the revolutionary changes in the ssl industry in 2017
TRANSCRIPT
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
Alexei Ivanov,
LeaderTelecom B.V.
Founder and CEO LeaderTelecom B.V.
The revolutionary changes
in the SSL industry in 2017
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
Alexei Ivanov, MBAFounder and CEO LeaderTelecom B.V. (Amsterdam, The Netherlands)
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
Official strategic partner of
Official strategic partner with specialisation WSSP
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
Our clients are located in 80 countries
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
Amazing progress in HTTPS adoption has been made, with
a substantial portion of web traffic now secured by HTTPS:
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
SSL-Market Trends
Expansion of transparency logs
(Adding of all SSL-certificates)
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
Treatment of HTTP pages with password or
credit card form fields:
Up untill now (Chrome 53)
January 2017 (Chrome 56)
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
Displaying of HTTP sites in Google Chrome
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
Beginning from 1 January 2017 all sites without SSL-certificates
involved in transmitting passwords or credit card details, will be
treated as unsecured in Google Chrome
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
Moving from SHA-1 in favor of SHA-2
Firefox will display error for SHA-1 certificates in 2017
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
Changes in Firefox security user experience.
Secure (HTTPS) connection
Non-secure (HTTP) connection
Up untill now
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
Web pages which collect passwords but don’t use HTTPS
starting January 2017
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
In upcoming releases, Firefox will show popup message when a user
clicks into a username or password field
on a page that doesn’t use HTTPS
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
Let's Encrypt
Great basic security instead of HTTP
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
Advantages of Let’s Encrypt
• FREE, FREE, FREE
• Fully automated renewal process on a customer´s device
• It publishes certificates into CT logs
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
Disadvantages of Let’s Encrypt
• No customers support
• Credibility supplied by a small CA IdenTrust
• There is a limit to a number of issued certificates
• A client is necessary, it is not possible to issue a certificate without
a running server (security breach?)
• It is dangerous to change server configuration automatically.
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
Сlassification of SSL-Certificates
• Only domain verification required
• Ready in 5-15 minutes
1. DV-certificates (Domain Validation)
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
• Domain and Organization Validation
• Issuance Time: 2-3 Business Days
2. OV-certificates (Organisation Validation)
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
• The highest trust and conversions
• Extended company validation
• Green bar
3. EV-certificate (Extended Validation)
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
What is required for validation?
1. For Organization Validation (OV)
Company should be registered in D&B or your need to provide legal opinion
letter signed by attorney or Certified public accountant
2. For Extended Validation (EV)
Company should be legally registered in government business directory in
addition to OV certificate validation requirements
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
What is required for validation?
1. For Organization Validation (OV)
• The company needs to be legally registered with an official registration agency.
• We need to verify that the corporate contact person is a full time employee and that
they have an authority over the order.
• We also need to verify domain ownership to that the company enrolling
for the organisation has the rights to use the domain.
• We need to call the organization via 3rd party verified telephone number.
• Yes, it can be a number listed in Dun and bradstreet.
• goldenpages.be, Infobel
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
Difference in CSR requests for different
types of SSL certificates
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
SEO & SSL
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
Mixed content problem
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
Useful tools
https://www.ssllabs.com/ssltest/
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
Useful tools
https://www.leaderssl.be/tools/ssl_converter
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
Intermediate SSL certificates
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
Useful tools
https://www.leaderssl.be/tools/cert_chain_resolver
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
SSL certificate + Vulnerability scan =
Secure website
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
Partnership program for hosting providers.
Earn more with LeaderTelecom!
• Profit growth by offering SSL-certificates to existing customers
• Professional support from the LeaderTelecom, prompt resolution
of any issues
• WHMCS module
Partner benefits:
• Increase profits by upselling effective security solutions;
• Conducting advertising campaigns, PR, case studies
www.leaderssl.nlE-mail: [email protected] | +31 20 7640722
Thank you!
www.leaderssl.nl
+31 20 7640722
Zekeringstraat 17 A, 1014 BM, Amsterdam,
The Netherlands