CYNERGI
   
About us; PartnersPortfolio & major clientsFAQ, support & contacts
Português!Home
Web EngineeringWeb HostingWeb Consulting

E-commerce trust


SSL certificates are the basis of e-commerce trust. They identify the seller and allow for private communication between seller and buyer.



Cynergi Certificates

SSL Certificate 
A certificate allows for private (SSL*) communication between your Web site and its users, and also provides the user confidence that it is not browsing an impersonator.

EV Certificate 
An Extended Validation (EV) certificate will require documented and live validation of your company. On the latest browsers* it will activate the "green bar" – a visual cue of high trust on a Web site. It provides the user confidence that it is talking to your company and not an impersonator.

VeriSign CA

The SSL certificates sold by Cynergi are issued by the VeriSign Certification Authority.

[Verisign's official partner logo]

Learn more about VeriSign 


  Order 

Secure
electronic commerce


Digital certificates allow a user that doesn't know your company to exchange information with your Web site privately, without being understood by others.

In order for this communication to take place both computers must exchange digital keys. To prevent others from seeing those keys, a mathematical system called public key cryptography* is used.

With this system, each computer will have a couple of mathematically related keys (large numbers): a private key and a public key. The concept is that data "closed" with the public key can only be "opened" with the private key. This way if your browser* and the Web site server exchange public keys, each of them can "close" the data they send to the other. Only the intended recipient will be able to understand ("open") it, ensuring private communication.

However, a hacker may intercept the initial key exchange and replace each of the public keys for his own, thereby being able to eavesdrop on all communication without being noticed. This is called the man-in-the-middle attack*.

To prevent this, the public key of at least one of the communicating parties should be authenticated by known and trusted parties. Those parties are called Certification Authorities* (CAs). An SSL/EV digital certificate* holds some information about its owner (including its public key), cryptographically signed* by the Certification Authority. The browser can now make sure that the certificate it's presented by the server really belongs to that site and hasn't been replaced.

Digital certificates are therefore the final piece of the puzzle that makes secure e-commerce work.

Consumer
trust


Amongst other technical data, the SSL/EV digital certificate will include the full name of its owner, and the city, region and country where it is headquartered. This is information that the Web site visitor may see to learn more about you.

[Sample of EV certificate information]

The length that a CA goes to to authenticate this information and the public key is what distinguishes an SSL certificate from an EV (Extended Validation) certificate*. Due to market pressure, CAs have been simplifying the process of obtaining a digital certificate, which allowed hackers to claim to be someone else and get certificates. EV certificates cannot be expedited and require documented proof of ownership and real life phone contact with the requesting party in order to be issued.

It is because of the authentication process itself, because of the risk in lost credibility if CAs authentication procedures fail and are victims of fraud, and in order to create a cost barrier for hackers that digital certificates have the cost they do.

Group Corebase