Website Security: Not all SSL Certificates are Created Equal

Closeup on the screen with depth of field and focus an SSL certificate secured website.

For years, people have trusted the SSL certificate green lock on their Google, Firefox, Internet Explorer, edge browser for safety and security.

I hate to break it to you, but SSL certificates are broke.

An example of a now-invalid Symantec Legacy Certificate Domain.
An example of a now-invalid Symantec Legacy Certificate Domain.

The Story of Symantec Security Certificates

In the early 90s, a famous company called Symantec was handing out security certificates like free samples of Tide in the mail. Everyone got one, nobody was rejected, and it became an absolute joke. Well, the joke is on Symantec. Google, Apple, and other major manufacturers of Internet search engines, browsers, and Internet access devices are now invalidating Symantec certificates in a broad swath in order to prevent security risks and clean up the Internet.

How to Get Solid and Secure SSL Certificate

Getting the right SSL certificate is easy if you understand why you need them and how to set them up properly. An SSL certificate is a small data file that creates a secure connection between a browser (the user) and the website using a unique cryptographic key. They are the new norm when it comes to securing ANY data between users and the website, and if you don’t have one, it can hurt you.

Avoiding “Open” SSL Certificates

In the world of security, free is often the worst option. For example, there’s Let’s Encrypt, an SSL service that gives a very broad and open certificate. We don’t support these, and we don’t recommend them.

Avoiding a Single Point of Failure SSL

But we do recommend is purchasing a certificate for each service and product that needs to reach the Internet. While there are some people who balk at the fact that they can purchase a wide domain certificate for any SSL subdomains, we don’t recommend that being that one device can compromise all of the other devices when a certificate is compromised.

Having the Right Certificates and Monitoring Service

We recommend getting a single use or single domain certificate for each device and managing them. We have a service that monitors, maintains, and auto renews SSL certificates for a wide range of devices and services.

Understanding the Different Types of Encryption

During the creation of a certificate, you need to be aware of the type of encryption. Years ago, we stopped utilizing 1024-bit SSL certificates, but there is a lot of hardware out there still using the older certs. What do we recommend? When appropriate absolutely the highest encryption possible for the device. Sometimes 8192 bits, with the maximum encryption allowed by law and by the registrar. This allows our clients to get the biggest bang for their buck, the highest safety and security, and the least possible way of having a man-in-the-middle attack.

If your website, firewall, server is on the Internet, we extremely recommend SSL only traffic with a certified certificate running at its maximum possible encryption. Picking the right SSL certificates and monitoring them can be hard, but you’re not alone. Triton Technologies can help as a managed service provider, helping you with the software and hardware you need to succeed, and monitoring your health and security every step of the way. Contact us today to get started.