At Webnames we’ve banged the drum that every website needs an SSL certificate for several years now and are happy to inform that the web is today a much safer place due to the wide adoption of SSL and HTTPS. According to the below SSL statistics compiled by Webtribunal (emphasis added by us), over 79% of the Alexa top 100000 websites now use HTTPS, while in 2016 this figure was just over 40%.
Across small businesses and large organizations, SSL adoption has increased significantly over the past 5 years, which is a major shot in the arm for online data security. However, installing SSL certificates and ensuring that secure channel access is maintained is not always easy for people who are not well versed with the technical nuances involved. Our SSL Monitoring solution helps system administrators and website owners verify TLS installation and track certificate expiry.
One added wrinkle for IT teams that manage SSL / TLS certificates and other IT assets for businesses is the overhead of managing these products through their issuance, validation, installation, renewal lifecycle. This is where SSL pre-validation can make a world of difference by eliminating one of the more time-consuming steps in the configuration of an OV or EV certificate.
What is SSL Certificate Validation?
A colleague of ours likes to use the analogy of triangles to explain how SSL certificates work. Most systems of trust work in a triangular fashion, where 3 parties each establish trust with each other following a validation process.
At the start of a secure connection between a website visitor and the web server, a TLS handshake occurs using a public/private key pair to establish that the visitor’s browser authenticates the server as the website or resource it claims to be. Once this trust is established, the two entities use session keys to encrypt all the data that is exchanged between them and securely transmit data that cannot be intercepted and misused by other parties.
While the above handshake and exchange of data are the most frequently used sides of the triangle, the third side of the triangle of trust is established at the time of SSL / TLS installation or renewal on the server. When a website first installs SSL to be able to start serving data over the secure HTTPS protocol, the website administrators must validate their identity – typically through Domain Validation (DV), Organization Validation or Extended Validation (EV) methods, depending on the type of certificate. This involves a Certificate Authority (CA) such as Digicert, Thawte, RapidSSL etc. which has processes to validate that the SSL issued for a domain name is done to an entity that has privileged access to the domain name, or is indeed the organization they claim to be (in EV and OV certificates).
Now that we are clear on what SSL validation entails, SSL pre-validation can be easily explained as ‘validate once, issue several SSL certificates for the same organization’.
Advantages of pre-validating your organization for SSL certificate issuance
Organization pre-validation streamlines the process of issuing SSL certificates and helps businesses operate much more efficiently. Some of the advantages of SSL pre-validation include:
- Dramatically faster turnaround times for validation of EV and OV SSL certificates for an organization that has already been verified
- At renewal, validating the organization once will suffice for successful reissuance and renewal of all certificates issued for that entity
- Reduced risk of SSL validation failure causing delays in installation or launch of business critical infrastructure
- Lower overheads in SSL certificate management for IT teams and system administrators
How SSL pre-validation works
Organization pre-validation for SSL / TLS certificate issuance is available only on Webnames accounts with the Advanced SSL management toolkit. The following steps outline how the process works:
- The first step to is to purchase an OV or EV certificate which offers the pre-validation feature (more on that later)
- Proceed to validate your organization for the EV or OV certificate as always, the process will depend on the issuing certificate authority whether the product is Enterprise validated or Organization validated
- Your organization, once verified is now valid to be used for subsequent SSL purchases (that support pre-validation) for a period of 13 months
- To use your pre-validated organization in a subsequent purchase, simply select the same organization as part of your installation process in a new certificate
- At the end of the 13-month period following the first validation, you will be required to re-validate the organization just once, and all renewals of certificates tied to this one organization can then be renewed without the hassle of separate validation processes for each TLS
As the above steps explain, SSL pre-validation makes life simpler for IT teams and helps them ace enterprise SSL certificate management.
Which certificates is SSL / TLS pre-validation available for?
Currently pre-validation is available across all Organization validated and Enterprise validated certificates from the following 3 certificate authorities / brands:
With the addition of this feature enhancement to our SSL portfolio tools, our advanced management toolkit for domains and SSL represents tremendous value to businesses and system administrators.
Need help with enterprise SSL portfolio management? Webnames Corporate has just the right tools and the expertise to support your needs. From bulk management tools to an array of SSL certificates of all types and advanced SSL admin tools, we have everything you need to optimize SSL management and improve security. For a free consult, get in touch with our SSL experts.