Understanding SSL Certificate Authentication
When a user visits your secure site, your web server will send a copy of your SSL certificate to the user's web browser. The information in the certificate will always include your web site's domain name, such as www.yourdomain.com, and sometimes it will also include your company's information. This lets the browser know that the web site it's connecting to is really the correct web site, and not an impostor or phishing site. This is authentication.
There are two types of SSL certificate authentication: full-authentication and domain-authentication.
Fully-Authenticated SSL Certificates
A fully-authenticated SSL certificate, such as True BusinessID EV and Wildcard SSL, will contain information about your domain name and the legal name of your business or organization. It will also contain the geographical location information for the city, state, and country where your business is registered to do business. Let's say you're visiting a secure web site that has a fully-authenticated SSL certificate installed. You know it's an SSL site because the gold padlock icon is illuminated in the bottom corner of your browser.
You can double-click the gold padlock icon from your Internet Explorer browser and it will display the information embedded within the SSL certificate of the site you are visiting.
On the General tab you can see that the SSL certificate is issued to a specific domain name, and has a validity period. The issuer of the certificate is also included. All SSL certificates will have this basic information: domain, validity period, and issuer.
If you click the Details tab you can find out even more about the SSL certificate for this site. Now click the certificate Subject on the left you can see who the certificate was issue to (see below). The CN is the Common Name for the certificate. The CN is another name for the site's domain name. OU stands for Organizational Unit and, the most important entry, the O field, which stands for Organization. The Organization field is the legal name of your business or organization. Following that are the Locality (city), State, and Country fields where you business is registered with your local or state government to do business.
Having this information available to you will help you determine who you're doing business with. It will also let you know that the site you think you're on is really that site and not some bogus phishing site trying to trick you.
The information on the business' legal name and location is part of a fully-authenticated SSL certificate. Before GeoTrust issues this certificate, the applying business has to fax in supporting proof-of-organization documents to prove its identity. Acceptable documents can range from your corporation's Articles of Incorporation to a sole-proprietor's local business license. When GeoTrust issues the SSL certificate, it has vouched for the business entity and its registered domain. This type of certificate can be applied for and issued in about one to two days.
Domain-Authenticated SSL Certificates
A domain-authenticated certificate, such as QuickSSL and QuickSSL Premium, will vouch for your domain only. It will not include any information about your company nor its location (except for the two-letter country code). If you were to bring up the SSL certificate Subject details you'd see something like the window below. Because your SSL certificate is not vetted at the company level you will not see information in the certificate for the company or its location. The upside is that because GeoTrust is not vouching for your company in a domain-authenticated certificate, you do not have to fax in any supporting business documents. This type of certificate can be applied for and issued, in most cases, in about 10 minutes.
Multi-domain SSL. It's Here!
Our Customers(see more)