SSL’s are a huge part of managing security & data online. This article will help you understand the different types of SSL & which is best for your business.
SSL’s have become an integral part of managing security and data for businesses online. Nowadays, they’re an expected element for businesses who wish to verify their online identity and build trust amongst their customers.
It can be a minefield if you’re unsure as to which options are available or which type of certificate is best for your business.
This article will show you the pros and cons of the different types of SSL’s available to help you make an informed decision based on your requirements.
What is an SSL certificate?
Secure Sockets Layer certificates (SSL), are used to create trust, privacy and identify your business online.
They work by securing the flow of communication, through the use of encryption, between a website and internet users.
This helps to prevent man-in-the-middle attacks on your data and acts as a deterrent to hackers by creating a secure connection between the browser and the server.
In order to get an SSL for your site, you’ll need to have your domain registered. The Certified Authorities (CA) will need to be able to verify the domain before they can provide you with a certificate.
Once you have an SSL in place, internet users can easily identify the security of your site from the padlock icon next to the URL, also known as a trust seal. Once in place, “HTTPS” (Hypertext Transfer Protocol Secure) will also prefix your URL. Having the additional “S” at the end of HTTP denotes that the site is “Secure”.
Google wants to protect the security of internet users, and as a result, factored HTTPS as a ranking signal as of 2014. Although it’s not a high-ranking factor, it will still have an impact on SEO within your business. Having HTTPS has been shown to improve overall page visibility as well as keyword rankings.
You can check if your current SSL certificate is valid through CWCS, just pop in your domain details, here.
When choosing an SSL certificate, you should consider the following factors:
- Domains – The number of domains and subdomains you want to secure will affect the type of certificate you require.
- Security – What sensitive information is processed on your site and what customer data do you capture.
- Support – What level of support is offered by the SSL provider. Do they have a troubleshooting team available? Free SSL providers won’t necessarily offer round the clock support.
- Price – How much do you realistically need to invest into your SSL. Certifications can be valid for varying lengths of time so this is another element to consider.
- Validation – The level of validation you wish to display through the certificate and what level of information this contains.
- Warranty – Does the provider have a warranty with their certificates? The higher the warranty, the more you are covered. Keep in mind that you won’t get a warranty with a free SSL provider.
- Reputation – It’s best to obtain your certificate from reputable CA’s
- Issuance Time – For more advanced certificates, the process will take longer as a more in-depth verification process is required – hence the higher level of trust given by these certificates.
Encryption levels are actually the same regardless of what type of SSL you choose. The main difference is the verification process required to secure the certificate.
Different types of SSL’s
Let’s Encrypt is an open-source organization that aims to provide a free option for website owners to secure their domains and by extension the wider internet.
Let’s Encrypt is one of the most commonly used free SSL tools. Originating in California they operate a not-for-profit service with the outlook of providing free encryptions for businesses.
These are most suited to smaller businesses with a low number of web pages and who aren’t collecting data from their customers or visitors. They also work well for testing sites, blog sites and internal non-public facing sites.
- Firstly, it’s free! Which is a great cost saving benefit to smaller businesses.
- It’s easy to install.
- You can automate renewals for sites by installing a plug-in for your control panel.
- You can benefit from a range of community support options.
- They also offer SAN certificates, Subject Alternative Name, to allow for multiple domain name protection.
- If you haven’t installed the correct plug-ins, you need to manually renew your certificate every 3 months.
- It’s important to remember, you don’t get warranty with these certificates. So, if there is an issue, you will not be entitled to receive compensation.
- You won’t have access to round the clock support due to it being open-source. Therefore, you may have to wait a while for troubleshooting and advice.
- Wildcard certificates are not available through free platforms.
Domain Verification SSL
Domain Verification (DV) SSL’s are a great option for businesses who need an SSL quickly and at little expense. DV requires the CA’s to check that the applicant has the right to use that specific domain name.
They do this by obtaining a response from their Domain Control Validation email. However, aside from this, no other company information is checked or verified. This means that only the Secure Site Seal is displayed on the certificate along with the padlock icon and HTTPS.
- They are issued almost immediately and you aren’t required to submit any paperwork.
- They also have the same browser recognition that Organization Verification and Extended Verification have, without the time implication of setup.
- Very affordable option.
- Your company information isn’t listed on the certificate itself, meaning that essentially, anyone could register under your domain without actual proof of ownership.
Organization Verification SSL
With Organization Verification (OV) SSL’s, CA’s must validate both the domain and the business before issuing the certificate. These are an elevated version of DV. These are ideal for e-commerce sites or sites dealing with sensitive customer data.
These essentially verify that the organization using the certificate is a registered government entity. They also check factors such as locality presence and sometimes even telephone verification.
- Issued within 24 hours.
- Displays company information on the certificate.
- Offers higher bit encryption than DV.
- For e-commerce sites or sites that manage payment details, the higher the encryption, the better.
- OV certificates are the only type which can be used to validate IP addresses where a domain isn’t registered.
- Site visitors will have to know where to look in order to find the information.
- These can still take between 2-3 days to be issued.
Extended Verification SSL
These certificates are often used when the highest level of security is required. For example, government bodies or e-commerce sites would require Extended Verification (EV) to secure trust with their users.
EV requires the provider to verify the following information: the business has officially authorized the issuance, that they have the exclusive rights to the specific domains, that the business’s identity matches official records and that they can verify the legal and operational existence.
It will also display the country in the address bar along with the business name.
- They offer increased warranty and they have a higher validation level.
- It’s difficult for hackers to obtain EV certificates as it’s likely that the CA’s would notice discrepancies in the applications.
- EV have the longest certificate length options of up to two years, unlike DV and OV who only run up to a year.
- Having an EV shows your customers that you are doing everything you can to protect their data.
- For single domains, this is by far the most expensive option.
- The issuance time is quite lengthy and can take between 3-5 days to obtain.
- The process can also be delayed if any discrepancies are found within the documentation, thus requiring the business to provide further details and evidence.
- Google is slowly phasing out the defining indicators of EVs certificates from others.
- The green address bar no longer comes with EVs certificates.
- Research has shown that it wasn’t as effective in preventing phishing attacks as initially thought and was still subject to being copied by malicious websites.
These are designed for businesses that have multiple domains (e.g., example.com, example.net).
These types of SSL’s can also be referred to as SAN certificates as the domains themselves are listed as Subject Alternative Names. This is the best option for businesses who want to secure multiple domains they operate.
Multi-domain SSL’s can also be referred to as Unified Communication certificates, where you have the flexibility to amend the domain names if required.
- They can cover up to 100 domain names under just one certificate. Saving you money and time on purchasing multiple certificates.
- Users will have the ability to easily manage and change or move domains as required.
- It can be used across as many servers and IP’s as needed and most providers will offer round the clock support.
- Multi-domain SSL’s are only available with DV or OV.
- There is a risk of downtime where certificate updates are required as the certificate must be replaced on all the sites using the certificate.
Wildcard SSL’s are ideal for covering a range of sub-domains. They allow you to manage an unlimited number of sub-domains under one certificate. This is great if you have an expanding site and want the option to add more sub-domains in the future.
Domains can fall into two categories to make them easier to manage: sub-domains and fully-qualified domains.
For example, a wildcard SSL can protect: www.example.com, blog.example.com, shop.example.com, but will not protect example.com on its own.
- Great for businesses who are looking to scale online as they allow for easy growth and flexibility.
- You don’t have to purchase multiple certificates and equally don’t have to go through the whole validation process over and over.
- Saves costs on having to purchase additional certificates.
- Wildcards are only available in DV and OV certificates.
- There can be compatibility issues with older operating systems.
- They also only cover one subdomain level so if you need different levels of subdomains then technically you would have to purchase one of each level which would be costly.
- If you have multiple people managing the SSL then you would have to share private key details which could increase the risk of security.
- It’s also worth noting that if you are using just one certificate across multiple servers then a single compromise will result in you having to re-issue all the certificates.