Types of SSL Certificates
Choosing the best type of SSL for your website can be a minefield, especially if you’re not exactly sure what an SSL certificate does, let alone the differences between each type. If you’re not especially tech-savvy, this can add to the ordeal if you don’t know what any of the jargon means. If you want to find out about the different SSL certificate types in plain English, you’ve come to the right place.
Before we get into the ins and outs of the different types, here’s a quick primer on what an SSL certificate is and why your site should have one. (If you’re already well aware, click here to skip to the good stuff!)
SSL is short for Security Sockets Layer. SSL is a type of technology that encrypts (renders unreadable) data that is transferred between users and a website. It ensures that malicious third parties can’t intercept your personal information. An SSL certificate is a type of digital certificate displayed in the address bar of your website that informs users that your website has SSL enabled.
Why SSL certificates are important
Apart from the obvious answer that protecting the personal data of your users and customers should be a top priority, the fact of the matter is: Internet users are becoming more security conscious (as they well should be). An SSL certificate is a visual indicator that your website is one Internet users can trust and that they need not worry about their personal information being hijacked for malicious purposes if they use it. This is especially important if your site features facilities for:
- Forms that capture personal data
- Credit card transactions
If you want to earn and maintain the confidence of your site’s users and/or customers, an SSL certificate is an essential assurance that the data they give you is protected.
Furthermore, having an SSL certificate on your site will also positively impact your Google ranking and accessibility on major web browsers. Since calling for “https Everywhere” on the web in 2014, Google’s search engine algorithm gives higher rankings to sites that are secured with SSL. In addition, if your site doesn’t have an SSL certificate, major browsers, including Google Chrome, warn users that the site is insecure and will not let them access it.
The green padlock in the address bar and other ways users identify a secure website
A website with SSL enabled can be recognized in multiple ways in the address bar. First off, it will have the “https” protocol prefix at the beginning of the web address. There will also be a padlock symbol present which can be clicked on to reveal certain information about the site and the individual or organization running it.
Some websites will also have a green section in the address bar, or turn the address bar green entirely (depending on your browser), and will also display a green padlock and the name of the organization running the website. As an example, here is how Namecheap’s web address looks on Google Chrome:
and Mozilla Firefox:
Many certificate authorities (entities that grant SSL certificates) will also give enterprises a site seal to display somewhere on their website. Namecheap’s site seal is located in the footer of each page and looks like this:
This site seal indicates that all transactions made on Namecheap.com are securely encrypted.
A site seal is a good way of visually informing your website users and customers that your site can be trusted, especially if they’re not savvy enough to look for the “https” and padlock symbol in the address bar.
By now we’ve probably convinced you of the importance of getting an SSL certificate for your website. (If you need more convincing, read our articles on what SSL is and why your site needs SSL.) But with so many types to choose from, how do you know which is the correct one for you?
Read on to learn more about the different kinds of SSL certificates.
The different types of security certificates
Before we go any further, it’s time to reveal something about SSL certificates that might just blow your mind: all SSL certificates have the same level of encryption – it’s the level of validation that sets them apart.
Validation level refers to the extent of checks that a Certificate Authority does to verify the identity of a person or organization that owns a website. But what exactly is a certificate authority (CA) and what gives them the <authority to do this?
A CA is a third party organization that is trusted by the CA membership programs of different electronic devices, operating systems, and browsers. A CA must adhere to the criteria of each membership program to become a trusted authority. Commonly used CAs include Comodo (which signs the SSL certificates offered by Namecheap), GlobalSign, and Symantec.
The extent of checks a CA runs to verify you or your organization is dependent on the kind of website you have and the level of validation it requires.
Types of SSL validation
The type of validation you decide to go for will be dependent on the size and scope of your website, as well as the kind of data you will be requesting from your users and/or customers. The three main types of SSL validation are:
- Domain validated certificates (DV SSL)
- Organization validated certificates (OV SSL)
- Extended validated certificates (EV SSL)
Let’s take a look at how each type is validated, how you can recognize it in your web browser, and each of their pros and cons.
- How it’s validated: DV SSL certificates have the lowest level of validation of the three. When issuing DV certs, CAs do not look into information about the identity of a person or company running a website. They simply verify that they have control over the domain that they are looking to get SSL certified.
- What it looks like: The web address will feature “https” and the padlock symbol. When you click on the padlock to view the certificate, the information about website ownership will be limited.
- Pros: DV SSL certs are issued more quickly than the other options due to the less rigorous verification process, which is generally online and automated. Most of the time it is issued on the same day, often in a few minutes. It is the cheapest option of the three, with some CAs offering them for free. This makes it ideal for smaller websites and blogs.
- Cons: As we mentioned before, while the encryption level of a DV SSL is just as effective as the other two, the low level of validation means that website users don’t have much of an idea of who a domain owner actually is. This can impact your site’s trustworthiness and makes it a less than ideal option if you’re running an online store or any kind of site that requires users hand over sensitive information.
- How it’s validated: The background checks and verification process are more intensive for OV SSL certificates. CAs verify the individual or business that own the domain and do some minor vetting.
- What it looks like: In the browser address bar, an OV SSL cert is signified in much the same way as DV SSL – with the “https” prefix and a padlock. However, when you click on the padlock it will display more information about that company that owns the domain, such as name, address, and country.
- Pros: OV SSL certificates are considered more trustworthy than DV SSL since users will know who is behind the website and who they are giving information to. This makes it an ideal option for e-commerce sites.
- Cons: OV certs take longer to issue than DV certs. Verification can take several days. However, it’s more than likely worth it for your customers’ peace of mind.
- How it’s validated: The highest level of SSL certification you can get, when issuing EV certs, CAs do extensive background checks on the domain owning organization, validating its ownership, legal existence, physical location, and more.
- What it looks like: A website with an EV cert will turn part or all of the browser web address bar green. The padlock symbol will also be featured, as well as the organization’s name.
- Pros: With an EV SSL cert, the green bar and clearly displayed organization name will show users and customers that they should have no doubts about your site’s trustworthiness and that you run a legitimate business.
- Cons: An EV SSL cert is very expensive compared to the other options. The extent of the checks means verification can take several weeks.
Self-signed SSL certificates
Another way to secure your site that isn’t recommended is through a self-signed certificate. A self-signed certificate is basically validated by the website owner rather than a CA. While such an SSL cert will have the same level of encryption as the other options, anyone can create one. For your website users, there will be no trusted third-party verification to the tell them that you are who you say you are. Furthermore, most web browsers display a warning message to users trying to access sites secured with this kind of cert. Unless you’re using it for a website that is strictly private, it is recommended that you go with one of the previously mentioned validation certs.
Types of SSL certificates
Another factor that will affect the type of SSL cert you choose is how many domains you need an SSL cert for. Each SSL certificate combines the level of validation we discussed in the previous section with the number of domains you want to protect. The four types of SSL types based on the number of domains are:
- Single-domain SSL certificates
- Wildcard SSL certificates
- Multi-Domain SSL certificates
- Unified Communications SSL Certificate
Single-Domain SSL certificates
With a single-domain SSL certificate, a single domain and all the pages on that domain are protected. All three validation levels – DV, OV, and EV – are available for these kinds of certificates.
Wildcard SSL certificates
With a wildcard SSL certificate, a single domain and unlimited subdomains for that domain are protected. For example, if you have an SSL certificate for “yourwebsite.com”, any subdomains you add, such as “mail.yourwebsite.com” or “login.yourwebsite.com” will automatically be secured. Even if you don’t have any subdomains currently, if you plan on adding any in the future, a wildcard SSL cert will save you money and hassle as you won’t need to keep on buying individual SSL certs every time you do so. Wildcard SSL certificates can be issued with DV and OV levels of validation, but not EV.
Multi-Domain SSL Certificate
With a multi-domain SSL certificate, up to 100 different domains are protected. Wildcard domains can also be protected with a multi-domain SSL cert. This kind of SSL cert is ideal for organizations running multiple websites, as they only have to deal with a unified cert for all of them, rather than keeping track of individual certs for each one. Getting this kind of cert will also save money in the long run.
Unified Communications Certificate
Unified communications (UC) certificates are similar to multi-domain certificates in that they can secure up to 100 domains and subdomains on one certificate. However, UC certificates are created specifically for environments that utilize Microsoft Exchange and Office Communications, and they use the Subject Alternative Name (SAN) extensions instead of different IP address to secure these domains.
Namecheap’s offering for UC Certificates is Unified Communications.
Choosing the best SSL types for your website
By now, you probably have a good idea of what kind of SSL certificate would best suit your website, but here are some things you should keep in mind when deciding what type of SSL certificate you should go for:
- The size of your website
- What kind of website it is
- How many domains you have
- How many subdomains you have
- If you work in a Microsoft Exchange and Office Communications environment
As a general rule of thumb, DV SSL certificates are best suited to small blogs and websites that don’t request personal data from its users. OV SSL certificates are best for small and medium-sized websites that request personal data from its users, particularly online stores. EV SSL certs are best for large enterprises with multiple, front-facing web properties.
Depending on the CA issuing your SSL certificate, you should also look at compatibility issues, whether or not they’re approved by popular browsers and compatible with mobile, for example.
Choosing the best type of SSL certificate for your website or websites doesn’t have to be an ordeal. By bearing in mind the size and scope of your website, and whether or not you need to secure multiple domains or subdomains, you should be able to make an informed decision and be safe in the knowledge that your website users’ data is protected.
source : namecheap