SSL FAQs

What are SSL, Secure Sockets Layer, and SSL Certificates?

The Secure Sockets Layer or SSL for short is a security protocol that helps users protect their data during transfer over the open Internet. There are two components in the protocol, one for the web server and the other for the web browser. The web server component is called a SSL Certificate, which contains a public and private key pair along with additional verified identification information. Whenever a user on the Internet navigates with their web browser to a secured domain, the respective web server will share its public key component with the web browser to establish an encrypted channel and a unique session key. The web browser then confirms that it validates and trusts the issuer of the SSL Certificate - the "SSL handshake". After this handshake a secure session has been established and messages are then private between the web server and the web browser.

What are encryption levels and 40-bit, 56-bit, 128-bit, 256-bit

Encryption is process of translating information into a mathematical code (encoding) that scrambles the original message while in transit over the Internet. The recipient who recieves the scrambled message can then use a reverse mathematical process (decode) to see the original message. The number of "bits" is the level or strength of the encryption, therefore, the higher number of bits (longer the encryption key) the harder it is to crack by unwanted viewing eyes. The current lower standard of 128-bit encryption would take a hacker a trillion years to break the code using the latest computers. Most SSL certificates today are either 128- or 256-bit encryption.

What is authentication with SSL certificates?

Authentication of SSL Certificates is a process in which a 3rd party verifies the identity of a website or domain. Fraudsters and criminals are now attempting to falsify SSL Certificates to trick users on the web. Therefore, before users share information, they need to know if they can trust the Web site's SSL Certificate. The third party verification protects users against fraud and phishing sites and is proof that the business entity and Web site are legitimate. The SSL provider (Certificate Authority) verifies a company's right to use a domain name since the provider uniquely issues specific domains to specific Web servers.

What is an Extended Validation (EV) Certificate?

Extended Validation or EV SSL Certificates are certificates that have been issued using an agreed upon industry standard. Essentially, SSL Certificates with extended validation show to users that a higher degree of validation has been passed in obtaining the EV SSL Certificate. In addition, they show that issuers themselves have passed an extensive EV audit process. Newer web browsers can recognize the higher standard of EV SSL certificate and can trigger web browsers to display the organization’s name in green inside the address bar as well as displaying the Certificate Authority that issued it. This visual validation to the web browser makes it difficult for phishers and counterfeiters to hijack your brand.

What is the documentation process for Extended Validation Certificates

The process includes standard verification requirements along with a legal opinion letter explaining that the individual requesting the EV certificate is authorized by the company to apply. The legal opinion letter can be and is often used to confirm a company's or organization's registration, address, telephone, domain registration, and business status. In addition, the issuer may even physically go and validate the physical address of the company or organization.

What is a Certificate Signing Request or CSR?

The Certificate Signing Request or CSR is a string of text generated by the operating system of the web server in which the certificate is intended to be used. Purchasers of SSL Certificates must provide this string of text through PSI Japan's control panel or API during the purchasing process.

How does a Wildcard Certificate Work?

A Wildcard Certificate provides SSL encryption for any first-level sub-domain of the domain name specified in the submitted CSR.

For example: Domain: mydomain.com

First-Level subdomains protected:

  • shop.mydomain.com
  • mail.mydomain.com
  • admin.mydomain.com
  • anything.mydomain.com

How does a Wildcard Certificate Work?

If all your customers are allocated their own sub-accounts in the Control Panel, they can simply login to their account and order an SSL certificate. The price they are shown will be the price you configured in your price plans. For API based customers, all creation, management, and renewals can be processed with the appropriate API command.