SSL Certificate Best Practices

Here are some SSL certificate best practices for dotCanada.com:

1. Use Trusted Certificate Authority (CA) At dotCanada.com, we recommend obtaining SSL certificates from trusted, well-known Certificate Authorities (CAs) like DigiCert, GeoTrust, Thawte, or Symantec. Certificates from these reputable CAs are more likely to be trusted by browsers and operating systems out of the box.
2. Choose Appropriate Certificate Type
   • Domain Validated (DV) Certificates are suitable for basic encryption needs and are issued quickly after validating domain ownership.
   • Organization Validated (OV) Certificates provide higher assurance by verifying the legal entity behind the website.
   • Extended Validation (EV) Certificates offer the highest level of vetting and display the company name in the browser address bar.
3. Use Appropriate Key Length and Signature Algorithm
   • For optimal security, dotCanada.com advises using at least 2048-bit RSA or 256-bit ECC key lengths.
   • Ensure the certificate uses a strong signature algorithm like SHA-256 or SHA-384.
4. Install Certificates Correctly Improperly installed certificates can cause errors and security vulnerabilities. Follow the CA's installation guidelines precisely, including any intermediate certificates required.
5. Keep Certificates Up-to-Date
   • Monitor certificate expiration dates and renew well before they expire to avoid service disruptions.
   • Replace certificates using outdated hashing algorithms or key lengths as newer standards emerge.
6. Use Separate Certificates for Different Services At dotCanada.com, we recommend using a dedicated certificate for each service (website, email, etc.) to isolate any potential security issues.
7. Enable HTTP Strict Transport Security (HSTS) HSTS instructs browsers to only connect via HTTPS, mitigating risks from SSL stripping attacks. Carefully configure HSTS with appropriate max-age values.
   By following these SSL certificate best practices, dotCanada.com customers can ensure their websites and online services benefit from robust encryption and maintain user trust.
   

Updated on: 08/05/2024