A Review Of PKI Certificate Levels For Domains
If you have an SSL/TLS product to protect your domain or subdomains, then you are already utilizing Public Key Infrastructure. Even if you haven't heard the term, it is a central component to all of the products as it provides the infrastructure and framework for the secure that all ecommerce sites, banking institutions and other types of websites where personal or financial information is exchanged between a browser and a server.
Within domain protection, there are various PKI certificate levels that are provided by top any top Certificate Authority. Comodo offers a range of different levels of validation through our certificates that provide the protection, trust and security required.
If you know the definition of SSL, you know that any certification is only as good as the trust recognition of the Certificate Authority. At Comodo, our root certificates are embedded in 99.9% of browsers and devices. We are also one of only a handful, and one of the original three vendors approved for the UC certificate distribution for use in Microsoft Exchange and Office Communications servers.
Public Key Infrastructure is not a specific technology component but rather a framework or an infrastructure for online security. It is created through the use of a unique pair of randomly generated keys that are assigned to a domain, or multiple domains on a single certificate, or to an email account and device.
The pair of keys includes a public key and a private key. Both are similar mathematically as they are generated to be able to decrypt or encrypt in use with the other. The paired keys only work together; there is no possibility of a private key from one pair working with a public key from another or vice versa.
This allows for information to be encrypted and sent to a server. If it is intercepted in between, the information remains encrypted and not usable. When it arrives at the server, it can be decrypted, ensuring only those that are authorized to access the information have the ability to do so.
The PKI Certificate Levels
There are several different types of SSL/TLS products that range from Comodo SSL for one domain to Wildcard certs or Multi-Domain options. Wildcards will secure a domain and all subdomains while a Multi-Domain or UC certificate can be used secure multiple main domains and subdomains.
Not all certificate types offered by Comodo are offered at all PKI certificate levels. This is set by the CA/Browser Forum that sets specific standards for how certificates can be approved and provided. At Comodo, we follow the AICPA/CICA WebTrust for Certification Authorities Principles and Criteria and provide certificates at the various levels based on the policies and best practices of this body.
The basic PKI levels for domains include:
- Domain validation - this is the most basic level. The Certificate Authority is required to verify or validate that the applicant information on the Certificate Signing Request (CSR) matches the information on WHOIS to verify the entity making the request for the certificate has the authority to do so. This is a good option when there is limited personal information or financial information provided from the website.
- Organizational validation - this is the most common option for most websites requesting any personal or financial information. The Certificate Authority has to verify the domain information and then also search specific trusted databases to verify the information about the organization. This can be a business or an individual, but it proves not only the applicant has the authority but also is verified as being a who they say they are.
- Extended validation - of the PKI certificate levels this is the highest possible. It is only available to businesses, not to individuals, as it requires more specific information about the company. This will include verifying the company has a physical location and that it exists as a corporate entity.
The EV or extended validation is the only one of the PKI certificate levels that offers the iconic green address bar. This is considered the most comprehensive level of online trust and security and is used by most of the major ecommerce sites.
Not all SSL/TLS certs are available at all levels. For example, the Wildcard SSL is not available at the EV level, but it is available at the DV or OV designation. A Multi-Domain SSL is available at the EV level and is a great idea for many large companies with multiple domains.
To learn more about our PKI certificate levels, see us online at https://www.instantssl.com. If you need answers to questions, contact us via the website live chat or at +1 888 266 6361 if you want to talk in person.