In order to further increase the security of our services we have now installed an Extended Validation SSL certificate on our main website https://runbox.com.
The certificate is issued by the WebTrust certified certificate authority GlobalSign and verifies that Runbox Solutions AS owns and operates the website and domain name runbox.com.
What is Extended Validation SSL?
The Extended Validation SSL (Secure Sockets Layer) certificate provides the strong encryption included with regular certificates, and additonally validates our company’s identity by showing our company name and country code in green to the left of the browser address bar:
Extended Validation certificates are only issued after rigorous vetting to verify the legal identity and physical presence of the website owner, establish their exclusive control over the domain name, and confirm the identity and authority of the individuals acting for the website owner.
This Extended Validation certificate also covers https://secure.runbox.com and https://www.runbox.com. Other runbox.com subdomains are still using a regular SSL certificate, which has the same encryption level but not the “green bar” identity validation.
…after almost seven years. Nice timing!
Just wanted to check if GlobalSign is a US company and therefore subject to secret court orders to comply with NSA requirements for access? Is there a certificate authority that is European and which we can trust is not in league with GCHQ/NSA?
Thanks
Frederick
GlobalSign is based in Belgium and owned by company in Japan. It cost a lot more than similar certs and the process was difficult, but after researching providers that was the best bet we found to be outside the GCHQ/NSA sphere.