It is 3 years since we introduced SAN certificates on your websites and they are now due for renewal.
- Why do I need a secure certificate?
- Why is the charge not included in my monthly licence fee?
- Can I get a secure certificate from another source?
- What type of validation will be provided by the secure certificate?
Q Why do I need a secure certificate?
A A website needs to have a secure certificate if any data needs to be transferred securely. In the case of PracticeWEB sites, this includes the registration, login, profile, SDE and admin areas. It is essential that the Secure Document Exchange needs to be secure but users often use the same username or password across multiple sites and it is important that this information is transferred securely as well.
Q Why is the charge not included in my monthly licence fee?
A Historically, PracticeWEB were able to save you money by using a shared secure site. This meant that all traffic which needed to be transmitted securely could be done without the need for your site to have its own secure certificate. The only way we could implement a system like this was by using cookies. With the change in the law regarding cookies, this is no longer an option.
Back in 2011, we used our buying power to negotiate a significant discount from one of the main providers of secure certificates, GlobalSign. This discount was passed on to you and, rather than just increase your licence fee, we took the decision to charge separately for the secure certificate.
We are charging £120 for your site to have a secure certificate with organisation validation for three years which we believe to be an extremely competitive rate.
Q Can I get a secure certificate from another source?
A Unfortunately, we cannot give clients the option of buying their own certificates but believe that the deal that we have negotiated on your behalf means that the rate that we are charging is very competitive.
The system we have developed is to have SAN (Subject Alternative Name) certificates. Each SAN certificate has a specific IP address and can hold 40 sites.
If a client registers the secure certificate externally, the certificate would need a separate IP address as the encryption would mean that the server would not know which site to display until it had been verified. We do not have the IP range for this.
Q What type of validation will be provided by the secure certificate?
A Your site will have an Organisation validated SSL certificate provided by GlobalSign, one of the main providers of secure certificates.
There are three types of certificates. All will use encryption but they involve different levels of checking by the Certification Authority (CA) to give a level of trust for the end user that the company is who they say they are:
- Extended Validation certificate (EV) - this certificate is issued in conformance with the extended validation guidelines and is the most expensive type of certificate with the most thorough organisation vetting. The validated organisation information will be displayed in the certificate. Some browsers may make the address bar green to highlight the high level of secure certificate.
- Organisation Validation certificate (OV) - The Certification Authority checks the right of the applicant to use a specific domain name PLUS it conducts some third party vetting of the organisation. Company information, that has been vetted, is displayed to customers when clicking on the Secure Site Seal, giving visbility about who is behind the site and an enhanced level of trust.
- Domain Validation certificate (DV) - These certificates are often validated via an automated process which is why they are cheaper. However, no checks are made that the company is legitimate. So, although the data being transmitted is encrypted, the end user cannot trust where the data is being sent.