has to generate a key pair consisting of a private and a public key. The private key must be kept secret, while the public key is included in a certificate signing request (CSR). A CSR forms the basis for generating a certificate together with information related to the domain. After required checks are completed, the certificate authority will sign the SSL/TLS certificate and make it available to the applicant. An SSL/TLS Certificate will contain one or more domain names, the company name and address information. Also, it will contain the expiration date of the certificate and details of the certification authority responsible for the issuance of the certificate.