Back in 1998 I went onto AskJeeves in search of a local store where I could buy a specific soccer jersey. The jersey was only carried by online retailers, and even worse, they were all outside of the country. The final blow: they only took credit cards. Even though I knew what his answer would be, I asked my dad if I could use his credit card.
“No,” was his adamant answer. “Give my credit card number to someone on the Internet? You must be crazy!”
|What is a Certificate Authority? A Certificate Authority (CA) is an entity that issues digital certificates (SSL/TLS Certificates). A CA must be equipped with the right processes and technologies in order to be able to issue digital certificates.|
What is both amazing and scary about the Internet is that when you open a browser, you are opening a window to the whole world. As much as we try to make it so, the world isn’t always a good place.
Criminals not only have the ability to steal you money and property, they are also capable of stealing entire identities.
CAs are responsible for providing a channel for secure connections (by encrypting websites with SSL/TLS Certificates) as well as making sure those channels are not compromised by anyone with a stolen identity. Companies like Entrust Datacard issue thousands of Certificates a year and have to make sure that they are issued to the correct identity every single time.
As our world operates with many checks and balances to make sure we have a stable society, CAs are the checkers and balancers of digital identities. They offer secure, encrypted connections in exchange for money, but also in exchange for honesty. If you lie to a CA, they will find out, and they won’t do business with you. That’s what they do.
And this is something to be aware of. Encryption is one half of the SSL formula. There is an equally important aspect of an SSL Certificate that some CAs overlook: identity verification.
Some CAs have a reputation of being a bit “phishy” about identity verification by having low verification standards, and have paid the price for it by issuing certificates to false identities.
CAs that don’t take identity verification seriously could be compromised and have their verification procedure circumvented if they are not careful in how they proceed in verifying the identity of their customers. While some CAs value speed of issuance and low price over all else, they put themselves and their customers at risk of circumvention by not surrounding their core product – the SSL Certificate – with the proper procedures and execution of protocol that makes a CA completely reliable and trustworthy.
CAs like Entrust Datacard surround their basic encryption product with comprehensive support and management tools as well as expert verification departments to prevent bad eggs from getting into the system. Your place on the Internet should be secured by a CA that not only values your security, but also who you are.
When choosing a CA, there is a checklist of items to be aware of that can help you make the right choice. I’ve listed three keys to choosing a CA below, and we’ll explore this topic further in my next post:
Industry Standards: Does the Certificate Authority meet or exceed industry standards established by the WebTrustTM Program for Certificate Authorities or the European Telecommunications Standards Institute?
There when you need them: What kind of support is available to help with technical issues or installation assistance?
Verification practices: Are certificates issued by the CA passed through a verification procedure? Has the procedure ever been breached?
NEXT ON PROVE IT: How to pick the right Certificate Authority.