Frequently Asked Questions About Web Certificates
1. What is a Web-Certificate?
2. How does a web-certificate work?
3. Can you explain how a web certificate works in “Plain English”?
4. How can someone discern whether a website is using a web certificate or not?
5. How are your web certificates trusted by the browsers?
6. What browsers will my web certificate work with?
7. How do your web certificates work for different versions of browsers?
8. How long does it take to get a web certificate?
9. How strong are Tucows server certificates?
10. Is my web certificate tied to my IP address?
11. I am using several servers in a load-balancing configuration. How many web certificates do I need?
12. How do I correct information on my web certificate after it has been issued to me?
13. How do I check the status of my web certificate request?
14. How will I know if my enrollment was successful?
15. How much do your web-certificates cost?
1. What is a Web-Certificate?
A Web Server Certificate permits securer communication between a client and a server (say a customer’s browser and a web retailer’s server) or two servers (any servers who want to “talk” securely amongst themselves). Simply stated, a web-certificate is a digital document that has unique codes to identify the holder of the certificate to the person accessing the site.
A Personal Certificate is issued to individuals to certify their identity. One can use them to digitally sign email, documents, jar files etc. to prove that they were the author, and that the files have not been tampered with.
Acciss.net will be offering Web-Server certificates currently. Personal Certificates may be offered at a later time along with other security products.
2. How does a web-certificate work?
A Web-certificate functions as follows:
Whenever anybody transacts with a “secure” web-site, their browser (or server) authenticates the identity of the web-site using the web-certificate
If the site’s certificate is not valid, a warning is issued to the user, otherwise the web-cert creates an SSL (Secure Server Layer) session and encrypts any information exchanged during that session
This prevents communication from being intercepted and deciphered by nefarious people on the Internet.
3. Can you explain how a web certificate works in “Plain English”?
A Basically, when two parties (say a customer and the Amazon.com web-site) wish to “talk” securely (transfer the customer’s credit-card number to Amazon.com), then a web-certificate sets up a “secure” session that first verifies the true identity of the party that requests data transfer (Amazon.com).
If a certificate is valid, the other party (the customer) gets a message saying that its OK to “talk” to them (Amazon.com), as they are who they say they are. The other party (customer) then transfers the info (CC number) securely, without fear of any nefarious elements intercepting the data.
If the certificate is invalid, a message pops up saying so. Transactions can still occur, but at the risk of counter party fraud (It may be joesbooks.com tying to appear as Amazon.com)
4. How can someone discern whether a website is using a web certificate or not?
The pages of a web-site which are secured by a web-certificate are characterized by the following traits:
The URL of the secure web-pages change from http://… to https://
A lock symbol appears in the lower left-hand (right hand) status bar in Netscape Navigator (Internet Explorer).
If one wants to view and verify the encryption information of the secure pages, onw should simply undertake the following:
In Netscape – click on the lock symbol above and select “View Certificate” button
In Internet Explorer – double-click on the lock in the lower right-hand status bar.
5. How are your web certificates trusted by the browsers?
Our web certificates are automatically and transparently trusted by browsers. This trust is established because our supplier’s Root Certificate has been embedded in all major browsers.
6. What browsers will my web certificate work with?
The web certificates we issue work with 99% of the browsers in use today.
7. How do your web certificates work for different versions of browsers?
Netscape 4.72 and newer
The root certificate is embedded in this browser
Netscape any version before 4.72
The root certificate has been cross certified by a CA that is embedded in this browser
Internet Explorer 5.01 and newer
The root certificate is embedded in this browser
Internet Explorer any version before 5.01
The root certificate has been cross certified by a CA that is embedded in this browser
Cross Certification: The process by which two Certificate Authorities (CA) certify each other’s trustworthiness.
8. How long does it take to get a web certificate?
Companies will usually receive a web certificate within three business days after the verification has been complete. The verification period varies and relies greatly on the information provided by the company during the application process. Call an Acciss.net sales representative at 604.574.7225 or1.800.661.1775 for more information.
9. How strong are Tucows server certificates?
Tucows server certificates are 1024 bit capable and support 128 bit browsers.
The strength of the public key in the certificate is defined by you when you generate the key pair for your server. If you generate a 1024-bit key pair and submit the associated CSR (Certificate Signing Request), then the certificate you receive contains the 1024-bit public key. If you generate a 512-bit key pair then the certificate contains the 512-bit public key.
10. Is my web certificate tied to my IP address?
No, server certificates do not contain any information about IP addresses. However, the domain name listed in the server certificate must match the domain name of the server on which the Web server certificate is installed. The domain name can be mapped to any IP address.
11. I am using several servers in a load-balancing configuration. How many web certificates do I need?
You will need one web certificate for each of your secure servers (including any virtual servers).
12. How do I correct information on my web certificate after it has been issued to me?
You must issue a request to correct your information on your web server certificate. You can request one replacement web server certificate within 30 days of the certificate being issued without being charged. Any requests made after the 30-day period, or any requests outside the primary request, will require you to purchase a new web server certificate. If a processing error occurs, we will issue a new web server certificate at no cost to you.
In order to change any information, we must re-issue a new web certificate with the correct information and re-sign it – this preserves the integrity of the web certificate. All our web certificates are electronically signed by the Root Certificate. This electronic signature ensures that none of the information contained in the web server certificate has been modified or tampered with. See http://www.certificateregistration.com
13. How do I check the status of my web certificate request?
You can check the status of your order by calling an Acciss technical representative at 604.574.7225 or 1.800.661.1775.
14. How will I know if my enrollment was successful?
The Technical Contact, Authorized Contact and Bill Contact will receive an e-mail when your order has been processed. This e-mail includes a link to your request status page and links to each of the Web server certificates that have been issued. If any of your server certificate requests have not been approved the status page explains why.
15. How much do your web-certificates cost?
For additional information or a quote, contact our sales department at:604.574.7225, toll-free at 1.800.661.1755 or e-mail sales@acciss.net.