Validating identity message
After all, anyone relying on the presence of an SSL Certificate will do so not just for the encryption factor, but also to indicate the legitimacy of the site.
Whether they realize it or not, consumers dictate that Certification Authorities have a duty to perform satisfactory validation for all SSL Certificate applicants.
SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.
In order to be able to generate an SSL link, a web server requires an SSL Certificate. SSL Certificate can be issued by anybody using freely available software such as Open SSL or Microsoft's Certificate Services manager.
In order to avoid such warnings the SSL Certificate must be issued by a "trusted certifying authority" - trusted third party Certification Authorities that utilize their trusted position to make available "trusted" SSL Certificate. Browsers and Operating Systems come with a pre-installed list of trusted Certification Authorities, known as the Trusted Root CA store.
This paper examines how we use SSL commercially and how good validation processes play a critical part in the preservation of a trusted e-commerce infrastructure. Secure Sockets Layer, SSL, is the standard security technology for creating an encrypted link between a web server and a browser.
This link ensures that all data passed between the web server and browser remains private and integral.
As a result of their "trusted" status, Certification Authorities have a responsibility to ensure they only ever issue SSL Certificates to legitimate companies.
This may only be achieved by employing stringent validation processes to ensure issuance practices only allow the SSL Certificate to be issued to a legitimate company.