A Quick Guide On The Different Types of SSL Certificates
When running an ecommerce store, your website must look legitimate and trustworthy in order to attract customers to your stores. However, for you to do that, you need an SSL certificate.
SSL certificates help protect your information and the information of your customers, especially if you’re selling something online or allowing users to create accounts with your company. This is why getting an SSL certificate for your site is very important.
But what if you don’t know anything about SSL certificates or where to even start?
It can be intimidating to dive into something that has so many available options without having a clear understanding of all of your choices and what they mean.
What is an SSL certificate?
SSL certificates allow you to encrypt and secure the communication between your website and a visitor’s browser.
Because of its Importance, and its ability to boost conversion rates significantly. A user is far more likely to buy from you if your site is secure. That is when they see the https:yourdomainname.com
HTTPS means “Hypertext Transfer Protocol Secure.”
What Trust Level Do You Require?
All SSL Certificates offer session security and encrypt any information submitted through the website, but they differ in terms of how much identity information is included in the certificate and how they display in browsers. There are three main trust levels for SSL Certificates, from highest to lowest –
- Extended Validation (EV),
- Organization Validated (OV) and
- Domain Validated (DV).
When deciding between trust levels, the main question to ask yourself is, “How much trust do you want to convey to your visitors?” You should also consider how important your brand identity is to your web presence. Do you want your brand clearly presented in the browser’s address bar or just included in the certificate itself? Or is tying your brand identity to your domain not that important to you?
Extended Validation (EV) Certificates
EV Certificates include the most company data and companies must meet the highest, most stringent requirements of any type of SSL Certificate before receiving a certificate. They also lend the most credibility to your website by bringing your business’s verified identity front and center – clearly displaying your company’s name with a locked padlock.
The extended validation SSL certificate requires businesses to provide even more records to prove their ownership of a company. This certificate gives you the same kind of validation as both domain and organization validated certificates, but it also proves that you have legally registered your company as a business.
In addition to this, it also shows that a company is aware of the request for an SSL certificate and approves it. This validation can take days or weeks, depending on what the certificate authority requires.
For these reasons, this is the most secure type of SSL certificate when it comes to the validation level.
Domain Validated (DV) Certificates
DV Certificates are the most basic type of SSL Certificate, including the least amount of identity information in the certificate and only proving the website owner could demonstrate administrative control over the domain. While DV Certificates offer session encryption (so they’re certainly better than nothing), they don’t include any company information.
This means, for example, there is nothing included in a DV SSL Certificate issued to www.companyabc.com to verify that it is actually run by Company ABC.
Because they are so easy to get, there are several advantages and disadvantages of domain validated SSL certificates.
Advantages of domain validated SSL certificates
- They are cheap. The process for obtaining a domain validated SSL certificate is usually automated; making it cost less than other SSL certificates.
- It does not take long to obtain one. You can typically get an SSL in just a few minutes this way and you will not have to send extra documents to verify your business.
Disadvantages of domain-validated certificates
- They are not as secure as other SSL certificates. Any hacker can obtain a domain validated SSL certificate and then hide their identity. That is even true for your site if they poison your DNS servers. There is no way to verify identities for sure when it comes to domain validated certificates.
- Because of this, visitors might not trust your site as much as they would if you had a certificate that forced you to validate your company.
- Potential buyers might not feel comfortable handing their payment information over with this kind of certificate.
Organization validated SSL certificates
OV Certificates also include business authentication, meaning information about your company is included, but, unlike EV Certificates, this information is not as prominently displayed. In order to see your company’s identity information, visitors need to view the certificate details.
The organization validated SSL certificate shows that you own a domain while also verifying that you own an organization in a particular country, state, and city.
The process for obtaining one of these certificates is exactly like getting a domain-validated certificate, but you have to take some extra steps to verify your company’s identity.
How To Protect your Domains with This Certificate?
Using a Standard Certificate
If you only need to secure one domain (e.g. .example.com), then you should purchase a single domain or standard certificate. You have your choice of trust level – DV, OV, or EV.
If, however, you need to secure multiple domains (e.g. for regional sites - .com, .co.uk, .de), or multiple sub-domains (e.g. for customer areas – login-secure.example.com), you should consider purchasing a Wildcard or Multi-domain Certificate. Using one certificate to cover multiple fully qualified domain names (FQDNs) is more cost-effective than purchasing multiple individual certificates and simplifies management, especially when it comes time for certificate renewal.
If you want to secure multiple domains (e.g. example.com, example.net, example.co.uk) with one certificate, then you should purchase a Multi-domain Certificate. Multi-domain certificates allow you to secure multiple domain names using only one certificate. The domains are listed as Subject Alternative Names (SANs) within the certificate, which is why you’ll often hear people referring to these as SAN certificates.
If you want to secure multiple sub-domains (e.g. login.example.com, payment.example.com) with one certificate, you can use either a Wildcard or a Multi-domain. Which one is best for you depends on the number of sub-domains you need to secure and the trust level you want.
If you have a lot of sub-domains or anticipate adding more in the future, you should consider a Wildcard Certificate because you can secure an unlimited number of sites directly under the domain. Wildcard Certificates have a common name of the format *.example.com, so it will secure the examples listed above with a single certificate. The DV and OV products support Wildcard Certificates, but industry requirements do not permit EV Wildcard Certificates.
If you have only a few sub-domains, or if your sites contain a different number of nodes in the domain name (e.g. store.exaple.com, store.us.example.com, store.eurpoe.example.com), you should consider a Multi-Domain Certificate using sub-domains because they are generally more cost-effective than Wildcards and are more flexible in supporting various levels of domains. DV, OV, and EV support subdomain certificates.
Below is the full infographic from the CASC.