Yet both Microsoft and Netscape (and other browser vendors) have a policy of only issuing SSL Certificate to validated entities so consumers now expect such website identity assurances.Market education through the consumer press and industry bodies has also added to people's perception of the SSL padlock as indicating a Secure and Authentic Site.Such warnings are undesirable for commercial sites - they will drive away customers.In order to avoid such warnings the SSL Certificate must be issued by a "trusted certifying authority" - trusted third party Certification Authorities that utilize their trusted position to make available "trusted" SSL Certificate. Browsers and Operating Systems come with a pre-installed list of trusted Certification Authorities, known as the Trusted Root CA store.SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.In order to be able to generate an SSL link, a web server requires an SSL Certificate. SSL Certificate can be issued by anybody using freely available software such as Open SSL or Microsoft's Certificate Services manager.
Several attacks can be run against a Web application that insert malformed data — often, too much at once — which can confuse, crash, or make the Web application divulge too much information to the attacker.
As Microsoft and Netscape provide the major operating systems and browsers, they have elected whether to include the Certification Authority into the Trusted Root CA store, thereby giving trusted status.
Microsoft and Netscape determine which organizations are Certification Authorities.
Web applications are notorious for taking practically any type of input, assuming that it's valid, and processing it further.
Not validating input is one of the greatest mistakes that Web-application developers can make.
Such SSL Certificates are known as "self-signed" Certificates.