Browser Compatibility and its Importance for SSL certificates

Understand why Browser compatibility should be your primary criteria while purchasing an SSL certificate

An SSL certificate is used to create an encrypted link between web server and web browser. This link ensures that all the data passed between the web-server and web-browser remains private and secure. It has become an integral part of internet security. But, for an SSL certificate to work perfectly in sync with a website, there are several important features involved. Here we are going to discuss one such significant aspect called ‘Browser Compatibility‘ or ‘Browser Recognition’. Both these terms indicate the ‘percentage of browsers recognizing the certificate authority’s (CA’s) certificate.

As we already know, SSL certificate requires a web-server and web-browser to work together in a synchronized manner for establishing an ‘encrypted’ channel. This channel formed between the server-browser is used for secure exchange of the information. Seamless trust between a browser and server depends on the web-browser’s ability to trust the provider of the SSL certificate. To understand the importance of browsers’ compatibility, we must first understand the browsers’ role during the interaction with any web-server.

SERVER-BROWSER CONNECT

• The web-browser attempts to connect to a server which is secured by an SSL certificate. After the initial contact, the browser requests identification before moving any further.
• As a response to the request made by the browser, the web-server sends across a copy of its SSL Certificate.
• Browser checks whether it trusts the SSL certificate sent by the server.
• If the browser trusts the sent SSL certificate, it replies to the server by sending a message.
• A digitally signed acknowledgment to start SSL session is sent by the web-server.
• The encrypted data is then shared between the web-server and web-browser.

Now that we know what role a ‘web-browser’ plays in the process of SSL encryption, we can move on to find out why ‘browser compatibility’ is important in case of SSL certificates.

What is Browser Compatibility?

Browser Compatibility is often referred to as ‘Browser recognition’ or ‘Browser ubiquity’ and is used to describe the estimated percentage of browsers that would fundamentally trust an SSL certificate used by the server.

Browser vendors like Microsoft etc, add ‘root CA certificates into the releases of all the major browsers such as Internet Explorer, Netscape, Firefox, Safari and Opera etc. ‘Root CA certificates’ are the certificates issued by the CAs to them for creating a defined relationship between two CAs. Now, when such browser is used, it, by default, relies on the ‘list’ of such root CA certificates which the browser vendor has considered as trustworthy. An SSL certificate, when issued by one such trusted root CAs, the browser will inherently trust the SSL certificate to carry out a secure online session.

Web-browsers are known to store the CA roots which they trust. So, when such browser encounters a website using an SSL certificate which is issued by a CA root it doesn’t trust, the browser displays a warning message to the website users. Lower browser compatibility would lead to less number of people trusting the certificate. And this matters a lot in case of e-commerce websites, where the success of the site depends on the trust people have in an SSL certificate. For such commercial sites, any SSL certificate with browser compatibility more than 90% is acceptable.

Importance of Browser Compatibility

“99.9% compatible and trusted by all the major browsers”; we see this SSL-characteristic highlighted by almost all the commercial SSL vendors on their list of ‘Features & Benefits’. The reason behind the emphasis is the sheer importance of the certificate having high browser and mobile device compatibility.

It is actually the browser that determines whether to trust the SSL certificate by checking the source of certificate issuance. The criterion is: if browser trusts the CA issuing the SSL certificate, the browser extends that trust to the website for the site-visitors to see. In case the certificate is self-signed or is issued by an unknown CA, the browser displays an alert window that warns the visitors against proceeding, as shown in the image given below:

The  symbol in the warning window implies that the SSL certificate has been issued by a CA which the browser doesn’t trust or is not compatible with anymore. Such warnings tend to intimidate the visitors from even surfing the site, let alone carry out any financial transaction on that site. Paying heed to this, a lot of certificate-users has started to upgrade their old browsers so as to get rid of such warning windows popping on their customers’ screens. Abandoned shopping carts, reduction in traffic, financial loss etc, are the few scenarios that shall inevitably follow the ‘incompatibility’ circumstance.