In the definition of SSL secure protocol used to allow transmission of data from a client (the browser or device) to the server. There are other possible transmission routes, but most commonly it is from the client to the server.
This allows customers to safely enter their personal and financial information on a website with the confidence and trust that it is being transmitted with encryption. However, it goes beyond just basic encryption to additional levels of security. First, it uses a public and a private key combination to facilitate this encryption and decryption process.
The Keys
The private and public keys are really a random string of numbers and letters. The public key is part of the certificate and it is installed on the server. The private key is just that, it is private, and it is also installed on the server in a separate location accessible only to the server.
The browser or device has specific root certificates from Certificate Authorities that are embedded in the trust store for the device or the browser. These are root certificates that are trusted and approved. They allow the browser or device and the server to recognize each other as a trusted source.
Once this recognition occurs, which is known as an SSL handshake, data transmission occurs with the public key encrypting data going from the client (browser or device) to the server. The server has the private key, which has to match mathematically with the public key in order to allow the encrypted data to be read by the server.
Even if the data should somehow be intercepted it is not possible to decrypt the data unless the hacker had the private key. With 128/256 bit encryption for data and 2048 bit keys, it is virtually impossible with today's computer abilities to be successful with a brute force or other type of hacking attempt. Researchers suggest it would take millions of years of computing power to be able to hack one of these securely encrypted transmissions.
This is SSL technology is so important. Without it, consumers would not be confident in providing information online and ecommerce could not occur. This includes online banking, transmittal of other types of data in emails and all other forms or information exchange.
Getting a Wildcard
There are several different types of SSL/TLS products on the market. One of the most popular for any size of ecommerce or online site is the Wildcard. This is a specific type of SSL certificate that will provide security for your main domain (starting with www) as well as all subdomains.
Subdomains start with something other than www. This could be mail, photos, payments, docs or any other designation. These are separate directories or pages under the main domain. For example, subdomains of www.mycompany.com might look like:
- abc.mycompany.com
- mail.mycompany.com
- payments.mycompany.com
In order to create this type of SSL certificate, you will first need to generate a Certificate Signing Request.
The Wildcard SSL certificate request is generated on one of the servers in your network that the client will access. Depending on your network the Wildcard SSL certificate request or Certificate Signing Request (CSR) may be one type of server platform and other servers may be using a different platform.
It is still possible to convert the files after installation to work with any of the servers. Additionally, after completing the Wildcard SSL certificate request, you can use a file converter to change the format for the certificate, the intermediate certificate bundle and the private key file to match any server platform, distribution and version.
Each server will have a slightly different format for making the Wildcard SSL certificate request. By searching the knowledgebase by server type and the term "CSR generation" you can find easy to follow instructions. If you are renewing an existing certificate, we also provide information about that process as well.
It is important to remember that during the generation of the Wildcard SSL certificate request you will also create the private key. This needs to be secured and not shared or left on a system that can be accessed by anyone other than the IT administrator. If the private key is lost or shared, the certificate will have to be revoked as the private key cannot be replaced or changed.
If you need help with your Wildcard SSL certificate request or are wondering if this is the right SSL certificate for your website, talk to our staff. You can reach us by phone at +1 888 266 6361 or through the our chat system.