|What is S/MIME?|
|What is SSL?|
|What's the difference between a 40-bit and a 128-bit SSL connection?|
|What can users do to assure themselves of a web site's identity?|
|What does it mean when a lock appears on my browser?|
|What kind of web sites should use SSL?|
|Who should set up a secure web site?|
|Is SSL always enabled on a web site?|
|Where can I get a server certificate?|
(Secure/ Multipurpose Internet Mail Extensions) is a protocol that allows
digital signatures to be added to and encryption of Internet electronic mail.
S/MIME makes it possible for people to send secure e-mail messages to each other
even if they may be using different e-mail applications.
(Secure Sockets Layer) is a protocol developed by Netscape Communications
Corporation to provide security and privacy for transmissions over the Internet
by using both data encryption and authentication of the server and, optionally,
can identify a web page that is secured through SSL in two ways: your browser
will display a lock icon, indicating that SSL has been enabled; and the web
site's address or URL generally starts with "https://" rather than the
40 bit or 128 bit is the size of a symmetric key used for the encrypted communication in SSL between the client and the server.
is considerably more secure than 40, in fact, 128-bits is over 309 septillion
times larger than 40-bits!
is estimated that it would take even a supercomputer billions of years to crack
a message encrypted using 128-bit encryption.
Server certificate, when installed on a web server, serves two
main purposes—it enables a secure SSL connection between a client and a
server, and it ensures the server's identity.
a Web site has been secured, viewers of the site can verify the server identity
by clicking on the lock icon that will appear at the bottom of the browser. In
addition, information about a site's digital certificate can be viewed through
the Security icon in Netscape or by accessing the View > Internet Options
> Content > Authorities
section in Internet
Explorer 4.x or Tools > Internet Options > Content > Certificates
in Internet Explorer 5.0.
lock icon indicates that your browser has connected to a web page that has
enabled a Secure Sockets Layer (SSL) connection. Think of this as a secure
pipeline that prevents anyone from intercepting any sensitive or confidential
data (such as credit card numbers) that is transmitted between you and the web
web servers, including Microsoft IIS, Apache, Java Web Server, and Netscape
Enterprise support SSL connections.
you run a web site and wish to establish secure SSL connections between yourself
and your customers or business partners, installation of a Server certificate will provide you with that functionality.
web site that relies on sensitive or confidential data being sent over the
Internet should be using SSL to provide the greatest amount of security possible
during transmission. Anytime on-line purchases of goods with credit cards are
made or monetary transactions are carried out, the security of SSL is required
so that only the client and the merchant or services at the web site have access
to the private information.
web site that requires the transmission of sensitive data (credit card numbers,
personal information, financial information) between the client and the web
site, and vice versa, should have a Server certificate to
enable a secure SSL connection.
than being enabled on the entire web site, SSL is typically only enabled on
those specific web pages that require secure connections. With an SSL
connection, the information going back and forth between the client and server
is subjected to an encryption process that slows down that particular
connection—you can't really detect the reduced speed difference when
connecting to a single page, but if all of a web site's pages were encrypted,
the reduced performance would be quite noticeable.
CA's web site has everything you need to know about getting a certificate
(Server certificate) that will allow your web server to establish an SSL
connection, or enable you to send S/MIME encrypted e-mail.