|
|
Frequently Asked Questions
General
What is SSL?
SSL stands for Secure Sockets Layer, and it is the industry standard method for
protecting web communications developed by Netscape Communications Corporation.
The SSL security protocol provides data encryption, server authentication,
message integrity, and optional client authentication for a TCP/IP connection..
Data sent via an SSL connection is protected by encryption, a mechanism that
prevents eavesdropping and tampering with any transmitted data. SSL provides
businesses and consumers with the confidence that private data sent to a Web
site, such as credit card numbers, are kept confidential. Web server
certificates are required to initialize an SSL session.
What does the Warranty
actually mean?
We believe it is important to protect the end
user. If we were to mis-issue a certificate to a fraudulent site, and that
fraudulent site has an SSL link with an end user and as a result of this the end
user loses money. The end user had what they thought was a "trusted session".
The fraudster should never have been provided with the ability to engineer this
situation. Hence, we have taken out insurance to pay out money to the end user.
How can we do this?
1. We value the end customer
2. We believe the insurance provided greater peace of mind hence allows the
merchant to sell more products
3. Most importantly, we value our validation techniques (delivered through
www.idauthority.com) and our live human validation proceedures.
We pre-validate customers and provide validation
that is far higher than the majority of other SSL providers. Some CA's have very
weak validation hence they decide NOT to offer insurance! Finally, it is worth
pointing out, that we offer high validation, but not at the compromise of speed.
You can still obtain SSL instantly.
What are the differences
between your certificates and other providers certificates?
PeaceTrust is an actual provider of our own branded certificates. We
choose to compete in terms of quality, support and validation process. We do not
rely on volume sales as other CA's to lower the cost of generating certificates.
This allows us to be more competitive in the market place for a high quality
competitively priced security solution.
Technical
What Web browser programs are compatible with your SSL certificates?
Most of our certificates are compatible with Microsoft Internet Explorer™ 5.01
and higher and Netscape/AOL Web browsers version 4.51 and higher, comprising an
estimated 90% or more of all Web browsers in use today. All other commonly used
browsers may connect securely with Web servers using PeaceTrust SSL
certificates. However, some older browsers may display a dialogue box indicating
that the certificate is not trusted. This means that the certificated is not
located in the browser certificate store and, in most cases, the user will be
prompted to install it with a few clicks of their mouse.
Will certificates be
compatible with more Web browsers in the future?
SSL browser compatibility is increasing at an estimated rate of 2% per month and
it is anticipate that approximately 99% compatibility by the end of 2002.
What Web servers are
compatible with SSL certificates?
SSL certificates are compatible with all major Web servers.
How do I create a
certificate signing request?
See certificate-signing request generation instructions
(CSR)
instructions. (coming soon)
How do I install my SSL
certificate?
See SSL
installation instructions. (coming soon)
For ISPs
Is there an easier / faster way to send you my customer's requests?
Please contact us by phone or email.
Do you offer identity
solutions for my non-SSL hosted customers?
Yes! We will offer a wide range of Identity solutions that will be avaliable
shortly.
class="p1">Why is
"Browser Compatibility" so important?
SSL Certificates will only be trusted by a browser if the Root Certificate of
the CA is present within the "trusted Root Certificates" store of the browser.
CA Root Certificates are added into the trusted Root Certificate store by the
browser or operating system vendor, such as Microsoft or Netscape.
If you use an SSL Certificate that has been issued by a CA Root Certificate not
present in the trusted Root Certificate store, your browser will display warning
messages. Clearly you need to avoid such warnings. Ensure you avoid such
warnings by selecting an SSL Provider with a high browser acceptance level in
both Internet Explorer and Netscape.
What browser ubiquity do I need?
Anything less than 99% browser ubiquity will cause issues with some customers -
customers who may otherwise purchase from your site: REMEMBER CUSTOMERS = $$!
PeaceTrust , provides 99% browser ubiquity and is included in the base install
of Windows 98SE, ME, 2000 and XP.
.
Should I opt for an SSL Provider who is compatible with
older browser versions?
You can of course examine your web logs to determine the browsers used by
your customers. However, it is unlikely that a paying customer will still be
using IE4.00 or even IE3.00. The demographic studies conclude that such website
visitors will more than likely make little difference to your bottom line!
How about opting for an SSL Provider who only
has browser compatibility with Internet Explorer?
Warning: purchasing SSL Certificates from companies compatible only with IE
represent a dangerously low browser ubiquity. It is not viable to remove all
Netscape customers from trusting your website's SSL Certificate. If you require
any level of trust from your customers you should opt for an SSL Provider who
provides high browser coverage in both IE and Netscape.
PeaceTrust uses one or more 'intermediate certificates'
- does this make any difference to me?
Sometimes the CA will use 'intermediate certificates' to issue your SSL
Certificate - essentially a certificate issued by the Trusted Root CA
specifically designed to issue SSL Certificates to end entities. An intermediate
certificate is effectively a subordinate Certificate issued by the CA Root
Certificate, thereby creating a chain of trust which may be traced back to the
trusted CA Root Certificate. Using intermediate certificates do not cause
installation, performance or compatibility issues.
Can I expect webserver compatibility issues?
An SSL Certificate is an industry standard product. All Certificates follow the
X.509 standard, therefore any SSL version 3 enabled webserver software will be
able to utilize an SSL Certificate.
What about previous versions of the SSL Protocol?
SSL version 3 is the de facto SSL implementation. SSL version 1 and version 2
have been superseded by version 3 for a number of years, mainly due to the
inherent security flaws found in these old versions. All web browsers developed
after Internet Explorer 3 and Netscape 3 use SSL version 3 (however still
support older SSL protocol versions). If your webserver is only capable of
supporting versions 1 and 2 of the SSL protocol we strongly recommend you
contact your webserver software vendor for an update - these protocols are
flawed. For more details on why SSL version 2 is no longer used can be found
here:
http://www.eucybervote.org/Reports/MSI-WP2-D7V1-V1.0-02.htm
Issuance Speed FAQ:
How long should it take
to issue an SSL Certificate?
The validation level and validation process will affect how long it takes for
the SSL Provider to deliver your SSL Certificate. Most applications are issued
within 2 working days. PeaceTrust uses the multi-million dollar investment
Comodo has made in IdAuthority (the real-time identity infrastructure provider)
to expedite the issuance process without compromising on validation processes.
Most PeaceTrust applications are therefore issued immediately.
Price FAQ:
Why the massive
differences in price of Certificates from different CAs?
Until recently the SSL Certificate market has been dominated by a small number
of players, namely Verisign and Thawte. Whilst in a monopolistic position they
had the capability of charging inflated prices for a commodity product. However,
recent months have seen the emergence of new providers like PeaceTrust who have
for the first time offered SSL at reasonable prices.
Does a low price mean lower quality?
Remember that SSL Certificates are technically identical. Low price SSL
Providers such as GeoTrust and IPSCA offer Certificates with lower browser
compatibility and potentially dangerously low levels of validation by only
validating the domain name ownership and not validating that the applicant is a
legitimate legal entity. PeaceTrust offers the lowest price currently available
yet validates strongly and provides the same browser coverage as Verisign,
Thawte, Baltimore and Entrust.
Validation FAQ:
What are the main
differences between validation methods used by different SSL Providers?
Validation procedure falls into two camps: manual validation and automated
validation. Traditionally manual validation (as used by Verisign, Thawte,
Entrust, Baltimore) has been cumbersome, long winded and expensive for the SSL
Provider. Automated validation (as used by GeoTrust) is faster and more
cost-effective, yet does not provide the level of assurance expected by
consumers relying on SSL - GeoTrust's QuickSSL Certificates only validate only
the applicant's right to use a domain name and not the legitimacy of the company
itself.
PeaceTrust, through Comodos IdAuthority, have innovated a means of conducting
two step validation (both domain name ownership and company legitimacy). This
ensures a speedy issuance process without compromising the integrity of the SSL
protocol by employing strong validation.
Does strong validation really matter?
Validation is essential - it provides the underlying trust consumers have with
the SSL protocol. Consumers, whether they realize it or not, will expect a two
step validation process. Firstly the applicant must be deemed to have a
legitimate right to using a domain name, and secondly the applicant must be a
legitimate legally responsible entity.
Why is
Customer Support important?
PeaceTrust will be on hand to help you through the process and to answer any
queries you may have. View the
support summary
(coming soon) page to view how SSL Providers differ in the level of support
provided and the availability of support staff.
What are the Replacement Policies offered by PeaceTrust?
In the event that your private key be corrupted or inadvertently lost you will
need a replacement Certificate. You may also need a replacement if you
accidentally provide incorrect information when making your initial request. We
will re-issue or refund your purchase price within 30 days of purchase.
Test Certificates FAQ:
Why are test
certificates important?
Installing and configuring SSL can be difficult even for the most experienced
system administrators and technical managers. Using Test Certificates on test
configurations may well be an essential part of successfully using SSL
commercially. In such cases, we highly recommend the use of Test Certificates as
part of your buying process.
PeaceTrust Authentic Seal FAQ:
What is an Authentic
Seal?
Once you purchased and installed your SSL Certificate it is essential to promote
your "secure site" status to customers. PeaceTrust will provide you with a
"Authentic Seal" graphic to display in a prominent location on your website.
PeaceTrust.net - A division of
the Peace 2000 Institute
Reykjavik - London - Las Vegas
support@peacetrust.net
|
|
|
|
 |
Seal of Integrity
