With Secure Sockets Layer or new technology, Transport Layer Security is the most commonly used SSL technology to encrypt communication between two computers. It can be used for web surfing, e-mail, e-commerce, instant messaging or Voip. SSL is the technology for encryption in one direction. Server-side SSL certificate encrypts end-user clients' connections and communications with the server. Thus, third parties who want to listen to the communication can not significantly analyze this communication and reach the content.
SSL is built on servers and encrypts communication one-way. On the server side for this encryption public and private key in the form of two keys are hosted. The private key is not transmitted out of the server in any way, only the public key is used to be hashed, so that the communication content is encrypted. To decrypt this password, the client-side public key that is issued by the server and the instant client private key created for communication are used.
Sites that use e-commerce should use websites that provide instant messaging services, banks, or end users with information on their servers. Important personal information such as user information, credit card information sent to the server by SSL is encrypted and 3rd parties are prevented from obtaining this information by listening to communication at the time of communication. In order to make sense even if the communication is heard or captured, both the private key on the server side and the private private key on the end user side must be obtained.
We classify SSL certificates as SSL certificates used for Web servers, SSL certificates used for Mail servers, SSL certificates used to sign Program or Code, and SSL certificates used for e-mail or authentication.
The types of certificates used for web servers are as follows; Certificates that do not validate Domain, Organization Validating Certificates, and Extended Validation SSL Certificates.
The certificates used for the mail servers are as follows; Non-Domain Certified Certificates, Organization Validating Certificates, or UCC Certificates Used for Microsoft Exchange.
When creating the certification authority certifying the domain certificates, it creates only by checking whether a domain with that name exists or not. This certificate is the lowest-level SSL certificate. It is sufficient to get the CSR code from the server where the domain is located and forward it to the certification authority.
According to the SSL that validates the domain that authenticates the organization, the domain that owns that domain is verified according to SSL. This is the required documents when obtaining SSL, the CSR code to be received from the server on which the domain is broadcasting, and the trade registry registration documents confirming the organization.
EV SSL certificate is the highest level certificate. EV SSL does what SSL certificates and domain validating SSL certificates do. This bar provides prestige to the organization that receives SSL. It creates trust for users in e-commerce organizations and thus increases profitability.
Except for the SSL certificate that you receive for your domain, SSL certificates are sent in 3 different names.
The certificate named "AddTrustExternalCARoot" from these certificates is the root CA certificate of Comodo.
The certificate "COMODORSAAddTrustCA" is an intermediate CA certificate.
The second certificate, which differs according to the SSL certificate feature, is the second intermediate certificate.
The certificate named "AddTrustExternalCARoot" is the root CA certificate of Comodo.
This certificate is named Serv COMODORSADomainValidationSecureServerCA Serv for DV SSL, id COMODORSAOrganisationValidationSecureServerCA Serv for OV SSL and id COMODORSAExtendedValidationSecureServerCA Serv for EV SSL
When you install the SSL certificate on your server, it is the certificate chain that confirms that this certificate was actually produced and sent to you by Comodo. This chain starts with a root certificate and continues with two intermediate certificates and ends with a certificate created for your domain.
For example, the chain would be: "AddTrustExternalCARoot de - & gt; Gt COMODORSAAddTrustCA SA - & gt; Gt COMODORSADomainValidationSecureServerCA AD - & gt; SSL Certificate for Your Domain “
If you have more than one domain on the same external IP, you can get SSL certificates separately for these domains. To do this, it is enough to have a server-side SNI (Server Name Indication) feature. The SNI feature is available on Microsoft IIS servers version 8 and later, on Apache servers version 2.2.12 and later, and on Tomcat servers version 8.5 and later.
A code signing certificate is an SSL certificate that confirms that code and code blocks written for a program are prepared by your organization and that these codes are prepared for a program that will benefit not for a malicious program. Apart from other SSL certificates, this certificate is not validated for encryption. Your programs that are signed with your approved codes will not issue an unknown provider warning on their operating systems. For example, Windows Smart Screen warning screens.
UCC certification is an SSL certificate for Microsoft mail servers and developed for Microsoft mail servers. UCC is a certificate certifying certificate organization, and unlike other certificates, it encrypts mail content, with the exception of username and passwords in the mail content. It is recommended to use in institutions where mail content is important.
You can sign e-mail content with e-mail certificates. The e-mails you have signed will show the confirmation that they were sent by you. Thus, fraud is prevented by mail. In addition, by sending digital signatures sent to the company, mail contents can be encrypted and sent. This creates an extra layer of security, or if important information in the mail content is encrypted to prevent other people from opening the mail in a meaningful way.
Documents that require e-signatures can be signed with a Personal Verification certificate, two factors can be used for authentication or can be used in programs that require personal verification. Unlike an e-mail certificate, this certificate type has validation capability. This certificate can also be used as an e-mail certificate. This certificate is also a certifying certificate of organization.