Explore these pages to discover how DigiCert and its partners are helping organizations establish, manage and extend digital trust to solve real-world problems.
Secure Sockets Layer (SSL) certificates, sometimes called digital certificates, are used to establish an encrypted connection between a browser or user’s computer and a server or website.
SSL is standard technology for securing an internet connection by encrypting data sent between a website and a browser (or between two servers). It prevents hackers from seeing or stealing any information transferred, including personal or financial data.
TLS is an updated, more secure version of SSL. We still refer to our security certificates as SSL because it’s a more common term, but when you buy SSL from DigiCert, you get the most trusted, up-to-date TLS certificates.
HTTPS appears in the URL when a website is secured by an SSL/TLS certificate. Users can view the details of the certificate, including the issuing authority and the corporate name of the website owner, by clicking the lock symbol on the browser bar.
Customers are more likely to complete a purchase if they know your checkout area (and the credit card info they share) is secure.
SSL encrypts and protects usernames and passwords, as well as forms used to submit personal information, documents or images.
Even blogs and websites that don’t collect payments or sensitive information need HTTPS to keep user activity private.
In 2014, Google called for HTTPS everywhere to improve security across the web — and they rewarded SSL-secured sites with higher rankings. In 2018, Google went beyond search rankings and began punishing sites without SSL certificates by flagging them as “not secure” in the Chrome browser.
Not all TLS/SSL certificates are created equal. Beyond encryption, TLS certificates also authenticate the identity of a website owner. This provides an added layer of security which users can see if they look beyond the lock. Certificates are offered with three levels of this identity verification:
By clicking on the padlock icon in the URL bar you can verify the identity of the website owner. Unfortunately, most phishing sites today have a padlock and a DV certificate. That's why it's important to look beyond the lock in the URL bar. If a website is not willing to put their identity in the certificate, you shouldn't be willing to share any identifying information with them. If you see the organization's name, now you can make a better decision about who you trust.
SSL certificates establish an encrypted connection between a website/server and a browser with what’s known as an “SSL handshake.” For visitors to your website, the process is invisible — and instantaneous.
For every new session a user begins on your website, their browser and your server exchange and validate each other’s SSL certificates.
Your server shares its public key with the browser, which the browser then uses to create and encrypt a pre-master key. This is called the key exchange.
The server decrypts the pre-master key with its private key, establishing a secure, encrypted connection used for the duration of the session.
The short answer is yes. The long answer is that all major operating systems for
newer computers, tablets and mobile phones support SSL/TLS protocols. If you have
questions about the compatibility of older devices, contact our support team.
Just as websites are designed to be device and browser agnostic, SSL/TLS is supported by all major web browsers.
An SSL certificate can be supported by any server. It’s up to the browser to determine the security of a server during the handshake process.
Most cloud-based email providers use SSL encryption. Organizations can install an SSL certificate to protect private email servers.
Process of scrambling an electronic document using an algorithm whose key is 256 bits in length. The longer the key, the stronger it is.
Ciphers that imply a pair of two keys during the encryption and decryption processes. In the world of SSL and TLS, we call them public and private keys.
Machine-readable form of a DigiCert certificate application. A CSR usually contains the public key and distinguished name of the requester.
Entity authorized to issue, suspend, renew or revoke certificates under a CPS (Certification Practice Statement). CAs are identified by a distinguished name on all certificates and CRLs they issue. A CA must publicize its public key or provide a certificate from a higher-level CA attesting to the validity of its public key if it’s subordinate to a Primary Certification Authority. DigiCert is a Primary Certification Authority (PCA).
A set of key exchange protocols, which includes the authentication, encryption and message authentication algorithms used within SSL protocols.
Attribute value within the distinguished name of a certificate. For SSL certificates, the common name is the DNS host name of the site to be secured. For Software Publisher Certificates, the common name is the organization name.
Security issues preventing a secure session are flagged when a user tries to access a site.
The most basic level of SSL certificate. Only domain name ownership is validated before the certificate is issued.
Creates encryption keys based on the idea of using points on a curve for the public/private key pair. Extremely difficult to break using the brute force methods often employed by hackers and offers a faster solution with less computing power than pure RSA chain encryption.
Process of transforming readable (plaintext) data into an unintelligible form (ciphertext) so the original data either cannot be recovered (one-way encryption) or cannot be recovered without using an inverse decryption process (two-way encryption).
The most comprehensive form of secure certificate. The domain is validated and the company or organization undergoes a strict authentication process.
How users and servers securely establish a pre-master secret for a session.
Our consumer education campaign about how to view high-assurance Extended Validation certificates. In order to combat the meteoric rise of phishing websites on the internet that pose as legitimate companies while using a legitimate Domain Validated certificate and therefore have the same padlock as other certificates.
The key material used for a generation of encryption keys, MAC secrets and initialization vectors.
A one-way hash function arranged over a message and a secret.
A type of SSL certificate that validates ownership of the domain and the existence of the organization behind it.
The icon found in the URL bar of most major browsers to signal a website is secured by HTTPS encryption. The padlock is only the first layer of a TLS/SSL certificate. If users click on the padlock icon, they can determine if a website has done its due diligence to keep customers safe online.
The key material used for the master secret derivation.
Architecture, organization, techniques, practices and procedures that collectively support the implementation and operation of a certificate-based public key cryptographic system. The PKI consists of systems that collaborate to provide and implement the public key cryptographic system, and possibly other related services.
Server that protects host web pages using SSL or TLS. When a secure server is in use, the server is authenticated to the user. User information is encrypted by the web browser’s SSL protocol before being sent across the internet. Information can only be decrypted by the host site that requested it.
Type of certificate that allows multiple domains to be secured with one SSL certificate.
Abbreviation for secure sockets layer. Protocol for web browsers and servers that allows for the authentication, encryption and decryption of data sent over the internet.
Server certificate that enables authentication of the server to the user and encryption of data transferred between the server and the user.
A protocol used within SSL for the purpose of security negotiation.
Encryption method that implies the same key is used both during the encryption and decryption processes.
Transmission control protocol, one of the main protocols in any network.
Type of certificate used to secure multiple subdomains.