SIGNIFLOW

Discover our signature platform: sign and request signature for your PDFs in a fex clicks!

JOIN OUR AFFILIATE NETWORK

Join our affiliate network
and become a local SSL expert
Learn more about our program

PRODUCTS TO DISCOVER

SSL certificates Invoice signature eIDAS certificates Signature software

Menu
picture of tbs certificates
picture of tbs certificates
Certificates
ALL CERTIFICATES
SSL Extended Validation SSL Standard RGS certificates eIDAS certificates SSL ECC SSL wildcard SSL Multiple sites / SAN Quick and Dirty SSL
Specific certificates VMC certificates
E-signature Strong authentication S/MIME certificates
Test certificates PKI Solutions Trust Seals
SigniFlow: the platform to sign and request signature for your documents
Signature software
Our products range
TBS X509 DigiCert Thawte Sectigo GlobalSign GeoTrust Certigna ChamberSign SigniFlow Harica
Partners
Client login Customer accounts Open an account
Support
FAQ SHA256: Browsers' compatibility ECC: Browsers' compatibility
Focus
Invoices dematerialization
We now provide solutions compliant with RGS** and eIDAS qualified standards for invoices signature and time stamping. Further information


Always on SSL

Online trust


Is it useful to remind it? Trust is essential to any online exchange particularly since the boom of e-commerce.

It is assured by a reliable security and therefore by the use of SSL/TLS protocol.

But the approach is often incomplete. Instead of securing only forms or login pages, one should extend HTTPS to the whole site. That's what Always on SSL is about.

Always On SSL, what is it?


Created by OTA (Online Trust Alliance), Always On SSL is a list of recommendations guarantying the webuser security from the first to the last page of a website. The only real way to achieve it being the extension of the HTTPS security to every page of the website.

Always On SSL is [...] not a product, service, or replacement for your existing SSL certificates, but rather an approach to security that recognizes the need to protect the entirety of a user’s session, not just the login screen.

Extract of the recommendations


  • AVOID MIXED CONTENT

    Mixed content stands for web pages with both secured and unsecured content.

  • EXTEND SSL SECURITY TO EACH PAGES OF THE WEBSITE

    The risk, when only securing log on pages, is to neglect the confidentiality of information contained in cookies such as session data. The latter, easily intercepted by hackers, can give them access to login, password and any other information enabling them to hack your accounts (on social networks for example).



SideJacking: Salvaging information from unsecured cookies.
SSLStrip: Redirection of HTTPS pages to their HTTP counterparts.


  • USE HSTS

    It is a server configuration indicating browsers that the website must be contacted in HTTPS only. It is the safer way to avoid an Man In The Middle (MITM) attack.

Further information


OTA documentation