Embed Size (px)
Citation preview
Reselling the GlobalSign Online Security Services
Understanding the true opportunity for Hosting Companies & Domain Registrars
GLOBALSIGN WHITE PAPER
www.globalsign.com
GLOBALSIGN WHITE PAPER
Page 2
www.globalsign.com/partners
CONTENTS
Introduction .............................................................................................................................................. 3
The SSL Certificate opportunity ................................................................................................................ 3
What is SSL? .......................................................................................................................................... 3
How should SSL be used? ...................................................................................................................... 4
SSL Certificate range ............................................................................................................................. 4
SSL Automation technologies ............................................................................................................... 4
Expanding market reach by offering Client Certificates ........................................................................... 7
Code Signing .......................................................................................................................................... 7
Adobe CDS Digital IDs ........................................................................................................................... 7
Email Security ........................................................................................................................................ 8
Authentication ...................................................................................................................................... 8
Microsoft Document Signing ................................................................................................................ 9
PersonalSign Digital IDs ......................................................................................................................... 9
Getting a Fast Return on your investment.............................................................................................. 10
SSL Reseller Models ................................................................................................................................ 10
Pay As You Go (PAYG) ......................................................................................................................... 10
Deposit ................................................................................................................................................ 10
Unlimited Issuance License ................................................................................................................. 10
Partner Enablement ................................................................................................................................ 10
Why Partner with GlobalSign? ................................................................................................................ 10
INQUIRE ABOUT GLOBALSIGN’S SECURITY SOLUTIONS ......................................................................... 12
ABOUT GLOBALSIGN ............................................................................................................................... 12
GLOBALSIGN WHITE PAPER
Page 3
www.globalsign.com/partners
Introduction Security issues are a main concern for businesses of all sizes;
providers are recognizing the potential for revenue gains by
reselling security solutions to increase their average
customer values. Companies who offer SSL Certificates in
their packages or as a value-add option gain the immediate
benefits of increased revenues and a more complete and
"sticky" product portfolio.
Digital IDs are also becoming a growing requirement within
organizations, as customers are looking to secure their
online communications, securely authenticate to online
services, and sign online documents.
GlobalSign has established itself as a one-stop shop for
security services for the channel. Products can easily be
added to product bundles, or resold separately as individual
line items. As security services support the core offering,
the customer profile is essentially identical.
This white paper details how the GlobalSign digital
certificate solutions can be integrated into hosting
portfolios, the automation technologies available to deploy
them and highlights the added value they deliver.
The SSL Certificate opportunity
What is SSL?
The Secure Sockets Layer (SSL) (and Transport Layer
Security (TLS)) is the most widely deployed security
protocol used today. It is essentially a protocol that
provides a secure channel between two machines
operating over the Internet or an internal network. In
today’s Internet focused world, we typically see SSL in use
when a web browser needs to securely connect to a web
server over the unsecure Internet.
Technically SSL is a transparent protocol, which requires
little interaction from the end user when establishing a
secure session. In the case of a browser, users are alerted
to the presence of SSL when the browser displays a padlock,
or in the case of Extended Validation SSL the browser
address bar displays both a padlock and a green bar. This is
the key to the success of SSL – it is an incredibly simple
experience for end users.
Extended Validation (EV) SSL Certificates (e.g. GlobalSign
ExtendedSSL):
The address bar turns from white to green, indicating
to visitors that the website is using Extended
Validation SSL.
The website owner’s verified company name is
displayed prominently in the address bar. Extended
Validation SSL is the only way for a company to get its
name displayed in the browser address bar.
The padlock is activated, showing that the browser
connection to the server is now secure. If there is no
padlock or the padlock shows a broken symbol, the
page does not use SSL.
The standard HTTP is changed to HTTPS, automatically
telling the browser that the connection between the
server and browser must be secured using SSL.
Standard SSL Certificates (e.g. GlobalSign
DomainSSL and OrganizationSSL or entry level AlphaSSL):
The padlock is activated, showing that the browser
connection to the server is now secure. If there is no
padlock or the padlock shows a broken symbol, the
page does not use SSL.
The standard HTTP is changed to HTTPS, automatically
telling the browser that the connection between the
server and browser must be secured using SSL.
SSL is a protocol, and in order to use the SSL protocol
organizations need an SSL Certificate. An SSL Certificate is a
small data file that digitally binds a cryptographic key to
your organization’s details, typically:
Your domain name, server name or hostname
Your company name and location
In certain cases your organizational contact details
An organization needs to install the SSL Certificate onto
their web server to initiate SSL sessions with browsers.
Depending on the type of SSL Certificate applied for, the
organization will need to go through differing levels of
GLOBALSIGN WHITE PAPER
Page 4
www.globalsign.com/partners
vetting. Once installed, it is possible to connect to the
website over https://www.domain.com as this tells the
server to establish a secure connection with the browser.
Once a secure connection is established all web traffic
between the web server and the web browser will be
encrypted.
How should SSL be used?
No matter what information is being submitted (i.e. via a
form on your website to your server) you should be using
SSL. SSL is not just for securing credit card transactions. All
levels of personal information are sensitive and should be
secured, from newsletter signups to account logins, SSL
should be the minimum security standard when collecting
and submitting data.
SSL should be used:
To secure online credit card transactions.
To secure online system logins, sensitive information
transmitted via web forms, or protected areas of
web sites.
To secure webmail and applications like Outlook
Web Access, Exchange and Office Communications
Server.
To secure workflow and virtualization applications
like Citrix Delivery Platforms or cloud-based
computing platforms.
To secure the connection between an email client
such as Microsoft Outlook and an email server such
as Microsoft Exchange.
To secure the transfer of files over https and FTP
services such as website owners updating new pages
to their websites or transferring large files.
To secure hosting control panel logins and activity
like Parallels, cPanel, and others.
To secure intranet-based traffic such as internal
networks, file sharing, extranets, and database
connections.
To secure network logins and other network traffic
with SSL VPNs such as VPN Access Servers or
applications like the Citrix Access Gateway.
SSL Certificate range
GlobalSign offers a full range of SSL Certificates designed to
meet the requirements of each customer profile – from
entry to enterprise level:
SSL Product Customer Profile
GlobalSign
ExtendedSSL
Ideal for brand savvy and security
conscious customers. Extended
Validation activates the green
address bar and displays the verified
organization name for enhanced
trust levels. The Certificate offers a
further extended feature set
including Subject Alternative Names
(multi-domain) support and a $250k
warranty. Highest success is found
when offering as a high value upsell
across all hosting packages and
websites looking to maximize sales
and conversions.
GlobalSign
OrganizationSSL
Necessary for brand savvy and
security conscious customers.
Traditionally vetted organization
validated SSL is combined with an
extended feature set including
Subject Alternative Names (multi-
domain) support and significant
warranties. Highest success is found
when adding to dedicated hosting
packages where identity assurance is
necessary for customers to maximize
sales and conversions.
GlobalSign
DomainSSL
Ideal for brand savvy customers only
looking for encryption. Instant
issuance is combined with an
extended feature set including
Subject Alternative Names (multi-
domain) support and significant
warranties. Highest success is found
when adding to entry level hosting
packages.
AlphaSSL Entry level, price-sensitive customers
needing an instant issuance
Certificate. Highest success is found
when bundling AlphaSSL in price-
competitive hosting packages.
SSL Automation technologies
GLOBALSIGN WHITE PAPER
Page 5
www.globalsign.com/partners
OneClickSSL
Our unique OneClickSSL technology allows to automatically
install issued domain validated Certificates, with plug-ins
available for IIS, Apache and various other control panels.
OneClickSSL is a revolutionary SSL technology which turns
the Certificate lifecycle into a simple, easy to deploy
solution, allowing resellers to focus on their core business
whilst benefiting from the extra revenue.
Full automation with voucher-initiated process
Customers use a Secure Site Voucher for the product and
validity period of their choice. The redemption of the
voucher using one of the available plug-ins launches the
whole SSL provisioning process, as the plug-in will
transparently create the CSR for the correct website,
validate the domain control, install the issued certificate
and bind it to the appropriate website, all in under a minute
and free of the usual complications.
Direct integration into control panels and webservers
OneClickSSL can be easily deployed using one of the plugins
for cPanel, Plesk, IIS or Apache. APIs are also available for
bespoke integrations such as those deployed into the Verio
and OnApp environments.
The direct integration options facilitate implementation
into hosting workflows, helping hosting companies to
complement their security portfolio hassle-free.
Best Security Practices
OneClickSSL takes the pain out of best security practices by
enforcing the strongest key size and algorithm choice. Being
based on a true multi-factor authentication technique, the
plug-ins provide the highest security levels for you and your
customers in these times of increased threats:
Something the user is (A 2048 bit RSA private /
public key pair)
Something the user has (A domain that is
registered on the DNS system and is verifiable to
an IP controlled by the user)
Something the user knows (The OneClickSSL
Voucher)
Benefits for Hosting Companies
Hosting companies can use the GlobalSign Certificate
Center (GCC) or XML API to apply for individual Secure Site
vouchers to be redeemed using any of the OneClickSSL
client plug-ins. Alternatively, single “supervouchers” can be
issued that can be reused across the entire hosting
customer base, allowing hosting companies to easily mass
provision SSL. Hosting companies can restrict the IP range
to which vouchers may be redeemed, ensuring they remain
in full control of the OneClickSSL plug-in usage on their
networks and to restrict redemption of vouchers to those
they manage/sell. OneClickSSL ensures that hosting
companies have unlimited business potential and flexible
models for deploying SSL to their customer base. Never
before has SSL been so controllable on a hosted network.
Generate a new revenue stream / augment existing
revenue stream
The use of SSL is now a key aspect of online security and is
a requirement for any organization that has an online
presence (to protect customers against phishing attacks,
credit card fraud and identity theft, whilst protecting the
organization's brand and reputation against fraudulent
websites). So why not take advantage of this opportunity to
not only sell SSL Certificates, but to provision secure sites
across your network with zero support overheads and a
dramatically improved customer experience?
Offer Secure Site Vouchers and prevent clients from
purchasing their SSL elsewhere
Being successful in a highly competitive market is extremely
difficult, so differentiate from competitors with
OneClickSSL. “Secure sites” can be offered as part of an
existing package, producing a comprehensive product
portfolio. GlobalSign's SSL technology is a superior product
in the market place by means of deployment, feature set,
compatibility and account management/technical support.
As well as expanding the organization’s product portfolio,
the organization will be able to offer the most secure and
advanced SSL products available, whilst keeping support
costs to nil.
Multiple SSL on one IP
Overcome IP restrictions
Traditionally, SSL Certificates haves required a dedicated IP
address. With the APNIC and RIPE stock being close to zero,
there are not enough IP addresses to compete with the
GLOBALSIGN WHITE PAPER
Page 6
www.globalsign.com/partners
demands of today, leaving hosting companies to deal with
increasing challenges when reselling SSL.
To overcome this issue, an extension for the TLS (formerly
SSL) protocol was released in 2003. This extension adds the
hostname of the website to the initial handshake from the
browser to the server, so the server knows which SSL
Certificate can be used to decrypt the information.
Unfortunately there are still a number of operating systems
that do not support the SNI technology, meaning that some
Internet users won’t be able to visit secure websites that
use SNI.
Full compatibility with CloudSSL
The GlobalSign solution couples the SNI technology with a
fall back CloudSSL Certificate for applications that lack SNI
support, so your customers can benefit from a secure site
without cutting access to a number of visitors.
An SSL Certificate is deployed for each individual website,
allowing for any level of security to be deployed (up to the
highest level Extended Validation SSL). The certificates can
be installed on several name-based virtual hosts as per any
SNI-based https website. Each domain is then added to a
multidomain CloudSSL Certificate.
The CloudSSL Certificate will hold the company details of
the server administrator in the subject and a Subject
Alternative Name for each SSL-secured website on the IP
number. The information from the SSL Certificate will only
be shown to the users that lack SNI support.
Automation
The server side application delivered by GlobalSign
automatically updates and maintains the CloudSSL
Certificate, saving website administrators valuable time.
After a one-time configuration and independently of the
control panel used, the CloudSSL is automatically created,
installed, validated and updated as new websites need to
be added or removed with a simple script that can run at
any chosen time.
The application is already available for most webservers,
such as Apache, NGINX and Pound, as well as for custom
deployments notably on load balancers.
Expand your SSL business
The CloudSSL & SNI solution enables hosting companies to
benefit fully from the SSL opportunity by addressing their
operational limitations and simplifying the process for the
adoption and usage of SSL security.
As well as saving website administrators time, and thus
money, the ability to host multiple SSL Certificates on a
single IP address also opens up a new market opportunity
especially by alleviating restrictions in shared hosting
environments.
GLOBALSIGN WHITE PAPER
Page 7
www.globalsign.com/partners
Expanding market reach by offering
Client Certificates In competitive times, companies are looking for value-add
products that complement core services and existing
portfolios. With GlobalSign you have the opportunity to add
a new revenue line and maximize customer satisfaction by
offering Client Certificates as part of your core service, and
responding to your customers’ requirements in terms of
code signing, secure email, online authentication and
document signing.
GlobalSign offers a SaaS (Software as a Service) web portal
designed to simplify the application process of Client
Certificates. GlobalSign conducts all the necessary vetting
and can send the issued Certificate to either the Partner, or
the end customer.
Code Signing
What is Code Signing?
Software vendors can digitally sign and timestamp the
software they distribute over the Internet. This digital
signing process, called code signing, is the virtual equivalent
to shrink-wrapping CD-based software for distribution – it
ensures the end user knows the software is legitimate,
comes from a known software vendor and the code has not
been tampered with since being published.
As unsigned software is subject to tampering, such as the
insertion of spyware or malware, end users are encouraged
not to run unsigned code or executables by warning
messages displayed in the browser.
Once digitally signed using a Code Signing Certificate,
customers can be sure of the identity of the software
vendor and that the software has not been altered since
being published, adding an essential level of trust.
Code Signing using a trusted third party like GlobalSign
prevents:
• Users abandoning the installation of an application that
is not easily identified as genuine
• Malicious alteration of legitimate code
• Identity theft of vendor or code author
Code Signing Certificates
Code Signing Certificates are digital data files that provide
developers with the ability to digitally sign, or bind their
authenticated publisher identity, to the software they
distribute. With the GlobalSign Code Signing Certificates,
organizations can digitally sign and timestamp the software
they distribute over the Internet.
Once digitally signed, customers can be sure of the identity
of the software vendor and that the software has not been
altered since being published. The security warnings change
from being worrying to alerting the user the publisher of the
digitally signed software is known:
GlobalSign offers standard and Extended Validation Code
Signing Certificates to provide customers with the ability to
attest to authentication, security and integrity of their code
for a number of platforms, including MS Authenticode,
Adobe Air, Apple, Mozilla & Netscape objects, Java, MS
Office & VBA.
Adobe CDS Digital IDs
What is CDS?
Certified Document Services (CDS) is the first digital signing
solution that allows authors to create Adobe® PDF files that
automatically certify to the recipient that the author's
identity has been verified by a trusted organization.
Authors of PDFs add digital Certifying Signatures and
Approval Signatures to documents they distribute over the
Internet. The process is the virtual equivalent to sealing a
document and adding wet-ink signatures and assures the
GLOBALSIGN WHITE PAPER
Page 8
www.globalsign.com/partners
recipient that the document is authentic, comes from a
verified source, and the contents have not been tampered
with since being published.
GlobalSign CDS Certificates
GlobalSign is an authorized participant in Adobe's Certified
Document Services (CDS) program and operates under a
stringent set of policies and standards developed by Adobe
and audited by WebTrust to allow GlobalSign to issue
Adobe recognized CDS Certificates, branded as PDF Signing
Digital IDs.
The GlobalSign digital certificates are chained to the Adobe
Root Authority and hence are instantly validated when the
recipient opens the document using a free Adobe reader,
displaying the “Certified Document Blue Bar”.
Features
Enables PDF security
No plug-ins or extra software needed
Desktop- or Server-based
RFC 3161 compliant
Certification Signatures
Approval Signatures
True multilingual support
WebTrust accredited
Email Security
What is Email Security?
GlobalSign Email Security solutions allow the owner of a
digital certificate to digitally sign and encrypt email (using
standards based S/MIME) - proving legitimacy of personal
and company email, making it tamper-proof and keeping it
safe from prying eyes.
Secure Email Digital IDs (branded PersonalSign) allow email
to be used securely by using the Encrypt & Digitally Sign
ribbon buttons already available in all popular email clients
such as Outlook and Mozilla Thunderbird.
Why digitally sign?
Digital signatures allow users to protect their email identity,
by proving the origin of the message and making sure that
the sender is identified as the legitimate sender. Secure
messaging requires digital signatures to be verifiable from a
trusted source such as GlobalSign.
Why encrypt?
Encryption ensures that email remains confidential by
protecting the message and attachments. Only the
intended recipient can 'unlock’ the message (even when
sending it through unsecure networks).
Authentication
What is Authentication?
Client authentication lets you authenticate users who are
accessing the server by exchanging a client certificate - this
means no more "Anonymous" entries will appear in the
User Activity log of a database when accessed by an
Internet user. The client certificate is authenticated by a
Certification Authority (CA) such as GlobalSign.
How does it work?
The server requests a certificate from the client to verify
that the client is who it claims to be. The certificate must be
a X.509 certificate and signed by a Certificate Authority (CA)
trusted by the server. It can only be used when a server
requests a certificate from a client.
Factors
For a positive identification, at least two but preferably all
three factors should be verified:
Ownership factors
Something the user has, e.g. security token
Knowledge factors
Something the user knows, e.g. password
Inherence factors
Something the user is or does, e.g. fingerprints
Requirements
The goals of a server authentication system depend on the
strength and granularity of authentication desired.
Granularity refers to the fact that some servers identify
individual users throughout a session, while others identify
users only during the first request. A fine-grained system is
GLOBALSIGN WHITE PAPER
Page 9
www.globalsign.com/partners
useful if specific authorization or accountability of a user is
required. A coarse-grained system may be preferred in
situations where partial user anonymity is desired.
Microsoft Document Signing
GlobalSign Digital IDs are cryptographic signing Certificates
that allow the user to digitally sign Microsoft Word
documents, Excel spreadsheets, Powerpoint Presentations
and VBA macros. A signed document/spreadsheet/PPT file
carries the signer's identity and assures the reader of its
integrity, giving higher trust levels than standard
documents.
A digitally signed document confirms authorship and origin
and alerts recipients to any unauthorized changes. It is
suitable for use with all versions of Microsoft Office.
PersonalSign Digital IDs
What is Personal Sign?
Digital IDs protect data integrity and provide assurances of
authorship and origin to recipients.
Features
Full range of certificates available, with varying vetting
levels to suit organizations’ specific needs
Cost-effective - Secure an unlimited number of
emails/documents with a single Digital ID
Instantly Trusted and Verified signatures in most
popular applications via ubiquitous digital credentials.
All certificates are issued from the well-established
2048 GlobalSign Root CA.
Meet company security policy and regulatory
compliance. The digital IDs provide assurances of origin,
integrity and non-repudiation.
Trust levels
GlobalSign offers a full range of PersonalSign Certificates
(Digital IDs issued to people or departments) with varying
trust levels to suit the specific requirements of your
customer base.
Digital ID Customer Profile
PersonalSign 1 Entry level Digital ID for
individuals who do not require
identity assurance
PersonalSign 2 Digital ID for individuals who
wish to prove their identity
PersonalSign 2 Pro Used for individuals
representing organizations, as
both the individual’s identity
and the company existence are
verified.
PersonalSign 2
Department
Used for departmental
"identities" (such as Marketing
or Legal) within an
organization.
PersonalSign 3 Pro Used for individuals
representing organizations to
authenticate to participating
Government online services.
GLOBALSIGN WHITE PAPER
Page 10
www.globalsign.com/partners
Getting a Fast Return on your
investment
With all new ventures the return on investment must
outweigh the associated costs. With GlobalSign's Reseller
Program there are very few, if any, costs involved, and
many benefits to take advantage of. Partners are assigned
a dedicated account manager, as well as a marketing
support manager, and technical support services are readily
available from our local offices and multilingual teams.
SSL Reseller Models
Pay As You Go (PAYG)
Partners simply use a credit card to purchase each
Certificate that is resold. Discounts are immediate –
ensuring that even without commitment, the best SSL
reseller margins in the industry are achieved.
Deposit
Partners place a deposit, with the amount placed linked to
the discount rate made available. The deepest discounts are
available via the deposit method. Unlike other SSL
providers, deposits with GlobalSign do not expire and can
be rolled over, year on year.
Unlimited Issuance License
GlobalSign has pioneered the Unlimited Issuance License.
This enables hosting companies to issue an unlimited
number of Certificates for a yearly flat fee. This model has
been very successful with companies mass issuing SSL
Certificates such as LiquidWeb, 123-Reg, Webfusion &
Singlehop.
Partner Enablement GlobalSign offers 4 levels of Partnership with associated
benefits.
Authorized Partners receive instant discounts, a reseller
partner portal (GlobalSign Certificate Center), canned sales
and marketing resources and instant access to technical
support.
Silver, Gold and Platinum Partners receive accelerated
discounts, access to the advanced APIs, control panel plug-
ins, dedicated marketing assistance, varying levels of co-
marketing / co-branding opportunities & feature
prioritization.
Why Partner with GlobalSign? With fantastic margins and increased revenue potential,
this is a simple, but sophisticated reseller program enabling
you to generate new revenue streams, expand your product
portfolio and provide the best digital certificate solutions
available. The program is built around the needs of hosting
companies, VARs and ISPs, fulfilling both technical and
marketing requirements:
The program has an extremely fast return on investment
with the option of no commitment. It also involves minimal
time, effort and resources. But don’t just take our word for
it, ask any of our thousands of hosting partners…
Why Partner
with GlobalSign?
New & Repeat
Revenue
Highest Margin
Potential
The Best Security Service
products
Dedicated Technical &
Account Support
Scalable Integration / Automation
Tools
Free Sales & Marketing Resources
GLOBALSIGN WHITE PAPER
Page 11
www.globalsign.com/partners
“GlobalSign’s CloudSSL & SNI solution will enable us to increase our SSL customer base by at least 55%”.
Munesh Singh, CEO and Founder ZNetLive
The OneClickSSL plug-in for cPanel helps us be more efficcient when installing SSL Certificates. It facilitates the process
tremendously and has differentiated us from the competition.”
Thamer Ale, Director, Neothek
“GlobalSign’s solution perfectly fits the requirements of a cloud deployment. CloudSSL allows us to secure a very large number of
customer domains on a single IP address, so we can increase security whilst keeping costs down.”
Andrew Lee, Founder, Firebase
”We chose GlobalSign based on reliability, cost and overall ROI. Our customers
have increasing security concerns which prompted us to find a provider who could
offer the most reliable and cost effective SSL security solution.”
Travis Stoliker, Marketing Director, Liquidweb
GLOBALSIGN WHITE PAPER
Page 12
www.globalsign.com/partners
INQUIRE ABOUT GLOBALSIGN’S SECURITY SOLUTIONS To join now, or for further information about becoming a GlobalSign Partner visit our web site at
https://www.globalsign.com/en/partners/.
ABOUT GLOBALSIGN GlobalSign, founded in 1996, is a provider of identity services for the Internet of Everything (IoE),
mediating trust to enable safe commerce, communications, content delivery and community
interactions for billions of online transactions occurring around the world at every moment.
Its identity and access management portfolio includes access control, single sign-on (SSO),
federation and delegation services to help organizations and service providers create new
business models for customer and partner interactions.
GlobalSign’s core digital certificate solutions allow its thousands of authenticated customers to
conduct SSL secured transactions, data transfer, distribution of tamper-proof code, and protection
of online identities for secure email and access control.
GlobalSign’s solutions are designed to address the massive scalability demanded by the emerging
$14.4 trillion IoE market, where the ability to make secure networked connections among people,
processes, data and things, will require that every “thing” have a trusted identity that can be
managed. The company has offices in the U.S., Europe and throughout Asia
Accredited to the highest standards
As a WebTrust accredited public Certificate Authority, and member of the Online Trust Alliance,
CAB Forum and Anti-Phishing Working Group, our core solutions allow our thousands of
enterprise customers to conduct secure online transactions and data submission, and provide
tamper-proof distributable code as well as being able to bind identities to Digital Certificates for
S/MIME email encryption and remote two factor authentication, such as SSL VPNs.
GlobalSign US & Canada
Tel: 1-877-775-4562
www.globalsign.com
GlobalSign EU
Tel: +32 16 891900
www.globalsign.eu
GlobalSign UK
Tel: +44 1622 766766
www.globalsign.co.uk
GlobalSign FR
Tel: +33 9 75 18 32 00
www.globalsign.fr
GlobalSign DE
Tel: +49 800 7237980
www.globalsign.de
GlobalSign NL
Tel: +31 20 8908021
www.globalsign.nl
