Wednesday, September 08, 2010
DNS MX Spam and Virus Email Filtering ServiceHosted Corporate Email & Webmail ServicePartner (Affiliate) ProgramCustomer and Technical Support

 
 
Got a Question?
sales@netdexia.com


99.99% Uptime Guaranteed
You are guaranteed 99.99% uptime or we will credit your account 5% for every 30 minutes of downtime!

IBM® Canada Data Cener
The mxSENTRY and Hosted Email servers are co-located at IBM® Canada's Carrier Grade Data Center.

14 Day Satisfaction Guarantee!
If for any reason you are not satisfied with the service you are getting from Netdexia.com, simply cancel within 14 days and get your money back!

24 x 7 x 365 Technical Support
Technical support is provided to our clients through our helpdesk 24 hours a day, 7 days a week, every day of the year.

Frequently Asked Questions

What is SSL?
The SSL (and TLS) protocol is the Web standard for encrypting communications between users and SSL (secure sockets layer) e-commerce sites. Data sent via an SSL connection is protected by encryption, a mechanism that prevents eavesdropping and tampering with any transmitted data. SSL provides businesses and consumers with the confidence that private data sent to a Web site, such as credit card numbers, are kept confidential. Web server certificates (also known as secure server certificates or SSL certificates) are required to initialize an SSL session.

Customers know when they have an SSL session with a website when their browser displays the little gold padlock and the address bar begins with a https rather than http. SSL certificates can be used on webservers for Internet security and mailservers such as imap, pop3 and smtp for mail collection / sending security.

Why do my customers need a SSL certificate?
A SSL certificate is a 'must-have' for  customers who need to reassure their online customers that they are a legitimate business and that information passing between their browsers and the website cannot be intercepted. For any business managing financial transactions or dealing with sensitive customer data, a SSL certificate is a must.

What should I look for when purchasing a certificate?
There are several factors which should be considered prior to purchasing a certificate. Consider the following elements. Ask yourself the following questions:
 

  • What is the reputation and credibility of the certificate authority (CA)? How long have they been in business? How large is their customer base?
  • How ubiquitous is the root? Is it embedded in all of the popular browsers and therefore accessible to the widest audience?
  • Is the root owned by the CA, or is it a 'chained root' and that "borrows" the browser recognition of a Trusted Root CA?
  • What tools are at hand to assist you in managing your certificate? How easy is it to install, renew or revoke (if the certificate is compromised) a certificate?
  • Who vets the customer documentation prior to issuing the certificate? Is it the CA or has the responsibility been delegated to someone else?


What is a Single Root SSL Certificate?
When connecting to a webserver over SSL, the visitor's browser decides whether or not to trust the website's SSL certificate based on which Certification Authority has issued the actual SSL certificate. To determine this, the browser looks at its list of trusted issuing authorities - represented by a collection of Trusted Root CA certificates added into the browser by the browser vendor (such as Microsoft and Netscape).

Most SSL certificates are issued by CAs who own and use their own Trusted Root CA certificates, such as those issued by GeoTrust. As GeoTrust is known to browser vendors as a trusted issuing authority, its Trusted Root CA certificate has already been added to all popular browsers, and hence is already trusted. These SSL certificates are known as "single root" SSL certificates. GeoTrust owns the Equifax Secure eBusiness CA-1 root used to issue its certificates.

Some Certification Authorities, like Comodo, do not have a Trusted Root CA certificate present in browsers, therefore they need a "chained root" in order for their certificates to be trusted - essentially a CA with a Trusted Root CA certificate issues a "chained" certificate which "inherits" the browser recognition of the Trusted Root CA. These SSL certificates are known as "chained root" SSL certificates.

Installation of chained root certificates are more complex and some web servers are not compatible with chained root certificates.

For a Certification Authority to have its own Trusted Root CA certificate already present in browsers is a clear sign that they are long-time, stable and credible organizations who have long term relationships with the browser vendors (such as Microsoft and Netscape) for the inclusion of their Trusted Root CA certificates. For this reason, such CAs are seen as being considerably more credible and stable than chained root certificate providers who do not have a direct relationship with the browser vendors.

You can view the Certification Authorities who have their own root certificates by viewing the list in your browser.

Can I see which Certification Authorities have their own Trusted CA root present in browsers?
Yes. Your browser contains a Trusted CA root certificate store. You can access this by opening Internet Explorer, then go to Tools, select Internet Options, select the Content tab, click Certificates, select the Trusted Root Certification Authorities tab. You will then see a dialog box presenting a list of all Certification Authorities who own their own Trusted CA roots (you can examine the root certificate by double clicking it):

GeoTrust owns the Equifax root (Equifax Digital Certificate services became GeoTrust in 2001).

What validation process do SSL certificates use?
Companies that issue digital certificates such as GeoTrust provide consumers with confidence that the companies they secure are who they claim to be.

With physical companies, identification documents like photo ids and papers of incorporation are used to tell consumers who they are so if their products or services are defective, buyers can seek recourse. Online companies rely on digital certificates to promote their legitimacy and to protect their customer's information. To apply for a digital certificate they must prove to the certificate authority (in this case GeoTrust) that they have the credentials to present themselves as who they are online.

Customers wishing to purchase True BusinessID and True Business Wildcard certificates must fax in their articles of incorporation or provide a DUNS number as part of the provisioning process. They will then be assigned a ChoicePoint Unique Identifier (CUI) - equivalent to a DUNS number. The CUI adds a corporate profile to the information embedded in the digital certificate which can be viewed by your visitors.


What is GeoTrust's certificate refund and replacement policy?
You can replace a certificate for free, for the lifetime of the certificate, provided all core certificate details are the same. Simply search for the certificate order item in RWI2 and click on the 'resend certificate' button at the bottom of the page.

There are no refunds on any SSL certificate.

How long are digital certificates valid for?
All certificates are valid for 1 or 2 years.

When your customer's SSL certificate approaches expiry, we will send you emails reminding you of its expiration.

What is browser ubiquity or browser recognition?
Browser ubiquity is the term used in the industry to describe the estimated percentage of Internet users that will inherently trust an SSL certificate. The lower the browser ubiquity, the less people will trust your certificate - clearly, if you are operating a commercial site you require as many people as possible to trust your SSL certificate. As a general rule, any SSL certificate with over 95% browser ubiquity is acceptable for a commercial site.

Ubiquity is however not the only consideration in deciding whether one SSL certificate is better than another. Businesses that need to maximize customer confidence buy certificates from well known, long time security vendors e.g. GeoTrust who is WebTrust compliant.

What is a Certification Authority (CA)?
Not just anybody can issue trusted SSL Certificates. If they could then there would be no trust in SSL - and it could no longer be used commercially. Instead only Certification Authorities, or CAs as they are commonly known, can issue trusted SSL Certificates.

CAs have generally invested in establishing the technology, support, legal and commercial infrastructures associated with providing SSL certificates. Even though CAs are essentially self-regulated, the nearest to a regulatory body is the WebTrust compliancy program operated by AICPA/CICA. The majority of CAs comply to the WebTrust principles, however some CAs do not have WebTrust compliance. Those CAs who are WebTrust compliant display the WebTrust Seal, as seen below.
Ernst and Young Webtrust

The WebTrust Seal of assurance for Certification Authorities symbolizes to potential relying parties [e.g. to the end customer] that a qualified practitioner has evaluated the CA's business practices and controls to determine whether they are in conformity with the AICPA/CICA WebTrust for Certification Authorities Principles and Criteria. An unqualified opinion from the practitioner indicates that such principles are being followed in conformity with the WebTrust for Certification Authorities Criteria. These principles and criteria reflect fundamental standards for the establishment and on-going operation of a Certification Authority organization or function.
 
 
Home Contact NETDEXIA About NETDEXIA.COM Company Payment Options SSL Certificates
  
Copyright © 2006-2008 NETDEXIA.COM COMPANY. Used under license.
Use of this site is governed by the netdexia.com  Privacy Policy and Terms of Service
Domain names registered through NETDEXIA are governed by the Registrant Agreement and UDRP Policy
"NETDEXIA", "mxSENTRY" and "The Science of Email Protection" are among the trademarks owned by NETDEXIA.COM COMPANY.