It's about to get a whole lot easier to deploy encryption across the web. Comodo and cPanel announced, on December 8, a new partnership to enable an AutoSSL feature that provides free SSL/TLS encryption certificates to cPanel's hosting customers.
While the AutoSSL partnership is officially being announced now, cPanel has already deployed it as part of a phased-in rollout process, issuing 5.8 million free certificates in November alone. According to cPanel, it helps to manage 72 million active domains though its web hosting control panel technology. That means there are potentially 66 million more domains that could benefit from free encryption certificates in the coming weeks.
Secure Socket Layer/Transport Layer Security (SSL/TLS) certificates help to enable encrypted data transfer across the web. Since the beginning of the web era, the small padlock icon in web browsers indicates if a site is secured with SSL/TLS. Until fairly recently, SSL/TLS deployment was a somewhat complicated process that also typically involved cost. The cPanel AutoSSL effort is a bid to make it as easy as possible to deploy SSL/TLS certificates, issued by a Certificate Authority, without cost.
"We started a partnership with Comodo about three years ago with the intent of offering commercial SSL certificates," Aaron Phillips, Chief Business Officer at cPanel told eWEEK. "As we walked through the partnership, we made a directional decision to provide free Domain Validated (DV) certificates."
Comodo is a SSL/TLS Certificate Authority (CA) and security vendor and sees the partnership with cPanel as being very strategic. Michael Fowler, Comodo CA president, commented that his company's goal is to help get as many websites secured as possible and the cPanel partnership is an important step in that direction. Fowler noted that cPanel is very well positioned in the hosting market to be able to push encryption certificates to help end-users.
"From Comodo's standpoint, our whole philosophy is to help enable trust online," Fowler told eWEEK. "So we felt it necessary to take on the cost of deploying the domain validated (DV) certificates."
There are multiple classes of SSL/TLS certificates, with varying degrees of validation checks to help guarantee the authenticity of a given domain. A Domain Validated (DV) certificate is validated against a domain registry and does not specifically identify or validate the organization using the certificate. An Organization Validated (OV) certificate in contrast identifies the organization and validates the identity against a business registry. An Extended Validation (EV) provides the highest level of validation for an organization and involves a comprehensive vetting process. Fowler said that Comodo is also working with cPanel to help provide OV and EV certificates in the future as well, which would be paid commercial products.
The DV certificates provided with the cPanel AutoSSL feature are 90-day certificates and then are automatically renewed when they expire.
"Once a DV certificate is installed on a website, it's a hands-off update for the website owner, with cPanel and Comodo handling the automatic renewal process," Phillips said.
Comodo isn't the only certificate authority that provides free DV certificates. The Let's Encrypt effort, which got started in November 2014, has helped to deliver millions of free certificates. In a video interview with eWEEK earlier this year, Josh Aas, leader of Let's Encrypt said his group's goal is to get certificates to everyone on the web.
For cPanel's AutoSSL, Philip said that free Let's Encrypt certificates are also an option for hosting providers, in addition to the Comodo certificates.
"Comodo is the one that is most visible to cPanel users," Phillips said. "Using the exact same framework that we built for Comodo, we have a Let's Encrypt plugin for hosting providers, which is something they were asking for, so we have provided that option."
Phillips noted that in the initial rollout of the AutoSSL feature, there was tremendous demand from hosting providers. He added that Comodo worked with cPanel to scale up the infrastructure and capacity required to rapidly deploy SSL/TLS certificates. Fowler explained that with AutoSSL, as soon as a web host makes the decision to enable it, every single domain that is on the specific server or cPanel installation, requests a certificate.
"So as soon as the web host clicks enable for AutoSSL, we get a huge influx of orders," Fowler said.
Overall, Fowler said that Comodo is taking multiple steps to help make sure that the certificates it issues are high-quality, and not being used for malicious purposes.
"We pass all of the orders through Google's anti-malware and anti-phishing technology and if anyone comes up as a malware or phishing site, then we don't issue the certificate," Fowler said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist