FAQ's

SiteLock performs a Deep 360 Scan that encompasses:

 Reputation monitoring: ensures the reputation of the website is intact and communication to visitors and customers is uninterrupted.

 Malware blacklist: monitors search engine and proprietary malware lists to make sure the site is not blocked by search engines and browsers.

 Spam blacklist: ensures that e-mails reach customers' inbox (not their Spam folder), SiteLock verifies e-mail addresses, domains, and email servers against lists used by popular email tools to identify spam.

 SSL Verification: ensures users do not see a certificate warning or error when visiting your site.

 Network security: validates the security of the network by making sure there is no opportunity for hackers to access the server.

 Drive-by-downloads: scans the website to ensure visitors are not being infected with viruses often placed on websites by hackers.

 Customer data protection (SQL & XSS): performs forward- and backward-looking scans to make sure current and future visitor/customer data on the site is secure.

 Application security: verifies that any 3rd-party applications installed on your website are secure and up-to-date.

 Business Verification: certifies the validity of the business and provides a certification badge to display to website visitors to let them know the business or website is legitimate.

 Domain ownership: ensures that the domain owner is in control of the website domain.

 Postal Address: verifies that the site owner can receive and respond to postal mail, such as customer payments or inquiries.

 Phone Verification: ensures that there is a phone number where customers can report issues or request additional products or services.

TRUSTe, founded in 1997, is the leading online privacy solutions provider. The company offers a broad suite of privacy services to help businesses build trust and increase engagement across all of their online channels including websites, mobile applications, advertising, cloud services, business analytics and email marketing.

Over 4,000 web properties including those from top companies like Apple, AT&T, Disney, eBay, Facebook, HP, Microsoft, Nationwide and Yelp rely on TRUSTe to ensure compliance with evolving and complex privacy requirements.

Based upon the comprehensive privacy model of Truth in Privacy, which is laid on a foundation of transparency, choice and accountability regarding the collection and use of personal information, TRUSTe’s privacy seal is recognized and trusted by millions of consumers as a sign of responsible privacy practices.

The TRUSTe Privacy Policy service provides a wizard-based system that helps users create a valid, understandable privacy policy that properly reflects the practices used in collecting and sharing information about visitors and/or customers.

TRUSTe Privacy Policy with Seal includes an initial scan and certification, along with a seal that displays when TRUSTe certifies a web site's Privacy Policy. TRUSTe performs additional periodic scans to help preserve consistency between the privacy policy and practices.

The Privacy Policy with Seal includes both a verification scan to ensure accuracy and completeness in the privacy policy, as well as a Certified Privacy seal that can be displayed on the website. The TRUSTe Privacy service doesn't include a verification scan and therefore, doesn't provide the ability to display the Certified Privacy seal. The Privacy Policy wizard is the same in both cases.

TRUSTe Privacy Policy is available to customers in the following countries:

Consumer confidence in how their privacy is protected is key to a successful online business. When TRUSTe certifies a Web site, customers get over a decade of expertise in the issues that matter most in online privacy.

Yes, in the case of the TRUSTe Privacy Policy with Seal. TRUSTe performs a series of checks (both automated and manual) to ensure that the privacy policy is accurate. TRUSTe will often suggest changes to the generated Privacy Policy based on what it finds during these verification checks. It may take up to two days to complete this verification.

For TRUSTe Privacy Policy (without seal), it's up to the user to input correct information during the creation of the policy. TRUSTe's wizard provides an easy-to-use wizard that helps ensure that the generated policy is accurate. In this case, the policy is provided immediately.

TRUSTe performs a series of automated and manual scans and checks to ensure that the privacy policy is accurate. This process can take as long as a couple of days, but ensures that the TRUSTe Policy is accurate, and allows the display of the TRUSTe Certified Privacy.

For the TRUSTe Privacy Policy (without seal), TRUSTe provides HTML code that links to the privacy policy (hosted by TRUSTe). For users of the TRUSTe Privacy Policy with Seal, TRUSTe provides a JavaScript code snippet that displays the TRUSTe Certified Privacy seal which includes a link to information about the user's company and to the hosted privacy policy.

No problem. Users can simply log in and make any required changes. This can be done at any time, and users can make as many changes as required over the length of the TRUSTe subscription.

TRUSTe provides Program Requirements that outline user responsibilities. Those requirements can be found at http://www.truste.com/privacy-program-requirements/index.html

SSL is an acronym for "Secure Sockets Layer" and is a method for establishing a secure, encrypted link between two different systems such as a web browser and a web server.

SSL Certificates provide two important roles for systems that use them:

1. SSL certificates provide security by encrypting the data between the browser and the web server.
   
   Data encryption is critical for financial transactions or other situations where websites are requesting sensitive data from visitors. Many web users will not have confidence that their interactions with the website is secure and encrypted, unless they see the lock icon which provides a visual cue that an SSL certificate has been used to protect data.
2. SSL certificates provide identity verification, through domain and organization validation. Only the verified owner of a domain name may purchase an SSL certificate for that domain. For Organization validated SSL certificates, only verified, approved representatives of the organization are permitted to purchase an SSL certificate for domains in use by the organization.
   
   Extended Validation (EV) certificates take identity validation even further. Sites with an EV SSL certificate will cause the address bar on the web browser to turn green. Users are able to view information about the website that will help them to confirm that they are dealing with who they believe they are dealing with.

Both applications of SSL Certificates are important for building a trust relationship with end-users that is required before they will pass along personal, or financial information to websites or online service providers.

In the case of web browsers surfing secure web sites, SSL communication starts with the web browser requesting the digital certificate from the web server. The certificate contains the hostname of the web server, an expiration date of the certificate, the public key of the web server, and is signed by a Certificate Authority. The web browser can validate all of these pieces of information except for the public key of the web server. If all of the verifiable components pass validation, the web browser will generate its own public key and send it back to the web server. When the web browser's public key is sent back to the web server as a response, it uses the web server's public key, which was contained within the certificate, to encrypt the browser's public key being sent. Now both the web server and web browser will be able to communicate with each using secure, encrypted communications because they have exchanged each of their public keys.

A wildcard SSL Certificate helps enable SSL encryption on multiple sub-domains using a single certificate as long as the domains are controlled by the same organization and share the same second-level domain name. For example, a Wildcard certificate issued to Company ABC using the Common Name ("*.CompanyABC.com") may be used to secure subdomains like login.companyabc.com, payment.companyabc.com and support.companyabc.com.

Site Seals are static or dynamic images that can be placed on SSL secured websites that allows visitors to tell at a glance that they can trust who they are dealing with, that the online site is validated and that they can transact safely and securely. Each of the three brands of SSL Certificates offer different site seals:

 VeriSign Secured Seal is available with all VeriSign-branded SSL certificates for installation on pages secured with a VeriSign SSL Certificate. Customers not only see the trust mark, they can click the seal and verify the site in real time. More than any other trust mark, 79% of U.S. online shoppers are familiar with the VeriSign Secured Seal.

 GeoTrust True Site Seal is available with every GeoTrust SSL Certificate and shows web site visitors that their information is protected. The GeoTrust True Site Seal can be added to home pages, buy pages, log-ins or any other page on your authenticated site where visitors need to verify a web site. Depending on the certificate, True Site Seals are either dynamic or static and may contain further information about the identity of the certificate owner.

 thawte Trusted Site Seal is a dynamic image appearing on websites secured with thawte SSL certificates allowing visitors to tell at a glance that they can trust the site, that the online site is validated and that they can transact safely and securely.

Security is a concern for many people who use the Internet. People on the Internet also recognize that websites that use digital certificates are ones that are more secure and trustworthy. Digital certificates give users confidence that their data is protected and they have a reduced risk of their information being divulged beyond the organization they are dealing with.

In addition to having a digital certificate, the Certificate Authorities that OpenSRS uses all offer Trust Seals which allow an image seal to be placed on the website itself. The banner links through to a trusted external organization that further validates the trustworthiness of the website.

A Dynamic Seal is dynamic image displayed on a website that shows the current time and date of when the web page was loaded which indicates that the seal is valid for the domain it is installed on and is current and not expired. When the image is clicked, it will display information from the Certificate Authority about the website's profile which validates the web site's legitimacy. This will give visitors of the website increased confidence in the site's security.

A Static Seal is simply an static graphic image that can be placed on the website to indicate where the digital certificate was obtained from, however there is no click-through validation of the website and the image does not show the current time and date.

A Root Certificate Authority is the highest level of digital certificate within the trust relationship of certificates. Web browsers, and other applications which use digital certificates, have a limited set of Root Certificates from organizations that have been recognized as Root Certificate Authorities. All certificates they create will include a link back to their Root Certificate so web browsers will understand that the certificate is valid and can be trusted.

Most applications that use digital certificates, such as web browsers, will have a list of the official Certificate Authorities so they are aware they are legitimate and trusted. Certificate Authorities who are not in this list will cause the application to display warnings that the Certificate Authority is unknown, and may also suggest there are security issues associated with unknown Certificate Authorities.

Public and Private keys are a pair of unique codes used to encrypt data sent to another computer. When a computer wishes to speak securely with another computer, it sends its Public Key to the other computer. This Public Key can be used by the second computer to encrypt information sent back to the first computer.

The perception of SSL Certificates is that they are primarily used to secure the transmission of financial information in ecommerce. But with identity theft on the rise and more and more businesses opening up their networks via the Internet, protecting all types of personally identifiable information (social security numbers, login information, etc.) and key business information is important. SSL Certificates can be used to secure the following:

 Web servers

 Mail servers

 Web forums

 Blogging platforms

 Control panels

 Corporate intra - and extranets

 Wikis

 VPNs

 Customer portals

 and more!

Digital certificates are a method to encrypt communications between two programs, and although they are most commonly used for secure web surfing they can be used for an unlimited number of communications including:

 Email

 Instant messaging or other communications protocols

 FTP servers

There are three methods of validation performed:

1.  Domain-validated certificates: Only the verified owner of the domain name can purchase an SSL certificate for the domain. Validation is done via email sent to the domain owner. Domain validated SSL certificates can be issued very quickly - often in minutes.
2.  Organization-validated certificates: When corporate identity validation is important, an SSL Certificate for the organization assures customers that the website is trustworthy and secure. Only verified representatives of the organization may purchase these certificates and business licences or other proof is required. The Certificate Authority will verify through phone call to ensure that the certificate request is legitimate.
3.  Extended Validation (EV) certificates: With Extended Validation, as well as displaying the certificate seal, the address bar is displayed in green, providing customers with an extra level of confidence. The green address bar is a strong visual indication that the site has an Extended Validation Certificate. The Security Status bar displays the organization name and the name of the Certificate Authority (CA).
   
   In order to be approved for an Extended Validation certificate, the certificate authority will actively check the Organization and the individual applying for the certificate. This is to verify that the Organization is positively the Organization they claim to be, and the individual requesting the certificate is someone who is authorized to request a digital certificate. Extended Validation may take as long as one week to complete.

All certificates ensure that the information transmitted is encrypted and secure, but Extended Validation certificates have additional validation of the organization requesting the certificate. This is indicated in web browsers by turning the address bar green, as well as displaying the organization name contained within the certificate. Users visiting a web site with this level of validation will have a higher amount of confidence in conducting transactions with that site.

Certificates will only secure one domain name, and depending on the type of cert you obtain, it will be valid for only one hostname beneath that domain name. (ie: only www.example.com and not subdomain.example.com)

Wildcard certificates are valid for an unlimited amount of hostnames beneath a single domain name. With Wildcard certificates, the computers using mail.example.com, smtp.example.com, www.example.com as well as any other host based on example.com domain will all be able to use the same certificate.

Web sites using an Extended Validation certificate will cause web browsers to change the address bar to a green colour and also display the name of the Organization the certificate was issued to. Certificate Authorities will only grant Extended Validation certificates to organizations after the Certificate Authority verifies that the genuine organization is requesting the certificate.

The green address bar gives assurance to visitors of the web site that they are definitely visiting a web site run by the organization they should be dealing with, rather than a fraudulent site posing as that organization.

Most types of digital certificates will only secure a computer under a single hostname (ie: www.example.com), but Wildcard certificates will secure an unlimited number of different hostnames beneath a single domain name. (ie: subdomain.example.com) If you have a large number of servers under a domain name with a variety of hostnames, or you need the flexibility of not being confined to a single hostname, a Wildcard certificate is an excellent option for flexibility, management. It eliminates the need for multiple individual certificate orders for multiple hostnames.

There are a number of reasons digital certificates sold by Danipa are a great choice, including:

 Certificates sold through Danipa are compatible with all current web browsers (mobile or desktop) and web servers they will be used with. Their use is not limited to just web servers as they can be used to secure communications with other protocols such as SMTP, IMAP, POP and many more.

 There are a variety of certificates at different prices to suit your particular needs and budget.

 Certificate purchasing is supported by our excellent Support and Sales staff.

 Danipa uses Certificate Authorities who are leaders in the digital certificate industry.