Introduction to SSL - Learn about Symantec SSL Certificates
Symantec SSL Certificates provide solutions that allow companies and consumers to engage in communications and commerce online with confidence.

Secure Sockets Layer (SSL): How It Works


What Happens When a Browser Encounters SSL

  1. A browser attempts to connect to a website secured with SSL.
  2. The browser requests that the web server identify itself.
  3. The server sends the browser a copy of its SSL Certificate.
  4. The browser checks whether it trusts the SSL Certificate. If so, it sends a message to the server.
  5. The server sends back a digitally signed acknowledgement to start an SSL encrypted session.
  6. Encrypted data is shared between the browser and the server.

Encryption Protects Data During Transmission

Web servers and web browsers rely on the Secure Sockets Layer (SSL) protocol to help users protect their data during transfer by create a uniquely encrypted channel for private communications over the public Internet. Each SSL Certificate consists of a key pair as well as verified identification information. When a web browser (or client) points to a secured website, the server shares the public key with the client to establish an encryption method and a unique session key. The client confirms that it recognizes and trusts the issuer of the SSL Certificate. This process is known as the "SSL handshake" and it begins a secure session that protects message privacy and message integrity.
Strong encryption, at 128 bits, can calculate 288 times as many combinations as 40-bit encryption. That's over a trillion times stronger. At current computing speeds, a hacker with the time, tools, and motivation to attack using brute force would require a trillion years to break into a session protected by an SGC-enabled certificate. To enable strong encryption for the most site visitors, choose an SSL Certificate that enables 128-bit minimum encryption for 99.9 percent of website visitors.

Credentials Establish Identity Online

Credentials for establishing identity are common: a driver’s license, a passport, a company badge. SSL Certificates are credentials for the online world, uniquely issued to a specific domain and web server and authenticated by the SSL Certificate provider. When a browser connects to a server, the server sends the identification information to the browser.
To view a websites’ credentials:
  • Click the closed padlock in a browser window
  • Click the trust mark (such as a Norton Secured Seal)
  • Look in the green address bar triggered by an Extended Validation (EV) SSL

Authentication Generates Trust in Credentials

Trust of a credential depends on confidence in the credential issuer, because the issuer vouches for the credential’s authenticity. Certificate Authorities use a variety of authentication methods to verify information provided by organizations. Symantec, the leading Certificate Authority, is well known and trusted by browser vendors because of our rigorous authentication methods and highly reliable infrastructure. Browsers extend that trust to SSL Certificates issued by Symantec.

Extend Protection beyond HTTPS

Symantec SSL Certificates offer more services to protect your site and grow your online business. Our combination of SSL, vulnerability assessment and daily website malware scanning helps you provide site visitors with a safer online experience and extend security beyond https to your public-facing web pages. The Norton Secured Seal and Symantec Seal-in-Search technology help assure your customers that your site is safe from search to browse to buy.

What would you like to do?

 
Buy a Symantec SSL Certificate
More value, no additional cost
Install Norton Secured Seal
Create your script
Try a Symantec SSL Certificate
Get a risk-free trial

Extended Validation and SSL Security

For businesses with a high profile brand, using Extended Validation (EV) SSL Certificates has proven to be an effective defense against phishing scams. For any online business, using SSL with EV may have a big impact on the bottom line. Online shoppers are more likely to enter their credit card and/or other confidential financial information into a website with the SSL EV green bar.

Phishing and Online Fraud Undermine Customer Confidence

Concerns about identity theft and browser warnings erode consumer confidence, even on secured pages.
To regain their trust, site owners need an easy, reliable way to show customers that their transactions are secure and they are who they say they are. Certificate Authorities and Internet browser vendors have combined forces to establish the EV standard for SSL Certificates.

The Green Address Bar Restores Trust with Extended Validation

An EV SSL Certificate gives customers more confidence that they are interacting with a trusted website and that their information is secure. An EV SSL Certificate triggers high-security web browsers to display your organization’s name in a green address bar and show the name of the Certificate Authority that issued it. The Certificate Authority uses an audited, rigorous authentication method and browsers control the display, making it difficult for phishers and counterfeiters to hijack your brand and your customers. Symantec Green Address Bar

Why Symantec EV SSL?

Symantec helped lead the development of Extended Validation and as of January 2012 has issued more EV SSL Certificates than any other Certificate Authority.* Our rigorous authentication practices set the standard for online identity assurance and are audited by KPMG. Continuous investment in research and infrastructure helps Symantec maintain the highest standard of practice in the industry and stay well ahead of evolving security risks.

What would you like to do?

 
Buy a Symantec SSL Certificate
More value, no additional cost
Install Norton Secured Seal
Create your script
Try a Symantec SSL Certificate
Get a risk-free trial
* Includes Symantec subsidiaries, resellers, and affiliates.

SGC: True 128-Bit SSL Encryption

Server-Gated Cryptography (SGC) certificates enable 128-minimum to 256-bit SSL encryption*, the most powerful SSL encryption commercially available today.
You need the strongest SSL encryption available, when...
  • you accept credit card, debit card, purchase card, or other online payments.
  • you allow network access to confidential bank or brokerage account information.
  • you transmit healthcare or insurance claim records electronically.
  • you must meet privacy and security standards as a government agency.
  • your reputation depends on the privacy and integrity of your information.

Over a Trillion Times Stronger

When an SSL handshake occurs between a client and server, a level of encryption is determined by the web browser, the client computer operating system, and the SSL Certificate. Strong encryption, at 128 bits, can calculate 288 times as many combinations as 40-bit encryption. That’s over a trillion times stronger. At current computing speeds, a hacker with the time, tools, and motivation to attack using brute force would require a trillion years to break into a session protected by an SGC-enabled certificate.

256-bit SSL Encryption

The Advanced Encryption Standard (AES) enables 256-bit encryption, much stronger than 128-bit. If your server and your site visitor’s browser support 256-bit encryption, then all Symantec SSL Certificates will deliver this higher level of protection.

When Browsers Fail to Step Up to Strong Encryption

Even though an SSL Certificate is capable of 128-bit or 256-bit encryption, certain older browsers and operating systems still cannot connect at this level. Without an SGC certificate on the web server, web browsers and operating systems that do not support 128-bit strong encryption will receive only 40- or 56-bit encryption. Users with the following browser versions and operating systems will temporarily step-up to 128-bit SSL encryption if they visit a website with an SGC-enabled SSL Certificate**:
  • Internet Explorer export browser versions from 3.02 but before version 5.5
  • Netscape export browser versions after 4.02 and up through 4.72
  • Windows 2000 systems shipped prior to March 2001 that have not downloaded Microsoft’s High Encryption Pack or Service Pack 2 and that use Internet Explorer

Protect Customers with the Strongest Possible Encryption

Because website visitors cannot easily determine the encryption strength of a given session, they depend on the site owner to protect them. True 128-Bit SSL Certificates enable every site visitor to experience the strongest SSL encryption available to them. Symantec is the leading SSL provider of SGC-enabled SSL Certificates, enabling 128-bit minimum up to 256-bit encryption to over 99.9% of website visitors.

What would you like to do?

 
Buy a Symantec SSL Certificate
More value, no additional cost
Install Norton Secured Seal
Create your script
Try a Symantec SSL Certificate
Get a risk-free trial

* Encryption level depends on the web browser, operating system, and host server.

** Internet Explorer browser versions prior to 3.02 and Netscape browser versions prior to 4.02 are not capable of 128-bit encryption with any SSL Certificate.
Symantec SSL certificates now offer you the choice of three different encryption algorithms—RSA, DSA, and ECC—to help you create a more secure and scalable future for your business.

Elliptic Curve Cryptography (ECC) Algorithm

  • An ECC certificate is included at no additional cost with all Symantec Premium SSL certificates.
  • ECC provides stronger security and increased performance: it offers better protection than currently adopted encryption methods, but uses shorter key lengths (e.g. 256 bit ECC key provides the same level of security as 3,072 RSA key). The result? Stronger security that can handle the explosion in mobile device and tablet connections.
  • ECC key lengths increase at a slower rate than other encryption method keys as security levels increase, potentially extending the life of your existing hardware and giving you a greater return on your investment.
  • Symantec's ECC certificate roots have been in place for over five years: You can be confident that your ECC certificate will work throughout your ecosystem
  • US Government approved: ECC is FIPS-certified (US Federal Information Processing Standard) and endorsed by the US National Security Agency.

Digital Signature Algorithm (DSA)

  • A DSA certificate is included at no additional cost with all Symantec Standard and Premium SSL certificates.
  • Delivers the same level of security and performance as the RSA algorithm, but uses a different algorithm for signing and encryption.
  • Offers a broader array of encryption options: You can install just RSA, just DSA, or both to enhance website security. (Apache server can support both RSA and DSA certificates in tandem on a single web server.)
  • Gives you more choices and greater flexibility to help make it easier to keep up with evolving national government requirements.
  • Helps maximize your ecosystem reach to everyone with whom your company does business.
  • DSA is US Government approved: DSA was created by the NSA in 1991 and is US Defense Security Service and FIPS-certified.

What would you like to do?

 
Buy a Symantec SSL Certificate
More value, no additional cost
Install Norton Secured Seal
Create your script
Try a Symantec SSL Certificate
Get a risk-free trial

* Encryption level depends on the web browser, operating system, and host server.

** Internet Explorer browser versions prior to 3.02 and Netscape browser versions prior to 4.02 are not capable of 128-bit encryption with any SSL Certificate.

Two Options to Try: 30-Day Risk-free Production Certificate or 30-Day Test Certificate

Symantec is the premier provider of SSL Certificates. Try any of our SSL Certificates on your site for FREE and find out for yourself why our products are used by 93 of the 100 largest financial institutions worldwide and 92 of the 100 largest banks worldwide. Or, if you simply need to test SSL encryption before you deploy it in a production environment, use an instantly-issued test certificate to do so.

 

Symantec SSL Trial Certificate

Symantec SSL Test Certificate

How to try
What visitors see Norton Secured Seal HTTPS in Browser Bar
If your website directly collects credit card numbers addresses passwords and other sensitive data lies in a test environment to where visitors will not navigate
If you want to
  • secure data transfer with SSL encryption
  • instill trust and customer confidence
  • communicate business legitimacy
  • increase site traffic
  • maximize conversion rates
  • secure data transfer with SSL encryption
  • test SSL encryption in a pre-production environment
What you get
  • Risk-free 30-day trial
  • Fully functional, production-grade SSL Certificate
  • Norton Secured Seal
  • Full business authentication
  • Website malware scan
  • Symantec Seal-in-Search
  • Risk-free 30-day test certificate
  • Ability to test encryption within your test environment
  • Instant issuance
More information
  • One trial permitted per fully qualified domain
  • Option to try any SSL Certificate including an EV SSL Certificate
  • Convert seamlessly to a full-term SSL Certificate – no need to create a new CSR or reinstall
  • Ability to test multiple times for the same domain
  • Limited to Secure Site SSL Certificates
  • Uses a non-production root
  • Not for use on publicly-facing websites

Contact Sales

1-866-893-6565 or

1-650-426-5112

Submit an Inquiry

Trust Center Sign In

Compare Symantec SSL Certificates
Get a Free Symantec SSL Trial
Beginner's Guide to SSL
Proof Positive for EV SSL