SSL, TLS and Website Security
An SSL certificate is issued by a certified certification company on the Internet. It proves that you are who you say you are.
A normal procedure when applying for an SSL certificate is similar to a credit check in many ways. Your company will be searched at companies house, a letter may be sent to verify your address, and domain names may be checked to ensure the details of the owner match your details. It can be a bureaucratic process, and time consuming.
Whichever method is used to verify your identity, once you have your SSL certificate you can use it online in a few different ways. A company would typically use their SSL certificate in one of three different scenarios.
Your SSL Certificate is your passport on your Internet. In the wild expanse of the world wide web having your own ID is often critical.
SSL, TLS, Secure Email Service, and Website Security Solutions
E-Commerce Website (HTTPS)
The most common is on a web site, especially an e-commerce website where money is changing hands. Your website has an SSL certificate installed on it. With booming trends in Internet fraud, it remains vital for professional companies to prove who they are. Most Internet users have become security conscious and not submit their private details on the web unless they know that the information they provide is securely transmitted and not accessible for anyone to view
Once a SSL certificate is installed onto your website you are able to use the HTTPS protocol. The “S” in HTTPS stands for secure. Everyone visiting your website can clearly see that it is secure as browsers such as Internet Explorer and Firefox display a padlock icon 
to indicate that the website is secure, as it also displays https:// in the address bar.
Once installed your web server can encrypt content sent between your web server and your customer. The encryption is typically 128 bit, and is used for electronic payment transactions.
Secure Email (TLS)
One day all email will be sent this way.
It is becoming increasingly common, especially amongst businesses in the Finance sector, for businesses to accept email only if it can be proved who it is from and only if it has been encrypted as it transverses the Internet.
In order to achieve this your email server must be installed with an SSL certificate.
Remote Email Access (Active Sync)
Windows Mobile, Google Android and iPhones can all be configured to connect to your email server and synchronise messages, calendars and contacts. The most optimum configuration is to configure your email server with a SSL certificate. It allows messages to be synchronised to the handset in an encrypted format, but it also allows that handset to link up with the server with minimum configuration. It is technically possible to make this work without an SSL certificate, but it takes time and a bit of know how on each mobile device. Its much easier to buy the SSL certificate.
Outlook Web Access is the feature on Microsoft Exchange email server that allows you to collect your email remotely via a web browser. If SSL is installed on a server, all your activity can be encrypted.
Microsoft Outlook can be installed in offline mode on an employees laptop or at home. That laptop can synchronise with the server using what used to be know as “RPC over HTTP” and more recently as Outlook Anywhere. These remote devices can access encrypted email when SSL is installed.
HTL are able to sell SSL certificates and in some cases we can even certify the certificate for you. Prices start from as little as £90 a year **.
Related Security and Support Services
SSL Certificates
Frequently Asked Questions
How quickly can you get email security up and running?
We can do both. We’re able to supply SSL/TLS certificates and, in many cases, handle the certificate request, installation and renewal process for websites, secure email and remote access services.
How long does it take to issue an SSL certificate?
It depends on the type of certificate. Domain-validated certificates are usually issued quickly; organisation-validated or extended validation certificates take longer because the certificate authority has to verify your organisation’s details.
Will we see browser warnings if something is misconfigured?
If certificates are missing, expired or misconfigured, modern browsers will show warnings. Part of our job is to set everything up correctly and keep track of expiry so renewals happen in good time.
Can you help with SSL for secure email and remote access?
Yes. We frequently implement certificates for secure email (TLS), VPNs, remote desktop gateways and other services. SSL/TLS is not just for websites; it’s a core part of many Internet Security controls.
How many SSL certificates do we actually need?
That depends on how many domains, subdomains and services you expose. We’ll review your environment and recommend whether you need individual certificates, wildcard certificates or a mix.