(800) 441-6612    |    +1 (339) 368-5641
LuxSciLuxSci
Secure Email,
Web and Form Solutions
Phone: 800-441-6612
sales@luxsci.com
support@luxsci.com

Do I need to Buy an SSL Certificate to use Secure Email?

Share Post:
More...

Our sales staff have been asked this question countless times.  It is a natural assumption that because SSL and TLS encryption of email (and web sites) requires use of an “SSL certificate“, that one must buy an SSL certificate in order to use such a service.  Fortunately, the answer is always

You do not need to buy your own SSL certificate to use secure email.

We’ll explain why.

How do SSL and TLS work?

At its most basic level, SSL works as follows (TLS works similarly — what is the difference?):

  1. A user connects to a server that supports SSL
  2. The server sends its SSL Certificate back to the user’s computer
  3. The user verifies that the certificate is for the company/domain that it is trying to connect to (the certificate is signed by a trusted third party, like Verisign or Thawte).
  4. If the user trusts the certificate, the user’s computer sends the server a list of encryption methods that it supports
  5. The server picks one that it also supports
  6. The server and the user’s computer communicate henceforth over an encrypted channel using the chosen encryption method.

That is a little technical and terse; for a much more verbose and down to earth overview of how this works, see: How does Secure Socket Layer (SSL or TLS) Work? However, the main point is that the only certificate involved is the one that resides on the server owned by the service provider and which is sent to the user when s/he connects.  Since the user never needs to send his/her own certificate, there is no need to own it.

But without a certificate, how does the server know who I am?

In most cases, when your SSL session is completed, the next step in sending or receiving email is to send your username and password.  The server uses this information to determine your identity and verify your access.  This information is secure and protected by the established SSL security connection.

You do not need your own SSL certificate to establish your identity.

But is not using a client-side SSL certificate more secure than a username and password?

Ah ha! This is the crux of some people’s confusion.

It is indeed possible to have an SSL certificate on your computer and to use this to authenticate yourself with a server, providing that the server supports this kind of authentication.  It can be much more secure than a username and password, as it is tied to your computer and cannot be stolen without physical access to your machine and your account on it.

However, most email services do not support identity authentication via client-side SSL certificates.  This is much more common with secure web sites.  I.e. some OpenID providers, like “myopenid.com“, allow you to authenticate with them using a free client-side SSL certificate. This gives you better security with your OpenID than you get with usernames and passwords.  It also means that you do not have to remember another password … the client-side SSL certificate is your effective “password”.

LuxSci itself does not support use of SSL client-side certificates for any kind of login … though it does support OpenID for WebMail access, and thus supports any kind of excellent authentication accessible in that way.

Ok, when do I need to buy an SSL certificate of my own?

Here is the real question.  As far as LuxSci is concerned, you might need to buy your own SSL certificate in the following cases:

  • You have your own web site and you would like to have some or all of it secured by SSL.  You will then need to get an SSL certificate for your web site’s domain name.
  • You have Private Labeling with LuxSci and wish to use your own domain name in the browser address bar when users are logged in to your branded WebMail securely (i.e., instead of them seeing https://luxsci.com/…).  You would then need an SSL certificate for something like “webmail.yourdomain.com“.
  • You have Private Labeling with LuxSci and wish to use your own domain name in your users’ email clients for their secure IMAP, POP, or SMTP connections to your email server (i.e., instead of them using something like “secure-email.luxsci.com“).  You would then need an SSL certificate for something like “mail.yourdomain.com“.

LuxSci can purchase these SSL certificates for you through its partner, Thawte; or, you can buy them yourself and provide them to LuxSci (let us generate the CSRs  — certificate signing requests — for you to make things easier, however).  Its up to you which way to go; however, if we buy the certificate for you, a lot of leg work will be taken care of on your behalf and we will ensure that the certificate doesn’t expire without your permission. Read more as to why.

Share:
More...

One Response to “Do I need to Buy an SSL Certificate to use Secure Email?”

  1. How Does Secure Socket Layer (SSL) Work? | LuxSci FYI Says:

    [...] Do I need to Buy an SSL Certificate to use Secure Email? [...]

Leave a Comment

You must be logged in to post a comment.

Security Certifications TRUSTe EU Safe Harbor Thawte Extended Validation SSL Certificate McAfee Secure Authorize.net Merchant
• Access Anywhere
• Fast and Robust
• Super Secure
• Tons of Features
• Customizable
• Mobile Friendly

Send and receive email from your favorite programs, including:

 Microsoft Outlook
 Mozilla Thunderbird
 Apple Mail
 Windows Mail

... Virtually any program that supports POP, IMAP, or SMTP

Keep your email, contacts, and calendars in sync:

 Apple iPhone and iPad
 Android Devices
 BlackBerry
 Windows Phone

... Any device with Exchange ActiveSync (EAS) support

Relay your server's mail through LuxSci via smarthost:

• Resolve issues with ISP sending limits and restrictions
• Improve deliverability with better IP reputation and IP masking
• Take advantage of Email Archival and HIPAA Compliance
• Even setup smarthosting from Google Apps!

Free web site hosting with any email account:

• Start with up to 10 web sites and MySQL databases
• DNS services for one domain included
• Tons of features and fully HIPAA capable

LuxSci's focus on security and privacy:

• Read The Case for Email Security
• Read Mitigating Security & Privacy Threats
• Review our Privacy Policy

The most accurate, flexible, and trusted filters in the business:

• Premium protection with Intel Security Saas
• Realtime virus database guards against the latest threats
• Seven-day quarantine lets you put eyes on every filtered email
• Supplement with our Basic Spam Filter for even more features

End-to-end secure email encryption — to anyone, from anyone:

• No setup required — encryption is automatic and easy to use
• Secure outbound email with TLS, PGP, S/MIME, or Escrow
• Free inbound encryption via our SecureSend portal
• Independent of your recipient's level of email security
• Widely compatible and fully HIPAA Compliant

Add an extra layer of security with an SSL Certificate:

• Secure your web site
• Debrand LuxSci WebMail with your own secure domain
• Access secure email services via your own secure domain

Encrypt your service traffic via secure tunnel:

• Add another layer of security to your SSL connections
• WebMail, POP, IMAP, SMTP, web/database access
• SecureForm posts, SecureLine Escrow, SecureSend access
• Restrict your account to VPN access only

Secure long-term message archival:

• Immutable, tamperproof email retention with audit trails
• No system requirements — minimal setup, even less upkeep
• Realtime archival of all inbound and outbound messages
• Works anywhere — even with non-LuxSci email hosting

Free data backups included with all email hosting accounts:

• Automatic backups of all email, WebAides, web/database data
• Seven daily backups and up to four weekly backups
• Unlimited restores included at no additional cost
• Custom backup schedules for dedicated servers

Automate your email management:

• Save messages to specific folders or to LuxSci WebAides
• Advanced text scanning with regular expressions
• Tag messages, alter subject lines, or add custom headers
• Filter by message charset, type, TLS status, DKIM status
• Chain filters together for even more complex actions

• Bulk add and edit users, aliases and more
• Control sharing and access globally or on a granular level
• Delegate user roles through permissions
• Configure account-wide taglines, sending restrictions, and more
• Remotely administer account via SOAP API

Share, collaborate, organize, synchronize:

• Calendars, Contacts, Documents, Notes, Widgets, Workspaces
• Fine-grained access control and security
• Access anywhere via secure web portal or smartphone
• Save over solutions like Microsoft Exchange

Free folder sharing for all email hosting accounts:

• Share mail folders with other users in your account
• Subscribe to only the folders you want to see
• Set read-only or read-write access control
• View all personal and shared folders via unified web interface

Color code and label your email messages:

• Define and assign multiple IMAP keywords to each message
• Filter, search, and sort by tags
• Compatible and synchronizes with any IMAP email client
• Also usable with WebAide entries