Thawte SSL Web Server Certificates
Assures Users of Your Site's Security and Identity

Overview:

Thawte® SSL Web Server Certificates secure confidential information exchanged online and confirm your site's identity to employees, business partners, and other users. When users click the Thawte® Trusted Site Seal or view certificate details, your organization name appears and shows that Thawte, a trusted certificate authority, has verified the site's identity. SSL Web Server Certificates include full organization authentication, the Thawte Trusted Site Seal, free reissues, and a 30-day money back guarantee.

How SSL Works

SSL is a reasonably straightforward protocol, despite the advanced math that makes it work.

Public and Private Keys

SSL uses public and private encryption keys. When a digital certificate is issued for a web server, that certificate contains two keys: one that is privately held by the web server ("private key"), and another that is made publicly available to anyone who requests it ("public key"). These two keys are asymmetric, which means:

• Data encrypted by the private key can only be decrypted by the public key
• Data encrypted by the public key can only be decrypted by the private key

For example, to ensure the privacy of communications, a web browser retrieves the server's public key. The browser then uses that key to encrypt the information to be transmitted, since only the web server holds the private key necessary to decrypt that information. Note that in practice the encryption process may also rely on randomly-generated, short-term session keys that are exchanged between the browser and server. This is because, in most cases, the browser does not possess its own digital certificate and key pair.

How is an SSL Session Created?

An SSL session begins when a web browser sends a request to a web server using the https:// protocol

The web server responds with its digital ID, which includes its public encryption key. The web browser verifies the digital ID, which may include an online check with the CA as well as a check of the certificate itself for validity dates and other details. Once verified, the browser generates a session key, encrypts the session key using the server's public key, and sends the package back to the server.

The server decrypts the session key by using the server's private encryption key, which only the server possesses. This ensures that only the browser and the server possess the session key, and they can use that shared key to encrypt further communications between them. Servers usually discard session keys after several minutes of inactivity.

Features:

• Create a secure, private connection between a web browser and web server, including gateways, web forms, mail and FTP servers, and VPNs with up to 256-bit SSL encryption and a 250k USD warranty.
• Increase confidence by displaying the Thawte Trusted Site Seal, which is available in 18 languages.
• Secure your competitive advantage with SSL from Thawte, a globally recognized certificate authority with root certificates included in over 99% of browsers.
• Buy, renew, and manage certificates with a single, secure sign-in to Thawte® Certificate Center.
• Save time and money by purchasing multi-year SSL certificates and additional licenses when securing multiple servers for a single domain (co-location, clustering, load balancing servers, etc.).
• Add up to four additional domain names to one certificate when you purchase a SAN Certificate with a Thawte SSL Certificate.

Choosing a Certificate:

The right SSL certificate depends on the level of assurance your customers need and the minimum security level your organization requires.

Assurance and Authentication

Authentication means that a trusted third party (such as Thawte) has verified the identification information contained in your SSL certificate, assuring customers that your site is actually your site.

You are considering: SSL Web Server Certificates with full organization validation. Your domain name and validated organization name are included in certificate details and verification pages to assure users.

For the most assurance, SSL Web Server Certificates with EV turn the address bar green in high-security web browsers, showing that your organization has met the industry's highest standard of authentication. Extended Validation (EV) includes your domain name, organization, and location in certificate details and verification pages.

²More Assurance. ³Most Assurance.

Security and Encryption

Encryption is the "secret code" used to keep online communications private when a web browser and web server talk to each other.

You are considering: SSL Web Server Certificates with 128-bit or 256-bit encryption in the latest operating systems and web browsers. However, certain older browsers and operating systems only connect at 40-bit or 56-bit.

For strong encryption in the most browsers, SGC SuperCerts with server-gated cryptography (SGC) enable older browsers and operating systems to step up to 128-bit or 256-bit encryption.

²More encryption. ³Strong encryption.

If you need both Extended Validation and SGC, consider a VeriSign Secure Site Pro with EV SSL Certificate.

Product Comparision:

When online customers feel secure, they are more likely to complete a purchase or personalize their profile and return to your web site. What inspires confidence online? An SSL certificate from a globally recognized certificate authority such as Thawte. Expert multilingual support, a robust authentication process, and easy online management make Thawte® SSL Certificates the best value for securing your site.

SSL Certificates Comparision:
	SSL123 Certificates	SSL Web Server Certificates	SSL Web Server Certificates with EV	SGC SuperCerts	Wildcard SSL Certificates
Green Address Bar
Authentication Level	Domain validation	Full organization validation	Extended Validation (EV)	Full organization validation	Full organization validation
SSL encryption	128-bit to 256-bit in most browsers	128-bit to 256-bit in most browsers	128-bit to 256-bit in most browsers	128-bit to 256-bit in 99.9% of browsers	128-bit to 256-bit in most browsers
Estimated issuance time	1 Business Day, or Less	1-2 Business Days	1-10 Business Days	1-2 Business Days	1-2 Business Days
Thawte® Site Seal
Recommended use	Secure intranets and internal servers	Secure log-ins for public and employee sites	Visually establish trust and security for all users	Enable strong encryption for the most site users	Secure multiple subdomains
Domains secured	Single	Single	Single	Single	Unlimited subdomains
Certificate Center Account
Free reissue
Renewal reminders
Over 99% browser compatibility
EV Upgrader™
Root hierarchy	Thawte	Thawte	Thawte EV	Thawte	Thawte
OCSP and CRL Support
Internationalized Domain Names
Money back guarantee

Documentation:

Download the Thawte Understanding SSL Certificates Guide  (PDF).