SSL Certificates and Web Browsers
What 99+% Compatibility Means to You
When you buy an SSL certificate, you expect it to secure transactions no matter how your users connect. But not all web browsers, operating systems and SSL certificates enable strong enough encryption to protect valued data. And not all SSL certificates are trusted the same way. Thawte® SSL Certificates offer maximum encryption and trust.
Encryption is a mathematical process of coding and decoding information. The number of bits (40-bit, 56-bit, 128-bit, 256-bit) tells you the size of the key. Like a longer password, a larger key has more possible combinations. In fact, 128-bit encryption is one trillion times one trillion times stronger than 40-bit encryption.
When an encrypted session is established, the strength is determined by the capability of the web browser, SSL certificate, web server, and client computer operating system. Most SSL certificates are capable of strong encryption (128-bit or higher).
Users with the following browser versions and operating systems will temporarily step-up to 128-bit SSL encryption if they visit a web site with an SSL certificate:
- Internet Explorer export browser versions from 3.02 but before version 5.5
- Netscape export browser versions after 4.02 and up through 4.72
- Windows 2000 systems shipped prior to March 2001 that have not downloaded Microsoft’s High Encryption Pack or Service Pack 2 and that use Internet Explorer
(Internet Explorer browser versions prior to 3.02 and Netscape browser versions prior to 4.02 are not capable of 128-bit encryption with any SSL certificate.)
99+% Browser Compatibility
When a secure session is established, the browser checks that the SSL certificate is trusted and valid.
- The SSL certificate is trusted if it is signed by a "trusted" or pre-installed root certificate. As an established, globally recognized certificate authority, Thawte root certificates have been pre-installed in most major browsers since 1996.
- The SSL certificate is valid if it has not expired or been revoked. Certificate authorities manage a Certificate Revocation List (CRL) used by browsers to check validity. Newer browsers have adopted Online Certificate Status Protocol (OCSP), a faster, more efficient way to verify certificate status. Thawte has a global infrastructure that handles 6 billion OCSP look ups every day.
- The domain name in the certificate matches the domain name of the site being accessed. Thawte verifies the domain name as well as the applicant or organization’s control of the domain name before issuing the certificate.
If any of the checks fail, an alert is generated in real-time to the user who decides whether to proceed, cancel the session or view the SSL certificate. To prevent security alerts that erode trust, choose an SSL certificate from an established certificate authority with OCSP.
Why choose Thawte?
Thawte is trusted by millions of people worldwide. When we issue an SSL certificate, we know that our name will appear next to yours as the trusted third party who verified it. We take that trust seriously and lead the industry with rigorous authentication methods and a global infrastructure to support real-time certificate look-ups.