White Paper - Adding security services into your portfolio

Reselling the GlobalSign Online Security Services Understanding the true opportunity for Hosting Companies & Domain Registrars GLOBALSIGN WHITE PAPER www.globalsign.com

Transcript of White Paper - Adding security services into your portfolio

Reselling the GlobalSign Online Security Services

Understanding the true opportunity for Hosting Companies & Domain Registrars




Page 2



Introduction .............................................................................................................................................. 3

The SSL Certificate opportunity ................................................................................................................ 3

What is SSL? .......................................................................................................................................... 3

How should SSL be used? ...................................................................................................................... 4

SSL Certificate range ............................................................................................................................. 4

SSL Automation technologies ............................................................................................................... 4

Expanding market reach by offering Client Certificates ........................................................................... 7

Code Signing .......................................................................................................................................... 7

Adobe CDS Digital IDs ........................................................................................................................... 7

Email Security ........................................................................................................................................ 8

Authentication ...................................................................................................................................... 8

Microsoft Document Signing ................................................................................................................ 9

PersonalSign Digital IDs ......................................................................................................................... 9

Getting a Fast Return on your investment.............................................................................................. 10

SSL Reseller Models ................................................................................................................................ 10

Pay As You Go (PAYG) ......................................................................................................................... 10

Deposit ................................................................................................................................................ 10

Unlimited Issuance License ................................................................................................................. 10

Partner Enablement ................................................................................................................................ 10

Why Partner with GlobalSign? ................................................................................................................ 10

INQUIRE ABOUT GLOBALSIGN’S SECURITY SOLUTIONS ......................................................................... 12

ABOUT GLOBALSIGN ............................................................................................................................... 12


Page 3


Introduction Security issues are a main concern for businesses of all sizes;

providers are recognizing the potential for revenue gains by

reselling security solutions to increase their average

customer values. Companies who offer SSL Certificates in

their packages or as a value-add option gain the immediate

benefits of increased revenues and a more complete and

"sticky" product portfolio.

Digital IDs are also becoming a growing requirement within

organizations, as customers are looking to secure their

online communications, securely authenticate to online

services, and sign online documents.

GlobalSign has established itself as a one-stop shop for

security services for the channel. Products can easily be

added to product bundles, or resold separately as individual

line items. As security services support the core offering,

the customer profile is essentially identical.

This white paper details how the GlobalSign digital

certificate solutions can be integrated into hosting

portfolios, the automation technologies available to deploy

them and highlights the added value they deliver.

The SSL Certificate opportunity

What is SSL?

The Secure Sockets Layer (SSL) (and Transport Layer

Security (TLS)) is the most widely deployed security

protocol used today. It is essentially a protocol that

provides a secure channel between two machines

operating over the Internet or an internal network. In

today’s Internet focused world, we typically see SSL in use

when a web browser needs to securely connect to a web

server over the unsecure Internet.

Technically SSL is a transparent protocol, which requires

little interaction from the end user when establishing a

secure session. In the case of a browser, users are alerted

to the presence of SSL when the browser displays a padlock,

or in the case of Extended Validation SSL the browser

address bar displays both a padlock and a green bar. This is

the key to the success of SSL – it is an incredibly simple

experience for end users.

Extended Validation (EV) SSL Certificates (e.g. GlobalSign


The address bar turns from white to green, indicating

to visitors that the website is using Extended

Validation SSL.

The website owner’s verified company name is

displayed prominently in the address bar. Extended

Validation SSL is the only way for a company to get its

name displayed in the browser address bar.

The padlock is activated, showing that the browser

connection to the server is now secure. If there is no

padlock or the padlock shows a broken symbol, the

page does not use SSL.

The standard HTTP is changed to HTTPS, automatically

telling the browser that the connection between the

server and browser must be secured using SSL.

Standard SSL Certificates (e.g. GlobalSign

DomainSSL and OrganizationSSL or entry level AlphaSSL):

The padlock is activated, showing that the browser

connection to the server is now secure. If there is no

padlock or the padlock shows a broken symbol, the

page does not use SSL.

The standard HTTP is changed to HTTPS, automatically

telling the browser that the connection between the

server and browser must be secured using SSL.

SSL is a protocol, and in order to use the SSL protocol

organizations need an SSL Certificate. An SSL Certificate is a

small data file that digitally binds a cryptographic key to

your organization’s details, typically:

Your domain name, server name or hostname

Your company name and location

In certain cases your organizational contact details

An organization needs to install the SSL Certificate onto

their web server to initiate SSL sessions with browsers.

Depending on the type of SSL Certificate applied for, the

organization will need to go through differing levels of


Page 4


vetting. Once installed, it is possible to connect to the

website over https://www.domain.com as this tells the

server to establish a secure connection with the browser.

Once a secure connection is established all web traffic

between the web server and the web browser will be


How should SSL be used?

No matter what information is being submitted (i.e. via a

form on your website to your server) you should be using

SSL. SSL is not just for securing credit card transactions. All

levels of personal information are sensitive and should be

secured, from newsletter signups to account logins, SSL

should be the minimum security standard when collecting

and submitting data.

SSL should be used:

To secure online credit card transactions.

To secure online system logins, sensitive information

transmitted via web forms, or protected areas of

web sites.

To secure webmail and applications like Outlook

Web Access, Exchange and Office Communications


To secure workflow and virtualization applications

like Citrix Delivery Platforms or cloud-based

computing platforms.

To secure the connection between an email client

such as Microsoft Outlook and an email server such

as Microsoft Exchange.

To secure the transfer of files over https and FTP

services such as website owners updating new pages

to their websites or transferring large files.

To secure hosting control panel logins and activity

like Parallels, cPanel, and others.

To secure intranet-based traffic such as internal

networks, file sharing, extranets, and database


To secure network logins and other network traffic

with SSL VPNs such as VPN Access Servers or

applications like the Citrix Access Gateway.

SSL Certificate range

GlobalSign offers a full range of SSL Certificates designed to

meet the requirements of each customer profile – from

entry to enterprise level:

SSL Product Customer Profile



Ideal for brand savvy and security

conscious customers. Extended

Validation activates the green

address bar and displays the verified

organization name for enhanced

trust levels. The Certificate offers a

further extended feature set

including Subject Alternative Names

(multi-domain) support and a $250k

warranty. Highest success is found

when offering as a high value upsell

across all hosting packages and

websites looking to maximize sales

and conversions.



Necessary for brand savvy and

security conscious customers.

Traditionally vetted organization

validated SSL is combined with an

extended feature set including

Subject Alternative Names (multi-

domain) support and significant

warranties. Highest success is found

when adding to dedicated hosting

packages where identity assurance is

necessary for customers to maximize

sales and conversions.



Ideal for brand savvy customers only

looking for encryption. Instant

issuance is combined with an

extended feature set including

Subject Alternative Names (multi-

domain) support and significant

warranties. Highest success is found

when adding to entry level hosting


AlphaSSL Entry level, price-sensitive customers

needing an instant issuance

Certificate. Highest success is found

when bundling AlphaSSL in price-

competitive hosting packages.

SSL Automation technologies


Page 5



Our unique OneClickSSL technology allows to automatically

install issued domain validated Certificates, with plug-ins

available for IIS, Apache and various other control panels.

OneClickSSL is a revolutionary SSL technology which turns

the Certificate lifecycle into a simple, easy to deploy

solution, allowing resellers to focus on their core business

whilst benefiting from the extra revenue.

Full automation with voucher-initiated process

Customers use a Secure Site Voucher for the product and

validity period of their choice. The redemption of the

voucher using one of the available plug-ins launches the

whole SSL provisioning process, as the plug-in will

transparently create the CSR for the correct website,

validate the domain control, install the issued certificate

and bind it to the appropriate website, all in under a minute

and free of the usual complications.

Direct integration into control panels and webservers

OneClickSSL can be easily deployed using one of the plugins

for cPanel, Plesk, IIS or Apache. APIs are also available for

bespoke integrations such as those deployed into the Verio

and OnApp environments.

The direct integration options facilitate implementation

into hosting workflows, helping hosting companies to

complement their security portfolio hassle-free.

Best Security Practices

OneClickSSL takes the pain out of best security practices by

enforcing the strongest key size and algorithm choice. Being

based on a true multi-factor authentication technique, the

plug-ins provide the highest security levels for you and your

customers in these times of increased threats:

Something the user is (A 2048 bit RSA private /

public key pair)

Something the user has (A domain that is

registered on the DNS system and is verifiable to

an IP controlled by the user)

Something the user knows (The OneClickSSL


Benefits for Hosting Companies

Hosting companies can use the GlobalSign Certificate

Center (GCC) or XML API to apply for individual Secure Site

vouchers to be redeemed using any of the OneClickSSL

client plug-ins. Alternatively, single “supervouchers” can be

issued that can be reused across the entire hosting

customer base, allowing hosting companies to easily mass

provision SSL. Hosting companies can restrict the IP range

to which vouchers may be redeemed, ensuring they remain

in full control of the OneClickSSL plug-in usage on their

networks and to restrict redemption of vouchers to those

they manage/sell. OneClickSSL ensures that hosting

companies have unlimited business potential and flexible

models for deploying SSL to their customer base. Never

before has SSL been so controllable on a hosted network.

Generate a new revenue stream / augment existing

revenue stream

The use of SSL is now a key aspect of online security and is

a requirement for any organization that has an online

presence (to protect customers against phishing attacks,

credit card fraud and identity theft, whilst protecting the

organization's brand and reputation against fraudulent

websites). So why not take advantage of this opportunity to

not only sell SSL Certificates, but to provision secure sites

across your network with zero support overheads and a

dramatically improved customer experience?

Offer Secure Site Vouchers and prevent clients from

purchasing their SSL elsewhere

Being successful in a highly competitive market is extremely

difficult, so differentiate from competitors with

OneClickSSL. “Secure sites” can be offered as part of an

existing package, producing a comprehensive product

portfolio. GlobalSign's SSL technology is a superior product

in the market place by means of deployment, feature set,

compatibility and account management/technical support.

As well as expanding the organization’s product portfolio,

the organization will be able to offer the most secure and

advanced SSL products available, whilst keeping support

costs to nil.

Multiple SSL on one IP

Overcome IP restrictions

Traditionally, SSL Certificates haves required a dedicated IP

address. With the APNIC and RIPE stock being close to zero,

there are not enough IP addresses to compete with the


Page 6


demands of today, leaving hosting companies to deal with

increasing challenges when reselling SSL.

To overcome this issue, an extension for the TLS (formerly

SSL) protocol was released in 2003. This extension adds the

hostname of the website to the initial handshake from the

browser to the server, so the server knows which SSL

Certificate can be used to decrypt the information.

Unfortunately there are still a number of operating systems

that do not support the SNI technology, meaning that some

Internet users won’t be able to visit secure websites that

use SNI.

Full compatibility with CloudSSL

The GlobalSign solution couples the SNI technology with a

fall back CloudSSL Certificate for applications that lack SNI

support, so your customers can benefit from a secure site

without cutting access to a number of visitors.

An SSL Certificate is deployed for each individual website,

allowing for any level of security to be deployed (up to the

highest level Extended Validation SSL). The certificates can

be installed on several name-based virtual hosts as per any

SNI-based https website. Each domain is then added to a

multidomain CloudSSL Certificate.

The CloudSSL Certificate will hold the company details of

the server administrator in the subject and a Subject

Alternative Name for each SSL-secured website on the IP

number. The information from the SSL Certificate will only

be shown to the users that lack SNI support.


The server side application delivered by GlobalSign

automatically updates and maintains the CloudSSL

Certificate, saving website administrators valuable time.

After a one-time configuration and independently of the

control panel used, the CloudSSL is automatically created,

installed, validated and updated as new websites need to

be added or removed with a simple script that can run at

any chosen time.

The application is already available for most webservers,

such as Apache, NGINX and Pound, as well as for custom

deployments notably on load balancers.

Expand your SSL business

The CloudSSL & SNI solution enables hosting companies to

benefit fully from the SSL opportunity by addressing their

operational limitations and simplifying the process for the

adoption and usage of SSL security.

As well as saving website administrators time, and thus

money, the ability to host multiple SSL Certificates on a

single IP address also opens up a new market opportunity

especially by alleviating restrictions in shared hosting



Page 7


Expanding market reach by offering

Client Certificates In competitive times, companies are looking for value-add

products that complement core services and existing

portfolios. With GlobalSign you have the opportunity to add

a new revenue line and maximize customer satisfaction by

offering Client Certificates as part of your core service, and

responding to your customers’ requirements in terms of

code signing, secure email, online authentication and

document signing.

GlobalSign offers a SaaS (Software as a Service) web portal

designed to simplify the application process of Client

Certificates. GlobalSign conducts all the necessary vetting

and can send the issued Certificate to either the Partner, or

the end customer.

Code Signing

What is Code Signing?

Software vendors can digitally sign and timestamp the

software they distribute over the Internet. This digital

signing process, called code signing, is the virtual equivalent

to shrink-wrapping CD-based software for distribution – it

ensures the end user knows the software is legitimate,

comes from a known software vendor and the code has not

been tampered with since being published.

As unsigned software is subject to tampering, such as the

insertion of spyware or malware, end users are encouraged

not to run unsigned code or executables by warning

messages displayed in the browser.

Once digitally signed using a Code Signing Certificate,

customers can be sure of the identity of the software

vendor and that the software has not been altered since

being published, adding an essential level of trust.

Code Signing using a trusted third party like GlobalSign


• Users abandoning the installation of an application that

is not easily identified as genuine

• Malicious alteration of legitimate code

• Identity theft of vendor or code author

Code Signing Certificates

Code Signing Certificates are digital data files that provide

developers with the ability to digitally sign, or bind their

authenticated publisher identity, to the software they

distribute. With the GlobalSign Code Signing Certificates,

organizations can digitally sign and timestamp the software

they distribute over the Internet.

Once digitally signed, customers can be sure of the identity

of the software vendor and that the software has not been

altered since being published. The security warnings change

from being worrying to alerting the user the publisher of the

digitally signed software is known:

GlobalSign offers standard and Extended Validation Code

Signing Certificates to provide customers with the ability to

attest to authentication, security and integrity of their code

for a number of platforms, including MS Authenticode,

Adobe Air, Apple, Mozilla & Netscape objects, Java, MS

Office & VBA.

Adobe CDS Digital IDs

What is CDS?

Certified Document Services (CDS) is the first digital signing

solution that allows authors to create Adobe® PDF files that

automatically certify to the recipient that the author's

identity has been verified by a trusted organization.

Authors of PDFs add digital Certifying Signatures and

Approval Signatures to documents they distribute over the

Internet. The process is the virtual equivalent to sealing a

document and adding wet-ink signatures and assures the


Page 8


recipient that the document is authentic, comes from a

verified source, and the contents have not been tampered

with since being published.

GlobalSign CDS Certificates

GlobalSign is an authorized participant in Adobe's Certified

Document Services (CDS) program and operates under a

stringent set of policies and standards developed by Adobe

and audited by WebTrust to allow GlobalSign to issue

Adobe recognized CDS Certificates, branded as PDF Signing

Digital IDs.

The GlobalSign digital certificates are chained to the Adobe

Root Authority and hence are instantly validated when the

recipient opens the document using a free Adobe reader,

displaying the “Certified Document Blue Bar”.


Enables PDF security

No plug-ins or extra software needed

Desktop- or Server-based

RFC 3161 compliant

Certification Signatures

Approval Signatures

True multilingual support

WebTrust accredited

Email Security

What is Email Security?

GlobalSign Email Security solutions allow the owner of a

digital certificate to digitally sign and encrypt email (using

standards based S/MIME) - proving legitimacy of personal

and company email, making it tamper-proof and keeping it

safe from prying eyes.

Secure Email Digital IDs (branded PersonalSign) allow email

to be used securely by using the Encrypt & Digitally Sign

ribbon buttons already available in all popular email clients

such as Outlook and Mozilla Thunderbird.

Why digitally sign?

Digital signatures allow users to protect their email identity,

by proving the origin of the message and making sure that

the sender is identified as the legitimate sender. Secure

messaging requires digital signatures to be verifiable from a

trusted source such as GlobalSign.

Why encrypt?

Encryption ensures that email remains confidential by

protecting the message and attachments. Only the

intended recipient can 'unlock’ the message (even when

sending it through unsecure networks).


What is Authentication?

Client authentication lets you authenticate users who are

accessing the server by exchanging a client certificate - this

means no more "Anonymous" entries will appear in the

User Activity log of a database when accessed by an

Internet user. The client certificate is authenticated by a

Certification Authority (CA) such as GlobalSign.

How does it work?

The server requests a certificate from the client to verify

that the client is who it claims to be. The certificate must be

a X.509 certificate and signed by a Certificate Authority (CA)

trusted by the server. It can only be used when a server

requests a certificate from a client.


For a positive identification, at least two but preferably all

three factors should be verified:

Ownership factors

Something the user has, e.g. security token

Knowledge factors

Something the user knows, e.g. password

Inherence factors

Something the user is or does, e.g. fingerprints


The goals of a server authentication system depend on the

strength and granularity of authentication desired.

Granularity refers to the fact that some servers identify

individual users throughout a session, while others identify

users only during the first request. A fine-grained system is


Page 9


useful if specific authorization or accountability of a user is

required. A coarse-grained system may be preferred in

situations where partial user anonymity is desired.

Microsoft Document Signing

GlobalSign Digital IDs are cryptographic signing Certificates

that allow the user to digitally sign Microsoft Word

documents, Excel spreadsheets, Powerpoint Presentations

and VBA macros. A signed document/spreadsheet/PPT file

carries the signer's identity and assures the reader of its

integrity, giving higher trust levels than standard


A digitally signed document confirms authorship and origin

and alerts recipients to any unauthorized changes. It is

suitable for use with all versions of Microsoft Office.

PersonalSign Digital IDs

What is Personal Sign?

Digital IDs protect data integrity and provide assurances of

authorship and origin to recipients.


Full range of certificates available, with varying vetting

levels to suit organizations’ specific needs

Cost-effective - Secure an unlimited number of

emails/documents with a single Digital ID

Instantly Trusted and Verified signatures in most

popular applications via ubiquitous digital credentials.

All certificates are issued from the well-established

2048 GlobalSign Root CA.

Meet company security policy and regulatory

compliance. The digital IDs provide assurances of origin,

integrity and non-repudiation.

Trust levels

GlobalSign offers a full range of PersonalSign Certificates

(Digital IDs issued to people or departments) with varying

trust levels to suit the specific requirements of your

customer base.

Digital ID Customer Profile

PersonalSign 1 Entry level Digital ID for

individuals who do not require

identity assurance

PersonalSign 2 Digital ID for individuals who

wish to prove their identity

PersonalSign 2 Pro Used for individuals

representing organizations, as

both the individual’s identity

and the company existence are


PersonalSign 2


Used for departmental

"identities" (such as Marketing

or Legal) within an


PersonalSign 3 Pro Used for individuals

representing organizations to

authenticate to participating

Government online services.


Page 10


Getting a Fast Return on your


With all new ventures the return on investment must

outweigh the associated costs. With GlobalSign's Reseller

Program there are very few, if any, costs involved, and

many benefits to take advantage of. Partners are assigned

a dedicated account manager, as well as a marketing

support manager, and technical support services are readily

available from our local offices and multilingual teams.

SSL Reseller Models

Pay As You Go (PAYG)

Partners simply use a credit card to purchase each

Certificate that is resold. Discounts are immediate –

ensuring that even without commitment, the best SSL

reseller margins in the industry are achieved.


Partners place a deposit, with the amount placed linked to

the discount rate made available. The deepest discounts are

available via the deposit method. Unlike other SSL

providers, deposits with GlobalSign do not expire and can

be rolled over, year on year.

Unlimited Issuance License

GlobalSign has pioneered the Unlimited Issuance License.

This enables hosting companies to issue an unlimited

number of Certificates for a yearly flat fee. This model has

been very successful with companies mass issuing SSL

Certificates such as LiquidWeb, 123-Reg, Webfusion &


Partner Enablement GlobalSign offers 4 levels of Partnership with associated


Authorized Partners receive instant discounts, a reseller

partner portal (GlobalSign Certificate Center), canned sales

and marketing resources and instant access to technical


Silver, Gold and Platinum Partners receive accelerated

discounts, access to the advanced APIs, control panel plug-

ins, dedicated marketing assistance, varying levels of co-

marketing / co-branding opportunities & feature


Why Partner with GlobalSign? With fantastic margins and increased revenue potential,

this is a simple, but sophisticated reseller program enabling

you to generate new revenue streams, expand your product

portfolio and provide the best digital certificate solutions

available. The program is built around the needs of hosting

companies, VARs and ISPs, fulfilling both technical and

marketing requirements:

The program has an extremely fast return on investment

with the option of no commitment. It also involves minimal

time, effort and resources. But don’t just take our word for

it, ask any of our thousands of hosting partners…

Why Partner

with GlobalSign?

New & Repeat


Highest Margin


The Best Security Service


Dedicated Technical &

Account Support

Scalable Integration / Automation


Free Sales & Marketing Resources


Page 11


“GlobalSign’s CloudSSL & SNI solution will enable us to increase our SSL customer base by at least 55%”.

Munesh Singh, CEO and Founder ZNetLive

The OneClickSSL plug-in for cPanel helps us be more efficcient when installing SSL Certificates. It facilitates the process

tremendously and has differentiated us from the competition.”

Thamer Ale, Director, Neothek

“GlobalSign’s solution perfectly fits the requirements of a cloud deployment. CloudSSL allows us to secure a very large number of

customer domains on a single IP address, so we can increase security whilst keeping costs down.”

Andrew Lee, Founder, Firebase

”We chose GlobalSign based on reliability, cost and overall ROI. Our customers

have increasing security concerns which prompted us to find a provider who could

offer the most reliable and cost effective SSL security solution.”

Travis Stoliker, Marketing Director, Liquidweb


Page 12


INQUIRE ABOUT GLOBALSIGN’S SECURITY SOLUTIONS To join now, or for further information about becoming a GlobalSign Partner visit our web site at


ABOUT GLOBALSIGN GlobalSign, founded in 1996, is a provider of identity services for the Internet of Everything (IoE),

mediating trust to enable safe commerce, communications, content delivery and community

interactions for billions of online transactions occurring around the world at every moment.

Its identity and access management portfolio includes access control, single sign-on (SSO),

federation and delegation services to help organizations and service providers create new

business models for customer and partner interactions.

GlobalSign’s core digital certificate solutions allow its thousands of authenticated customers to

conduct SSL secured transactions, data transfer, distribution of tamper-proof code, and protection

of online identities for secure email and access control.

GlobalSign’s solutions are designed to address the massive scalability demanded by the emerging

$14.4 trillion IoE market, where the ability to make secure networked connections among people,

processes, data and things, will require that every “thing” have a trusted identity that can be

managed. The company has offices in the U.S., Europe and throughout Asia

Accredited to the highest standards

As a WebTrust accredited public Certificate Authority, and member of the Online Trust Alliance,

CAB Forum and Anti-Phishing Working Group, our core solutions allow our thousands of

enterprise customers to conduct secure online transactions and data submission, and provide

tamper-proof distributable code as well as being able to bind identities to Digital Certificates for

S/MIME email encryption and remote two factor authentication, such as SSL VPNs.

GlobalSign US & Canada

Tel: 1-877-775-4562


[email protected]

GlobalSign EU

Tel: +32 16 891900


[email protected]

GlobalSign UK

Tel: +44 1622 766766


[email protected]

GlobalSign FR

Tel: +33 9 75 18 32 00


[email protected]

GlobalSign DE

Tel: +49 800 7237980


[email protected]

GlobalSign NL

Tel: +31 20 8908021


[email protected]