1. /
  2. SSL Resources

Key Services and Features
Optimize your website for security and trust.

Symantec Website Security Solutions takes SSL protection and trust to whole new level by allowing companies and customers to engage in communication and commerce online with confidence.

Vulnerability Assessment FAQ

What is a website vulnerability?

A vulnerability is a potential entry point through which a website’s functionality or data can be damaged, downloaded, or manipulated. A typical website (even the simplest blog) may have thousands of potential vulnerabilities.

What is vulnerability assessment?

Free with the purchase of every Extended Validation or Pro SSL Certificate (compare SSL Certificates), vulnerability assessment helps you quickly identify and take action against the most exploitable weaknesses on your website. Vulnerability assessment includes:
  • An automatic weekly scan for vulnerabilities on public-facing web pages, web-based applications, server software, and network ports.
  • An actionable report that identifies both critical vulnerabilities that should be investigated immediately and informational items that pose a lower risk.
  • An option to rescan your website to help confirm that vulnerabilities have been fixed.

How do Symantec SSL Certificates help keep my site visitors safe?

  • SSL encryption protects online transactions and keeps data confidential in transmission.
  • Vulnerability assessment identifies weaknesses on your website that are most commonly used for attack.
  • Malware scanning alerts you if your website is infected with malicious software.
The combination of SSL encryption, vulnerability assessment, and website malware scanning helps you provide site visitors with a safer online experience and extend security beyond https on your public-facing web pages.

How does Symantec help me avoid being blacklisted by search engines?

Google, Yahoo, Bing, and other search engines scan and then blacklist or exclude any website found with malware. By using vulnerability assessment to identify exploitable weaknesses and taking corrective action, you may reduce the risk of hackers finding your site and attacking it. With daily website malware scanning, you have an early warning system if an attack occurs. Symantec includes both services for free with every Extended Validation or Pro SSL Certificate (compare SSL Certificates). Daily website malware scanning is included with every Secure Site SSL Certificate.

How do vulnerability assessments help companies manage security?

The Symantec vulnerability scan is designed to detect the entry points most frequently used for the most common attacks. The vulnerability report categorizes vulnerabilities based on type and risk and proposes corrective actions. This combination helps businesses quickly identify and remediate critical vulnerabilities, making it easier to secure your website. Vulnerability scans that have not been fine-tuned may generate volumes of unneeded data about low priority vulnerabilities, obscuring the essential security measures that need to be taken immediately.

What are the most common types of attack?

SQL injection is used by hackers to gain access to your database. Cross-site scripting lets a hacker add code to your website to execute tasks. A few simple steps can protect against these common attacks if you know where the weaknesses are on your website.

Does the Norton Secured Seal change when vulnerabilities are detected?

No. A detected vulnerability does not affect the appearance of your trust mark. Vulnerabilities are not threats, they are entry points that may be exploited. By not connecting your seal to vulnerability scanning results, we help you maintain trust in your website and allow you to fix vulnerabilities on your own schedule.

What if I already have vulnerability scanning?

Vulnerability assessment does not replace PCI-compliant vulnerability scans. The service complements existing protection with an automatic weekly scan and an easy-to-read report of the most critical vulnerabilities. Free with your SSL certificate, vulnerability assessment can be combined with other scans to provide additional information to help decide how to take action.

Can I customize my scan?

Vulnerability assessment is designed to provide essential information without complex setup or extensive management. You may change notifications and activate or deactivate starting points if you have multiple SSL certificates with different fully qualified domain names.

Which SSL certificates include vulnerability assessment?

Vulnerability assessment is included with Symantec Secure Site Pro with EV, Secure Site with EV, and Secure Site Pro SSL Certificates. Existing customers may activate vulnerability assessment for any of these SSL certificates by signing in to the Symantec Trust Center. New customers may activate the service after they complete their purchase.
Symantec Secure Site SSL Certificates do not include vulnerability assessment and it is not available for individual purchase. To add vulnerability assessment to your service, consider an upgrade.

From which IP addresses does the Vulnerability Assessment Service scan?

The Vulnerability Assessment Service can create multiple entries in your website's logs, and could cause issues with other software like intrusion detection systems. For this reason, you might want to create filters that allow access. View a list of IP addresses and server names our vulnerability scan is using.

Malware Scanning FAQ

What is malware?

Malware is short for malicious software and also known as malicious code. Hackers exploit security weaknesses on your server to gain access to your website and install malicious code. They use your website to spread viruses, hijack computers, and steal sensitive data such as credit card numbers or other personal information. Malware code is not easily detected and may infect your customers’ computers when they visit your website.

How can I prevent my site from becoming a target for malware?

A typical website (even the simplest blog) may have thousands of potential vulnerabilities. By using vulnerability assessment to identify the most critical vulnerabilities for correction, you may reduce the risk of hackers finding your site and attacking it. Symantec SSL Certificates include daily scans for website malware and automatic weekly scans that look for vulnerabilities that hackers most commonly exploit. (Compare SSL Certificates for details).

How do I know if my website is free of malware?

Malicious code is hidden in the source code of your website and can be difficult to detect without line-by-line analysis. Some malware is activated by the display of a page and may not be detected without behavioral analysis of your code using a browser simulator. When you protect your website with a Symantec SSL Certificate, we include a free daily malware scanning service for your public web pages. If malware is detected, you will be directed to a list of infected pages and notified of the code causing the problem. Once you have deleted all instances of the code, you can request that your site be rescanned within 24 hours.

What does the service scan?

The daily website malware scanning service scans the website code located at the hostname used in the SSL certificate, including javascript and iframes. The service completes a static analysis of website code as well as behavioral analysis through a browser simulation to find code that may be activated by display of a page. The service does not scan every web page on your website, but reviews an optimal number of pages to identify malicious activity. It does not scan your network or search for malware on internal desktop computers or scan attachments or internal web pages that require sign-in.

What happens if malware is detected on my website?

If malware is discovered, you receive an email alert warning you of the malware infection with instructions to access the scan results within your Symantec Trust Center account or your Symantec Managed PKI for SSL console. The Website Security Services tab shows a list of infected pages and the code causing the problem. You or your website administrator can find and delete all instances of the malware and request that your site be rescanned within 24 hours.

When does the scanning service begin?

The website malware scanning service is activated automatically when your business has been authenticated. There is nothing to download or install for you or your customers. If you decide that you do not want your website protected by a daily website malware scan, simply sign in to the Symantec Trust Center or Symantec Managed PKI for SSL console to deactivate scanning.

Do I have to activate malware scanning for every SSL certificate?

Scanning occurs by hostname. You may have many servers, each one secured by a unique SSL certificate and all of them providing content to a single hostname. The scan is of the html pages located at the hostname, not the servers themselves. As long as you have one active SSL certificate with the hostname, malware scanning is activated. If you decide that you do not want your website protected by a daily malware scan, simply sign-in to the Symantec Trust Center or Symantec Managed PKI for SSL console to deactivate scanning of the hostname.

Can I customize the website malware scan?

Malware scanning may be turned on or off by signing in to your Symantec Trust Center account and clicking the Malware tab or signing into your Symantec Managed PKI for SSL console. Specific pages or sections of your website cannot be targeted.

Does this replace my enterprise scanning solution?

No. Symantec's website malware scan is designed to provide additional assurance to business owners and their customers that the site is regularly checked for malicious code. Traditional anti-malware software focuses on the end point: the desktop. Most enterprise scanning solutions are designed to protect employees from downloading or installing malware rather than protecting the company’s website from distributing malware.

What does blacklisted mean?

Because of the potential damage caused by malware, Google, Yahoo, Bing, and other search engines scan and then blacklist or exclude any site found with malware. If your site is blacklisted, it may be blocked entirely or flagged with a security alert to discourage click through. In addition, anti-virus plug-ins to popular browsers can detect malware and block access to infected sites.

How can I protect my site from malware?

Like most thieves, malware hackers look for easy targets—such as a website where malware will go undetected for as long as possible. Posting the Norton Secured Seal on your website is like posting an alarm security sign in your front window. It shows hackers that your site is scanned daily to detect malware.

Norton Secured Seal FAQ

What does it mean to see the Norton Secured Seal?

The presence of the Norton Secured Seal means that the website has purchased Symantec Secure Site, Secure Site Pro, Symantec Safe Site, or Managed PKI for SSL. If the site URL contains HTTPS, it means that information shared between the user and the website is encrypted in transit through the use of SSL. When users click the Norton Secured Seal, a verification page opens containing information about your organization, the status of your malware scan, and SSL Certificate details (if you are an SSL customer).

What are the benefits of posting the Seal?

The Norton Secured Seal is viewed over half a billion times per day on websites in 170 countries as well as in search results on enabled browsers as well as partner shopping sites and product review pages. When shown the Norton Secured Seal in testing, 77% of consumers recognized the seal, more than our competitors’ trust marks. In a U.S. consumer study, 90% of respondents will not continue a transaction if they see a browser warning page, indicating the absence of a secure connection. In another study, 56% of respondents go to a competitor's website to complete their purchase and only 11% try the first website again in response to a security warning.
In an international online consumer study, 85% of respondents are likely to continue an online purchase when they view the Norton™ Secured Seal during the checkout process, more than other seals or no seal displayed. Another study conducted by the Baymard Institute indicated that people trust the Norton Secured Seal more than any other trust mark.

How do I add the Norton Secured Seal to my website?

The steps are easy: In order to install the Norton Secured Seal, you will need to know the fully qualified domain name used to purchase the SSL Certificate or Symantec Safe Site. You must also be able to update the HTML of the pages where the seal will be added. To complete your installation, follow these steps.
  • Begin the installation process.
  • Customize your seal. You’ll be asked a series of questions, beginning with your preferred language.
  • Select the size of the seal display. In order to determine which size best suits the design of your site, make sure to consult your web developer and your marketing team. Some Symantec customers prefer their seal to occupy a relatively small amount of real estate, while others want to spotlight the security of their site as prominently as possible.
  • Select the display format—either Flash or static image.(Flash available for S, M, L sizes). Flash can often be more eye-catching, keep in mind that not all users have installed Flash plug-ins for their browsers.
  • After installation, don’t forget to check your seal. The Norton Secured Seal should display within 24 hours of installation, and often will display within just a few hours.
  • To check your seal, open the updated pages in a browser. Make sure that the seal appears as expected. Click the seal to check the verification page, and review the information to make sure it is correct.

Can I customize the Norton Secured Seal?

To maintain the value of trust in the seal and to comply with the terms and conditions of the license agreement, you should not modify the seal in any way.To maintain the value of trust in the seal and to comply with the terms and conditions of the license agreement, you should not modify the seal in any way. However there are varieties in size and composition of the Seal. It is available:
  • In four sizes: x-small (80x40p),small (100x72p), medium (115x82p) and large (130x88p)
  • In 13 languages
  • As an animated graphic (Flash for S, M, L only)
  • As a static image (GIF)

What is the difference between the EV green address bar, the padlock, and the Norton Secured Seal?

All Extended Validation (EV) certificates will turn the browser’s address bar (or elements of it) green. Previously, SSL certificates enabled a padlock icon in or near the address bar, but major browsers are moving away from the practice of displaying the padlock. As a result, the only two sure-fire trust indicators in current browsers are the green address bar, enabled by EV certificates, and the Norton Secured Seal.See an example of how the green bar looks in various browsers. See how EV appears in your browser

Can the Norton Secured Seal help increase traffic from search engines?

One of your biggest challenges as an online business is standing out in search so that potential visitors click on your link. The Norton Secured Seal is displayed through Symantec Seal-in-Search, a feature that automatically displays the Norton Secured Seal next to your link in search results on enabled browsers. Norton Safe Web now displays the Norton Secured Seal next to website links protected by Symantec SSL Certificates. Additionally, the Norton Secured Seal demonstrates that you have passed a daily website malware scan which helps mitigate the risk of becoming blacklisted by search engines or blocked by anti-virus browser plug-ins that detect malware.

How is Seal-in-Search related to posting the Norton Secured Seal, and where do people go to enable it?

Symantec SSL customers benefit from automatic presence of Seal-in-Search for domains which Symantec has vetted. The Norton Secured seal shows up next to secured domain search results in Google, Yahoo! and Bing, enabled for millions of users of Norton 360, Norton Internet Security, Norton SafeWeb, Symantec SafeSite, and AVG LinkScanner. Norton SafeWeb Lite is available for FREE at http://safeweb.norton.com

How soon will the Norton Secured Seal display on my site?

Installing the Norton Secured Seal takes just a few minutes. Once the pages are published, your SSL Certificate has been authenticated, and your website has passed a malware scan, the seal may take up to 2 hours to display. If this is the first time you've installed the seal using a particular common name, please allow up to 24 hours for the seal to display.

Why isn't there a time and date stamp or organization name on the Norton Secured Seal?

Symantec conducted extensive market testing of trust marks with close to 1,000 participants across four continents. We determined that website visitors prefer a clean, simple seal design with maximum recognition. Date, time, organization name, and additional trust and security information appear on the seal's verification page.

It's been over 24 hours and my Seal isn't showing up on my web page. What do I do?

Our knowledge base includes a FAQ for handling common implementation issues. Support can also assist via email at: via email

What should I do if I discover misuse of a seal?

Symantec actively monitors for misuse of seals. If you encounter a seal that is used incorrectly, please report it to Symantec via the Report Seal Misuse form. Misuse might include:
  • A site that does not employ an appropriate Symantec security solution
  • Mismatched information on the seal's verification page
  • Missing information pop-up when the seal is clicked
  • A modified seal
  • A seal used in phishing or illegal activities
Note: Symantec is not responsible for content on a website on which a Norton Secured Seal is displayed.

Express Renewal and Automatic Renewal Service

Would you like to install an SSL certificate on your server and not have to worry about renewals and expirations? If your certificate expires or if your replacement certificate is installed incorrectly, the impact to your business can be huge. With Symantec SSL Certificates, you can now automate one of the most time consuming but critical parts of SSL certificate management: the renewal process

Automated Certificate Renewal

Automate certificate renewals through a combination of Express Renewal and the Automatic Renewal Service (AutoRenewal). When you opt-in to these two features, your entire renewal process from enrollment through payment can be completely automated for up to four years*
With Express Renewal, you won't need to generate a new CSR and you won't need to re-install your SSL certificate when it's time to renew.* Activate AutoRenewal and you won't even have to remember to pay for the renewal – we'll do it for you!

How Express Renewal Works

  • You must submit a minimum 2048-bit CSR to qualify for Express Renewal.
  • You select the type of certificate you need and the validity period.
  • Your certificate is valid for the length of your payment term (1-year, 2-year or 3-year). For example, if your payment term is for two years, you can renew your 2-year payment term certificate twice, to give you six years of express renewals.
  • When it's time to renew your certificate, all you need to do is pay for a new validity period (1-year, 2-year or 3-year payment term). You won't need to generate a new CSR and you won't need to re-install your certificate for up to four years for Secure Site and Secure Site Pro; and for up to two years for Extended Validation Certificates.

How the Automatic Renewal Service Works

To automate the renewal process even further, activate AutoRenewal during your initial enrollment. You can also activate AutoRenewal within your Symantec Trust Center account at any time.
  • We will automatically renew your certificate(s) for the same validity period that you selected today, at the prices in effect at the time of renewal (plus applicable taxes).
  • AutoRenewal requires that you pay using a credit or debit card stored on file.
  • We will charge your credit or debit card and we will notify you before we charge you. You will not need to do anything to make payment.
  • You may cancel at any time through your Trust Center account.

The only truly automated renewal process available today

Spend more time on important business initiatives and less time on SSL certificate management by eliminating the old-fashioned manual process of certificate renewals. Get Express Renewal with AutoRenewal. All certificates with a 2048-bit CSR that are issued after February 10, 2010 include Express Renewal and AutoRenewal capabilities.
*Express Renewal may be automated for up to 4 years for Symantec Secure Site and Secure Site Pro SSL Certificates. These products will need a new CSR and will need to be re-installed every 4 years. Express Renewal for Symantec Extended Validation SSL Certificates may be automated for up to 2 years. Extended Validation Certificates will need a new CSR and will need to be re-installed every 2 years to comply with mandatory industry standards.

Contact Sales

Trust Center Sign In
Compare Symantec SSL Certificates
Simplify Certificate Management
SSL Certificate Management Video