All ordering and certificate issuance systems are running smoothly, however our US support team is navigating fallout from Hurricane Milton. During US business hours, phone support is unavailable and you may experience a longer than average wait when reaching out through our Live Chat. Thank you for your patience.
Automatic backups with one-click restore.
A comprehensive, all-in-one managed Security-as-a-Service solution.
Make Payment Card Industry (PCI) compliance simple.
Build trust with proven seals and certifications.
Easily protect your site against hackers and malware.
See and control all of your certificates in one tool.
Enterprise-class SSL/TLS mgmt. plus additional security solutions.
A robust certificate lifecycle manager from Sectigo.
Manually manage certificates with our specialized portal.
Adaptable application driver for Venafi’s Trust Protection Platform.
Connect ManageEngine’s Key Manager Plus with The SSL Store.
Over
in Partner Revenue Generated
PROFESSIONAL SSL/TLS
BUSINESS SSL/TLS
BASIC SSL/TLS
IDENTITY & ENCRYPTION
Managed Security Service Backed by Cyber Security Experts
Extended Validation
Organizational Validation
Domain Validation
Wildcard
Multi-Domain
Code Signing
What is Strong Encryption? Find out.
SSL/TLS Certificates provide secure transmission for your website, so it's important to understand how it does so, and what your options are for encryption strength. So let's quickly talk details.
First of all, what is Encryption? Encryption is the process of encoding messages so that only an authorized party can read it. In the context of web encryption, a web server (that hosts a website) is facilitating a connection with a client (a web browser) in which all communication from the browser is essentially scrambled. The reason for this is so that third parties cannot intercept or manipulate that communication. The server, which has the correct key to decrypt (or in this example, unscramble) the communication is the only party that can read the communication.
Make sure that you support the proper SSL/TLS protocol versions…
Now, let's talk about encryption strength. There are two main factors contributing to your encryption strength: Your certificate's private key (also referred to as a key pair, or just key) and your server's configuration.
When it comes to your private key, you have two main choices: RSA or ECC (Elliptic Curve). RSA is a system that has been around for decades and is very reliable and widely supported by servers and browsers. When you see "2048-bit keys," that's referring to RSA. If you are not sure what you need, RSA is a safe default choice, and all SSL certificate products support it.
ECC is a newer technology that sits at the cutting edge of encryption strength and speed. If you are chasing the ultimate in performance, ECC is the choice for you. Support for ECC may not be available if you are running an older web server (notably, Windows Server 2003 or older, or a version of Apache earlier than 2.2.26). But on the client side, support should not be a problem, unless you have a large number of users on Windows XP. Not every SSL certificate we sell supports ECC keys, so keep that in mind when picking your certificate.
The type of SSL certificate you choose has no bearing on the options available during server configuration – the OS your server is running will dictate that. So cipher suites and protocol version are not something you need to worry about when picking a certificate. You will take care of those settings when installing the certificate.
Your connections will be secure whether you pick an RSA or ECC key. What's more pressing is your server's configuration. Here, we are concerned with the settings for cipher suites and SSL/TLS protocol versions.The cipher suite controls the encryption method that will be used once a secure connection has been established between your server and a client's browser. While there are a lot more options for cipher suites (so many that we won't get into specifics here), you can change the suites you are using at any time by just updating your server's relevant configuration files.
When it comes to cipher suites we are mainly concerned with server capabilities, not the client's browser. Some servers have been a bit slow to add support for the newest and strongest ciphers, but even more troubling is the default configuration of some servers which enable suites that are known to be unsafe.
How Does the Issuance Process Work?
You want to make sure that you support the proper SSL/TLS protocol versions. SSL and TLS are names for different versions of the same protocol. Just like cipher suites, it's your server's configuration that dictates what protocol version you use, and you won't want to use the older insecure versions (SSL 2.0 and SSL 3.0). Mozilla's SSL Configuration Generator provides presets for most major server OSs and takes care of both settings together.
Encryption Explained
Is EV Worth It?
Authentication
Authentication Level
Visual Indicators
Issuance Process
Site Seals
Certificate Warranties
Don't want to do it yourself? Let one of our experts install your SSL Certificate for you! Shop Now
We have the resources and know-how to guide you through each step of the validation process. Get Help
These SSL tools are available to our customers and resellers to help with common SSL issues. Use Our Tools