Blogs

    Publish
     
      • Avoid Browser Security Error Messages with Real SSL Browser Root Ubiquity

        Mar 29 2018, 10:10 PM

        by Ryan White 0

        Browser root ubiquity is an important requirement when deciding on a Certificate Authority (CA) for your SSL Certificates. Many CAs claim 99% browser ubiquity but this claim does not mean that every certificate will activate without triggering a security warning in a browser. Newer or smaller CAs may not have had their roots included in the root store for some browsers This is especially an issue for older browsers. VeriSign SSL does not have this issue. All browser manufacturers certainly remember to add VeriSign roots to their root store when new versions of that browser are released. This is not the case, however, for every SSL Certificate vendor out there. In the past, some CA roots have been left out when a new browser version was released. If a CA's roots are not included in a browser's root store, unsightly error messages can occur -- messages that can motivate users to abandon that session. This leads to lost opportunities for sales and creates dissatisfied customers who may or may not be lost forever. If you'd like to learn more about how trusted root stores work, see here. Today, a prominent company experienced this type of error on their web site. It happened after they received an SSL Certificate for one of their sites signed by a CA other than VeriSign (we don't like to name names, so we won't in this post). For this site, if a user visited the site on older versions of certain browsers, namely IE6 which still enjoys nearly 11% of worldwide browser market share, they would receive an error message indicating that the certificate was not trusted. Think about that. More than 1 in 10 visitors to this site were being shown a message that told them not to trust the site they were on. And all because the CA who signed that certificate (and who claims 99.3% browser ubiquity on their web site) didn't have their roots in the older browser. We all have to justify cost as we make our decisions in IT. Sometimes, site owners will get the impression that SSL is SSL and if I can save a few bucks, why shouldn't I? Browser root ubiquity is one of the many reasons why VeriSign SSL Certificates are not the same as all other certificates out there. The list of reasons why is in fact quite long, but we'll continue touching on that later...

        • Products
        • Code Signing
        • website security solutions
        • DigiCert Code Signing
        • DigiCert Complete Website Security
        • DigiCert SSL TLS Certificates
        • SSL Certificates
        • Products and Solutions
      • Free trial certificates now available on trusted roots

        Mar 29 2018, 10:39 PM

        by Tim Callan 0

        I'm very pleased to announce that yesterday evening we went live with an important new development in the SSL Certificate industry and a major milestone in the history of the technology. Symantec is now offering full-functioing free trial versions of our SSL Certificates on trusted roots. For many years we've offered a free test certificate version that came with an untrusted root. These certificates are useful for developers who are creating applications, but they don't serve the needs of everyone who would like an SSL trial version. Our new trial versions have trusted roots, which means you can actually stage them in the exact environment you want to run and expect all functionality to work just as they will in final production. But it gets even better. You can put one of our 30-day free trial SSL Certificates onto your production environment, and then after you've satisfied yourself that the certificate is meeting your expectations, you can simply sign up for the service and the existing certificate will continue to function for the next year. That means server administrators don't even have to go back to reinstall production certificates. Just keep the certs you already have in place, and they simply work. Nothing could be easier. How else can you take advantage of our new free trials? As you may know, we've asked our customers what effect they've seen on sales or completed transactions based on including the VeriSign seal or Extended Validation SSL's green address bar on their sites. We've heard from dozens of businesses that have explicitly measured these questions and who on the average have seen a 24% increase in completed transactions due to the VeriSign seal and a 17.8% increase due to the EV SSL green address bar. Nonetheless, I personally have spoken with online businesses on many occasions that would prefer to measure the upside for themselves. Well, now you can. Get a VeriSign SSL Certificate on free trial and test out the seal for yourself. Get an EV cert on free trial and test out the green address bar for yourself. We also released a free trial version of our standalone VeriSign seal. Online businesses that don't need SSL but still want to demonstrate their credibility as genuine, malware-free sites can try out a VeriSign Trust Seal for free as well. And if you don't know what you need, we have a handy comparison page where you can look at all three free trial products side by side to find the right one for you.

        • Products
        • Code Signing
        • website security solutions
        • DigiCert Code Signing
        • DigiCert SSL TLS Certificates
        • SSL Certificates
        • Products and Solutions
      • Trade names in Extended Validation SSL Certificates

        Mar 30 2018, 4:02 PM

        by Tim Callan 0

        As I discuss EV SSL with a variety of online businesses, one question I get a lot is about the name that appears adjacent to the address bar in compatible browsers. The question goes something like this, "We do business under the well-known brand of HipCoolStuff, but our company is actually called Old Stodgy Holding Corporation. We don't want the Old Stodgy name on our Web site. Nobody knows us by that name, and it's not the brand identity we choose to present to the public. What can we do about that?" The answer is that you're allowed to use any legal trade name that you possess in that address bar. A business may obtain EV certificates under an organization name that is a legally registered trade name of the organization in question (referred to in the EV guidelines as "Assumed Name"). VeriSign or the other CA must authenticate the legal status of that trade name as a valid name registered to the Organization before we are allowed to issue the certificate. Then when the certificate appears on the site, you will see the trade name first and then a parenthetical note with the legal name of the organization. For example, HSBC also owns the first direct Internet bank. On the first direct site<, the organization name is not "HSBC Holdings." Rather it is "first direct Bank (HSBC Holdings plc)." In my experience organizations are pretty buttoned up on trade names. The risks involved with building a brand on what is not a legal trade name are pretty unacceptable, and I don't recall ever having bumped into a company that got that one wrong. So if there's a name that you're trading under as your main brand, I expect you'll be allowed to put it in your EV SSL Certificates. If your company has several or many of these trade names, you can hold active certificates under more than one trade name concurrently (although each certificate will be limited to a single trade name for its duration, of course).

        • Extended Validation SSL
        • Products
        • Code Signing
        • website security solutions
        • DigiCert Code Signing
        • DigiCert SSL TLS Certificates
        • SSL Certificates
        • Products and Solutions