Drill down deep enough and secure sockets layer (SSL) encryption, with its public key infrastructure (PKI) at the core, will strike most as a complex, intricate technology.
Less cryptic is that the more effort a vendor puts in to making a product easier to use, the more attractive that product becomes to users. Toronto-based Soltrus Inc. recently announced four significant upgrades to its SSL security services, or Managed PKI for SSL platforms.
PKI for SSL may not be the sexiest technology around, but since it’s an intrinsic feature of a trusted e-commerce Web site, SSL certificates are no trifle for large enterprises. In an e-commerce transaction, bank account or credit card numbers are encrypted so that no one who’s spoofing or spying on the Internet can capture that information. Sensitive data sent to a Web server needs to be encrypted.
SSL enables a domain name attached to a server (a Web site) to speak to the browser on a laptop or PC in a unique encrypted session, using PKI technology. SSL uses PKI to exchange public and private encrypted keys. These keys require a certificate authority for authentication, which is where Soltrus steps in with its SSL certificates from Verisign Inc. and Managed PKI for SSL service.
“When you type in www.bmo.com or cibc.com, your browser communicates with the domain server and asks for a certificate, embedded in the Web page,” says Anthony Santilli, vice-president of marketing for Soltrus, a Canadian affiliate of Mountain View, Calif.-based Verisign.
“If it is a trusted certificate, a secure SSL session will be set up. Verisign acts as a password agency that digitally stamps the certificates to authorize trust in the authenticity of the encrypted session.”
Once the certificate has been issued, the client downloads SSL software to run on their servers to enable the encryption.
Updates announced last month include two-year validity for the SSL certificates, an improved control panel for the Web-based management services, the ability to revoke and reissue the same certificate to a domain name, as well as discounted rates for bulk buying.
Certificates are now simpler to manage and the service is more cost effective, says Rashid Niazi, a network analyst for Itergy Consulting Inc., a Montreal-based firm that specializes in Active Directory infrastructure.
Niazi says he’s able to manage certificates centrally, instead of everyone going out and making their own purchase orders.
“With a pack of 10, we can assign the certificate directly to the user and then bill back the business unit accordingly afterwards,” he says. “As an end user it’s a lot easier to manage everything.”
Ordering and issuing certificates now takes minutes instead of weeks. Niazi says he assigned three new certificates in only 15 minutes. “That’s usually a two-week process,” he says.
“It’s a lot less painstaking because I don’t have to chase after people and get purchase orders made up. Now all I do is log in, put in the information for the certificate, push it through to Verisign and they send me an e-mail back.”
Large banks typically maintain many domain names for their various e-commerce Web sites and in some cases may even be managing hundreds of certificates. A designated administrator can manage a pool of 50 certificates over 10 domain names, for example.
“Customers don’t know how many certificates their company is using,” says Santilli. “People all over the bank are buying certificates, one at a time, and the bank needs to control this, to know who’s buying certificates and what they’re buying them for.”
With Managed PKI for SSL, authorized security administrators gain access to a Web portal that presents a control centre, displaying the status of their pool of certificates — how many have been used and which are due to expire, which Web sites they’re assigned to and which domain names have been approved.
The administrator can issue the company’s SSL certificates internally to other branches or divisions that need to launch a secure site.
Verisign’s Server-Gated Cryptography technology also ensures browsers and operating systems will make the step up from 40-bit to 128-encryption.