useful links, resources
useful links, webmaster
Q: What are security certificates?
A: Secure Sockets Layer (SSL) is a protocol designed to ensure secure communications between computers over an insecure network such as the internet. SSL provides encryption of the data between the client browser and the server. In order for this encryption to take place, "certificates" are used in the encryption process between the client browser and the web server (website). Certificates are issued by Certificate Authorities and web browsers by default have root certificates from a few companies such as Verisign which are pre-configured to be "Trusted" root certificates.
Q: Wait a minute, I don't like to install programs on my computer especially if they pertain to security.
A: No, this is not a program. It is a certificate which ends in .crt which is read by your browser.
Getting a certificate to enable SSL encryption at my website.
Q: Isn't this really like a lock for my door so that if I pay substantially more, the lock is probably made from better material so that it will hold up much better in case of an intruder "attack" so shouldn't I just go to one of the certificate vendors that charge much more to get a certificate which is made from better, more secure components?
A: No, certificates are not like door locks. Certificates are created using standardized methods of encryption. One popular one is RSA encryption. As well, browsers and servers using the standard method to use these certificates. This standardization ensures that the encryption, decryption process is possible across browsers and across platforms. This standardization ensures that the represented certificate is as good from one issuer as it is from another at that encryption level. This is fundamentally different from physical door locks where in addition to standards, it requies an additional compoenent materials which can vary greatly.
RSA encryption was patented and others could not use it to generate certificates unless they have a licence from the patent holder. This all changed on September 2000 when the patent expired and others could use the this encryption method.
Q: Why is it that there is a message telling me your certificate issuer is unknown or invalid whereas if I go to some other sites there is not such warning?
A: Originally Thawte and Versign were the primary issuers. They are actually the same company since Thawte was bought out by Verisign in 2000. By default, the popular browsers pre-install Verisign and Thawte root certificates so that if you browser comes across a certificate issued by them, it is trusted (eventhough you did not explicitly have to install their root certificates because its already done by your browser vendor).
Q: Aren't your certificates really just knock-offs of the real more expensive certificates issued by other companies. Just like an after market part for your car, it's really not as good as the real thing?
A: No, see our door example. Car parts include materials and standards. Certificates include standards.
Our system is free.. Our system allows you to conduct secure SSL encrypted transactions. Furthermore, you can use our system to secure other communcations online where an SSL certificate is necessary. There are many instance were our system can be useful. For instance, stores can use our system to securely receive order shipping information. Our system is a very useful security web tool.
these are other resources, resources
|
