SSL Resources
Symantec SSL Certificates provide solutions that allow companies and consumers to engage in communications and commerce online with confidence.

Vulnerability Assessment FAQ

What is a website vulnerability?

A vulnerability is a potential entry point through which a website’s functionality or data can be damaged, downloaded, or manipulated. A typical website (even the simplest blog) may have thousands of potential vulnerabilities.

What is vulnerability assessment?

Free with the purchase of every Extended Validation or Pro SSL Certificate (compare SSL Certificates), vulnerability assessment helps you quickly identify and take action against the most exploitable weaknesses on your website. Vulnerability assessment includes:
  • An automatic weekly scan for vulnerabilities on public-facing web pages, web-based applications, server software and network ports.
  • An actionable report that identifies both critical vulnerabilities that should be investigated immediately and informational items that pose a lower risk.
  • An option to rescan your website to help confirm that vulnerabilities have been fixed.

How do Symantec SSL Certificates help keep my site visitors safe?

  • SSL encryption protects online transactions and keeps data confidential in transmission.
  • Vulnerability assessment identifies weaknesses on your website that are most commonly used for attack.
  • Malware scanning alerts you if your website is infected with malicious software.
The combination of SSL encryption, vulnerability assessment and website malware scanning helps you provide site visitors with a safer online experience and extend security beyond https to your public-facing web pages.

How does Symantec help me avoid being blacklisted by search engines?

Google, Yahoo, Bing and other search engines scan and then blacklist or exclude any website found with malware. By using vulnerability assessment to identify exploitable weaknesses and taking corrective action, you may reduce the risk of hackers finding your site and attacking it. With daily website malware scanning, you have an early warning system if an attack occurs. Symantec includes both services for free with every Extended Validation or Pro SSL Certificate (compare SSL Certificates). Daily website malware scanning is included with every Secure Site SSL Certificate.

How do vulnerability assessments help companies manage security?

The Symantec vulnerability scan is designed to detect the entry points most frequently used for the most common attacks. The vulnerability report categorizes vulnerabilities based on type and risk and proposes corrective actions. This combination helps businesses quickly identify and remediate critical vulnerabilities, making it easier to secure your website. Vulnerability scans that have not been fine tuned may generate volumes of unneeded data about low priority vulnerabilities, obscuring the essential security measures that need to be taken immediately.

What are the most common types of attack?

SQL injection is used by hackers to gain access to your database. Cross-site scripting lets a hacker add code to your website to execute tasks. A few simple steps can protect against these common attacks if you know where the weaknesses are on your website.

Does the Norton Secured Seal change when vulnerabilities are detected?

No. A detected vulnerability does not affect the appearance of your trust mark. Vulnerabilities are not threats, they are entry points that may be exploited. By not connecting your seal to vulnerability scanning results, we help you maintain trust in your website and allow you to fix vulnerabilities on your own schedule.

What if I already have vulnerability scanning?

Vulnerability assessment does not replace PCI-compliant vulnerability scans. The service complements existing protection with an automatic weekly scan and an easy-to-read report of the most critical vulnerabilities. Free with your SSL certificate, vulnerability assessment can be combined with other scans to provide additional information to help decide how to take action.

Can I customize my scan?

Vulnerability assessment is designed to provide essential information without a complex set up or extensive management. You may change notifications and activate or deactivate starting points if you have multiple SSL certificates with different fully qualified domain names.

Which SSL certificates include vulnerability assessment?

Vulnerability assessment is included with Symantec Secure Site Pro with EV, Secure Site with EV, and Secure Site Pro SSL Certificates. Existing customers may activate vulnerability assessment for any of these SSL certificates by signing in to the Symantec Trust Center. New customers may activate the service after they complete their purchase.
Symantec Secure Site SSL Certificates do not include vulnerability assessment and it is not available for individual purchase. To add vulnerability assessment to your service, consider an upgrade.

From which IP addresses does the Vulnerability Assessment Service scan?

The Vulnerability Assessment Service can create multiple entries in your website's logs, and could cause issues with other software like intrusion detection systems. For this reason, you might want to create filters that allow access. View a list of IP addresses and server names our vulnerability scan is using.

Malware Scanning FAQ

What is malware?

Malware is short for malicious software and also known as malicious code. Hackers exploit security weaknesses on your server to gain access to your website and install malicious code. They use your website to spread viruses, hijack computers and steal sensitive data such as credit card numbers or other personal information. Malware code is not easily detected and may infect your customers’ computers when they visit your website.

How can I prevent my site from becoming a target for malware?

A typical website (even the simplest blog) may have thousands of potential vulnerabilities. By using vulnerability assessment to identify the most critical vulnerabilities for correction, you may reduce the risk of hackers finding your site and attacking it. Symantec SSL Certificates include daily scans for website malware and automatic weekly scans that look for vulnerabilities that hackers most commonly exploit. (Compare SSL Certificates for details).

How do I know if my website is free of malware?

Malicious code is hidden in the source code of your website and can be difficult to detect without line-by-line analysis. Some malware is activated by the display of a page and may not be detected without behavioral analysis of your code using a browser simulator. When you protect your website with a Symantec SSL Certificate, we include a free daily malware scanning service for your public web pages. If malware is detected, you will be directed to a list of infected pages and notified of the code causing the problem. Once you have deleted all instances of the code, you can request that your site be rescanned within 24 hours.

What does the service scan?

The daily website malware scanning service scans the website code located at the hostname used in the SSL certificate, including javascript and iframes. The service completes a static analysis of website code as well as behavioral analysis through a browser simulation to find code that may be activated by display of a page. The service does not scan every web page on your website, but reviews an optimal number of pages to identify malicious activity. It does not scan your network or search for malware on internal desktop computers or scan attachments or internal web pages that require sign-in.

What happens if malware is detected on my website?

If malware is discovered, you receive an email alert warning you of the malware infection with instructions to access the scan results within your Symantec Trust Center account or your Symantec Managed PKI for SSL console. The Website Security Services tab shows a list of infected pages and the code causing the problem. You or your website administrator can find and delete all instances of the malware and request that your site be rescanned within 24 hours.

When does the scanning service begin?

The website malware scanning service is activated automatically when your business has been authenticated. There is nothing to download or install for you or your customers. If you decide that you do not want your website protected by a daily website malware scan, simply sign in to the Symantec Trust Center or Symantec Managed PKI for SSL Console to deactivate scanning.

Do I have to activate malware scanning for every SSL certificate?

Scanning occurs by hostname. You may have many servers, each one secured by a unique SSL certificate and all of them providing content to a single hostname. The scan is of the html pages located at the hostname, not the servers themselves. As long as you have one active SSL certificate with the hostname, malware scanning is activated. If you decide that you do not want your website protected by a daily malware scan, simply sign-in to the Symantec Trust Center or Symantec Managed PKI for SSL Console to deactivate scanning of the hostname.

Can I customize the website malware scan?

Malware scanning may be turned on or off by signing in to your Symantec Trust Center account and clicking the Malware tab or signing into your Symantec Managed PKI for SSL console. Specific pages or sections of your website cannot be targeted.

Does this replace my enterprise scanning solution?

No. Symantec's website malware scan is designed to provide additional assurance to business owners and their customers that the site is regularly checked for malicious code. Traditional anti-malware software focuses on the end point: the desktop. Most enterprise scanning solutions are designed to protect employees from downloading or installing malware rather than protecting the company’s website from distributing malware.

What does blacklisted mean?

Because of the potential damage caused by malware, Google, Yahoo, Bing and other search engines scan and then blacklist or exclude any site found with malware. If your site is blacklisted, it may be blocked entirely or flagged with a security alert to discourage click through. In addition, anti-virus plug-ins to popular browsers can detect malware and block access to infected sites.

How can I protect my site from malware?

Like most thieves, malware hackers look for easy targets—such as a website where malware will go undetected for as long as possible. Posting the Norton Secured Seal on your website is like posting an alarm security sign in your front window. It shows hackers that your site is scanned daily to detect malware.

Norton Secured Seal FAQ

What is the Norton Secured Seal?

The Norton Secured Seal is a dynamic, animated graphic that displays on websites secured by Symantec SSL Certificates and websites authenticated by Symantec. When users click the Norton Secured Seal, a verification page opens containing information about your organization, the status of your malware scan, and SSL Certificate details (if you are an SSL customer).

How do I add the Norton Secured Seal to my website?

The steps are easy:
1. Purchase and install a Symantec SSL Certificate.
3. Create your seal script.
4. Copy and paste it onto your web pages.
5. Check your web pages to make sure the Norton Secured Seal displays correctly.

Where should I display the Norton Secured Seal on my website?

Symantec recommends that you insert the seal where site visitors look for proof of security and authenticity:
  • Your home page
  • The footer of interior pages
  • Shopping cart and checkout pages
  • Pre-payment pages
  • Log-in screens and on secure application pages
  • On pages that display security or privacy policy information
  • Next to checkout or submit buttons

Can I customize the Norton Secured Seal?

The Norton Secured Seal is displayed over half a billion times per day on websites in 170 countries. To maintain the value of trust in the seal and to comply with the terms and conditions of the license agreement, you should not modify the seal in any way.
The Norton Secured Seal is available:
  • in three sizes: small (100x72p), medium (115x82p) and large (130x88p)
  • in 13 languages
  • as an animated graphic (Flash)
  • as a static image (GIF)

Why is it important to display the Norton Secured Seal on my website?

The Norton Secured Seal is an indispensable tool in your effort to improve your customers' perception of safety and trust when they do business online. Displaying the seal on your website can help reassure visitors. In a recent study, 77% of consumers recognized the Norton Secured Seal in tests, more than any of our competitor’s trust marks (Source: Symantec U.S. Consumer Research, Jan. 2011). When consumers feel secure, they are more likely to convert from visitors to customers and less likely to abandon their shopping cart.

Can the Norton Secured Seal help increase online sales?

To maximize click through to your shopping cart, show customers that they can trust the link, trust the site, and trust the transaction with the Norton Secured Seal present at all stages of the purchase process. In recent tests, 94% of respondents were likely to continue an online purchase when they viewed the Norton Secured Seal during the checkout process, more than any of our competitor’s trust marks. (U.S. Online Consumer Study, February 2011)

Can the Norton Secured Seal help increase traffic from search engines?

One of your biggest challenges as an online business is standing out in search so that potential visitors click on your link. The Norton Secured Seal is displayed through Symantec Seal-in-Search, a feature that automatically displays the Norton Secured Seal next to your link in search results on enabled browsers. Norton Safe Web now displays the Norton Secured Seal next to website links protected by Symantec SSL Certificates. Additionally, the Norton Secured Seal demonstrates that you have passed a daily website malware scan which helps mitigate the risk of becoming blacklisted by search engines or blocked by anti-virus browser plug-ins that detect malware.

How soon will the Norton Secured Seal display on my site?

Installing the Norton Secured Seal takes just a few minutes. Once the pages are published, your SSL Certificate has been authenticated, and your website has passed a malware scan, the seal may take up to 2 hours to display. If this is the first time you've installed the seal using a particular common name, please allow up to 24 hours for the seal to display.

Why should I install the animated (Flash) version of the Norton Secured Seal?

Flash content animates the seal, making it more visible to site visitors and more valuable to you. If your website does not support Flash content, you can select a non-Flash version of the seal during the installation process.

Why isn't there a time and date stamp or organization name on the Norton Secured Seal?

Symantec conducted extensive market testing of trust marks with close to 1,000 participants across four continents. We determined that website visitors prefer a clean, simple seal design with maximum recognition. Date, time, organization name and additional trust and security information appear on the seal's verification page.

What should I do if I discover misuse of a seal?

Symantec actively monitors for misuse of seals. If you encounter a seal that is used incorrectly, please report it to Symantec via the Report Seal Misuse form.
Misuse might include:
  • A site that does not employ an appropriate Symantec security solution
  • Mismatched information on the seal's verification page
  • Missing information pop-up when the seal is clicked
  • A modified seal
  • A seal used in phishing or illegal activities
Note: Symantec is not responsible for content on a website on which a Norton Secured Seal is displayed.

Express Renewal and Automatic Renewal Service

Would you like to install an SSL certificate on your server and not have to worry about renewals and expirations? If your certificate expires or if your replacement certificate is installed incorrectly, the impact to your business can be huge. With Symantec SSL Certificates, you can now automate one of the most time consuming but critical parts of SSL certificate management: the renewal process.

Automated Certificate Renewal

Automate certificate renewals through a combination of Express Renewal and the Automatic Renewal Service (AutoRenewal). When you opt-in to these two features, your entire renewal process from enrollment through payment can be completely automated for up to four years*.
With Express Renewal, you won't need to generate a new CSR and you won't need to re-install your SSL certificate when it's time to renew.* Activate AutoRenewal and you won't even have to remember to pay for the renewal – we'll do it for you!

How Express Renewal Works

  • You must submit a minimum 2048-bit CSR to qualify for Express Renewal.
  • You select the type of certificate you need and the validity period.
  • Your certificate is valid for the length of your payment term (1-year, 2-year or 3-year). For example, if your payment term is for two years, you can renew your 2-year payment term certificate twice, to give you six years of express renewals.
  • When it's time to renew your certificate, all you need to do is pay for a new validity period (1-year, 2-year or 3-year payment term). You won't need to generate a new CSR and you won't need to re-install your certificate for up to four years for Secure Site and Secure Site Pro; and for up to two years for Extended Validation Certificates.

How the Automatic Renewal Service Works

To automate the renewal process even further, activate AutoRenewal during your initial enrollment. You can also activate AutoRenewal within your Symantec Trust Center account at any time.
  • We will automatically renew your certificate(s) for the same validity period that you selected today, at the prices in effect at the time of renewal (plus applicable taxes).
  • AutoRenewal requires that you pay using a credit or debit card stored on file.
  • We will charge your credit or debit card and we will notify you before we charge you. You will not need to do anything to make payment.
  • You may cancel at any time through your Trust Center account.

The only truly automated renewal process available today

Spend more time on important business initiatives and less time on SSL certificate management by eliminating the old-fashioned manual process of certificate renewals. Get Express Renewal with AutoRenewal. All certificates with a 2048-bit CSR that are issued after February 10, 2010 include Express Renewal and AutoRenewal capabilities.
*Express Renewal may be automated for up to 4 years for Symantec Secure Site and Secure Site Pro SSL Certificates. These products will need a new CSR and will need to be re-installed every 4 years. Express Renewal for Symantec Extended Validation SSL Certificates may be automated for up to 2 years. Extended Validation Certificates will need a new CSR and will need to be re-installed every 2 years to comply with mandatory industry standards.

Contact Sales

+852 30 114 683

Submit an Inquiry

Trust Center Sign In

Compare Symantec SSL Certificates
Get a Free Symantec SSL Trial
SSL Certificate Management Video