Tuesday, August 4, 2009

SSL Encryption is in at Nullshells Networks - Part 2

We offer 256-bit SSL Encryption when accessing our page. You'll find that this is the same level of encryption offered in the banking industry and the highest standard supported by browsers today.

We've also recently decided to try one of the 90 day free Comodo SSL certificates. Our users have been asking for a certificate to get rid of those annoying browser nags that come with an "untrusted" certificate, and since it is free for 90 days we figured we'd try it out. We're hoping this will boost sales and customer satisfaction enough to warrant to purchasing one of these exorbitantly priced certificates (they run around $100). However, if we don't see any significant benefits, we're going to ask you please deal with the nags when move back to self-signed certificates in the future. I'm sure you all would rather have service upgrades than a fancy certificate with someone else's name on it than ours. We'd hope you have enough faith in NullShells Networks to properly create our own certificates.

Unfortunately, some people don't realize that "trusted" only means that someone gave some cash to one of the organizations that have made shady deals with the browser companies. If you do your research you'll find these certificates are not any more secure at all. These "trusted" certificates are about making money, and there are obvious drawbacks to really trusting a "trusted" certificate. Many people trust sites simply because the certificates are "trusted", when they actually don't pay attention to the address bar and see that the site address is actually different from the one they intended to visit, e.g. payppal.com; this is called phishing - don't enter your information on these sites. In addition to phishing, having "untrusted" warnings on legitimate websites discourages people from visiting a secure site and even people from using SSL encryption altogether.

I believe browsers need to recognize self-signed certificates the same as other certificates; without fear mongering people into purchasing certificates from some major corporation. I've never seen an illegitimate business that uses a self-signed certificate, and it's not fair to punish legitimate companies that are offering encryption because they don't want to shell out the cash to some "trusted" certificate authority (CA).

If you have web hosting, and want your own SSL Certificate with NullShells Networks, we don't charge you at all. Our control panel automatically will generate you a self-signed certificate that offers 256-Bit SSL encryption when you check the box to enable SSL on your website. If you want to generate your own self-signed certificate you can find directions for this here.