Learn about Zero Trust Architecture
Impenetrable cybersecurity without sacrificing usability
Gain detailed visibility into all your endpoints activities
Harden applications and hardware environments
Immediate and continuous response to incidents
Close the window of time your data could be exposed
Get your Comodo solutions setup, deployed or optimized
Control access to malicious websites
Defend from any internet based threats
Stop email threats before it enters your inbox
Preserve and protect your sensitive data
Keep your website running fast and malware free
Add encryption to your websites
Automated certificate mgmt. platform
Secure private intranet environments
Digital signature solutions for cloud apps
Encrypt emails for senders and recipients
Stay compliant with PCI DSS
Trusted authentication for IoT devices
Francisco Partners a leading technology-focused private equity fund, has acquired a majority stake in Comodo’s certificate authority business. Newly renamed from Comodo CA Limited to Sectigo Limited. Privacy Policies, Trademarks, Patents and Terms & Conditions are available on Sectigo Limited’s web site.
Meet the people behind the direction for Comodo
Get the latest news about Comodo
People are the key to achievement and prosperity
Stay up to date with our on-demand webinars
Worldwide: Sales, Support and General Inquiries
Schedule a live demonstration of our solutions
Need immediate help? Call 1-888-551-1531
Instantly removes viruses to keep your PC virus free
Experience true mobile security on your mobile apple devices
Secure Internet Browser based on Chrome
Chrome browser internet security extension
Submit a ticket to our support team
Share any product bugs or security flaws
Collaborate with research experts on data sets
Valkyrie Threat Intelligence Plugins
Valkyrie Threat Intelligence APIs
Without SSL and SSL Certificates e-Commerce as we know it would not be possible. All SSL Certificates provide a secure connection between a browser and a server with all messages encrypted with Public Key Encryption (PKI) technology.
So, why are there so many product offers at very different prices? Innovative product offerings like wildcard SSL that secure multiple sub domains is one reason. Bundling of other services with SSL such as vulnerability scanning services such Hackerguardian is another.
However, the main difference in the cost of an SSL Certificate is the level of identity verification performed by the certificate authority issuing the certificate. Identity verification can assure the visitors of a site that it can be trusted to do business at, so understanding the various levels of verification is critical in selecting the most appropriate certificate to secure the site.
There are three main types of certificate validation: Domain Validated (DV), Organization Validated (OV) and Extended Validation (EV). A certificate that is created without validation is called “Self Signed” because the certificate signature field is populated by the same organization requesting the certificate, not a 3rd party certificate authority (CA).
You can create your own “self-signed” SSL Certificate for free, but there is no identity verification. Browsers will display ominous security warnings that a site is untrustworthy before allowing users to access a web site using a self signed certificate. This makes them impractical for a public facing web site. Because they are free they are frequently used in intranet labs to save money during web and systems development.
These certificates are the lowest cost means of website security but do not provide authentication or validation of the business behind the website. Unlike EV and OV certificates, DV certs provide are validated and provisioned automatically via an online interface using a system of ‘challenge-response’ emails. If the site you are on is using a DV certificate then Dragon will change HTTPS to yellow and place a yellow alert symbol over the padlock. This is to inform you that the organization behind the website has not been authenticated so you may want to proceed with caution:
These certificates include full business and company validation from a certificate authority using currently established and accepted manual vetting processes. Because of this requirement, these certificates provide significantly higher levels of trust and security than DV SSL certificates but are not validated to the stringent standards set by the CA/B forum and do not possess the ability to turn the address bar green in the latest browsers. If the site you on is using an OV certificate then Dragon will display the padlock and HTTPS in a green color. This is to inform you that the business behind the website has been validated and it is safe to proceed with any transaction:
EV certificates are validated to the rigorous guidelines set by the CA/B Forum – an independent standards body that requires in-depth verification of the legality and probity of a company before it is issued with a certificate. Because of this, EV certificates provide the highest levels of security and trust to end-users. To indicate this higher level of trust, Comodo Dragon turns the entire address bar green if you are on a site which is using an Extended Validation certificate:
Users can enable or disable this feature in the HTTPS/SSL section of ‘Settings’ > ‘Show advanced settings’ link. Click here for information.
An SSL Certificate can only signify that it is safe to trade with a company when two vital steps are completed prior to its issuance:
1. Verification that the certificate applicant is in control of the domain name.
2. Verification that the certificate applicant is a legitimate and legally accountable business.
DV certs only establish 1) whereas OV and EV certs establish both 1) and 2)
Trust between the person using the browser the website they are connected to is only possible when BOTH these stages of validation are completed. Step 2) is carried out by a Certificate Authority (CA) such as Comodo or Verisign. A CA employs human operatives to carry out strict vetting of the applicant’s business and legal standing. Only once this layer of company validation has been completed can a website be truly ‘trusted’.
High Assurance certificates show the full company name and address – indicating that background checks were run prior to the certificate being issued to the organization.
Sign up to our cyber security newsletter
Comodo Cybersecurity would like to keep in touch with you about cybersecurity issues, as well as products and services available. Please sign up to receive occasional communications. As a cybersecurity company, we take your privacy and security very seriously and have strong safeguards in place to protect your information.
See how your organization scores against cybersecurity threats
Advanced Endpoint Protection, Endpoint Detection and Response Built On Zero Trust Architecture available on our SaaS EPP