A Fast Lesson on SSL Certificate Types & their Features
How exactly is SSL? It’s a question that many website owners are being forced to ask as Google begins mandating encryption in 2017 and the rest of the browser community will.
If you haven’t paid attention, here’s a quick summary of what’s coming to pass. Google and Mozilla leading the web group is uniquely positioned to enforce the terms to the rest of the internet. Unless you’re incredibly tech-savvy, surfing the internet needs a browser — that’s true for almost everybody. Without a browser you couldn’t visit a website and websites depend entirely on those browsers to allow visitors to access it.
The browsers are also acutely aware of this reality, using their role to effect the changes they want to see over the internet. The latest initiative by the browsers is for universal encryption. They want to serve every website over HTTPS.
So how does SSL suit all of that? Okay, to start making encrypted connections with your guests, you need to install an SSL certificate on your webserver and upgrade your website to HTTPS. The SSL-protocol allows encryption. So, long story short: SSL is required now, let the browsers mark your website “Not Safe.”
So, let ‘s speak about SSL Certificates.
Validation Levels
Let ‘s start with something basic: all SSL certificates provide the same degree of encryption industry-standard. A free SSL certificate and an SSL certificate worth $3,000 both have the same level of protection for connections.
And why should you pay three grand hecks for one?
Ok, that is because there are two functions SSL performs. The first function which is best known is encryption. Connections are secured through encryption. Second, authentication is the lesser heralded feature. SSL can provide conclusive proof of identity which is becoming more and more important as phishing and cybercrime become more widespread than ever.
There are three different types of validation; each has its own strengths and weaknesses.
Domain Validation (DV)-Domain Validation is the vast majority of SSL certificates. That’s because the easiest form to get is this. Only show ownership over a domain is all you need to do to get a DV certificate. DV can be transmitted in minutes. For small personal websites and blogs that just need easy encryption, it’s a great option but companies should invest in business authentication — not DV.
Organizational Validation (OV)-The first form of SSL certificate was OV SSL. DV was created to extend encryption access, and EV was created to provide a greater degree of authentication. But the Original was OV. Association certification allows a corporation or association to undergo a light business screening, the certificate contains checked business specifics in return and can be accessed by anyone who knows how to find them. The issue with OV is that it shows the same visual indications as DV and most users do not know how to locate the business information that are checked.
Extended Validation (EV) – Extended Validation offers the highest level of authentication, a company or organization must undergo extensive testing (don’t worry, this isn’t as rigorous as it sounds if your business has up-to – date registration information on hand), but in return EV SSL gives a unique visual indicator: Business name in URL. It provides unchallengable proof of identity by placing the checked name and country of origin of your company in the address bar next to the URL. The only downside for EV SSL is price, but research shows that EV improves traffic and conversions, and eventually pays for itself — so it’s more of an investment.
Now that we have covered the stages of authentication let’s get into different SSL certificate forms.
Multi-Domain / SAN SSL
Some of the most common problems SSL experiences with businesses and organisations is the expense and administrative burden of obtaining SSL certificates to protect all their various domains. Thankfully, there are a number of options, in addition to single domain SSL certificates, to help encrypt multiple pages, sub-domains etc.
We are going to continue with Multi-Domain / SAN certificates. Such licenses, as the name suggests, can encrypt several domains at once. The maximum number of domains you can encrypt on a single certificate varies by CA, 25 for Thawte, 100 for GeoTrust and Symantec, and 250 for Comodo.
Here’s how it works, you’re required to produce a Certificate Signing Request (CSR) that contains all the details needed to build the SSL certificate when you buy an SSL certificate! You will usually list the domain name you want to encrypt within the Fully Qualified Domain Name (FQDN) area. And this is also valid for Multi-Domain SSL, but in this case you must also include the full domain name of any additional domain you want to protect in the fields of the Topic Alternative Name (SAN). If the CA issues the certificate it can be activated on all the domains mentioned.
Many SSL certificates from multi-domain come bundled with 2-4 SANs; additional SANs need to be purchased as needed.
Wildcard SSL
So, with a single SSL certificate, you can encrypt several domains but what about sub-domains? What if you own a single domain only, do you need to buy SANs to encrypt a bunch of subdomains? Yes! For no! Sub-domains have a specific form of SSL certificate.
This is classified as a Wildcard.
Wildcard SSL is an extremely flexible type of certificate, it can encrypt to a single certificate an infinite number of subdomains. Really, no matter how many you have. And you’re not paying like you might for Multi-Domain per sub-domain, you ‘re only purchasing a single Wildcard and it’s covering all. Best of all, you can also add sub-domains after you buy the Wildcard and the new sub-domains will be covered as long as you reissue the certificate too.
Here’s how it works, you use an asterisk instead of the subdomain level you ‘re looking for to encrypt (i.e., * .domain.com) throughout the CSR generation phase. When the Wildcard has been released all the sub-domains will be encrypted at that stage.
A few things to bear in mind, if you want to encrypt sub-domains at various domain levels you’ll need several Wildcards. Also, Wildcard SSL isn’t available in EV, so you’ll have to settle for OV if you want a business-authenticated wildcard solution.
Multi-Domain Wildcard SSL
And eventually, we have SSL certificate for Multi-Domain Wildcard. It is a form of jack-of-all-trades certificate, as the name implies, that works as both a Wildcard and a Multi-Domain certificate.
The way it functions is by using the Wildcard SAN. You do have the option to join a domain with an asterisk instead of the sub-domain level you want to encrypt, instead of working like a standard SAN sector. Multi-Domain Wildcards will simultaneously encrypt as many as 25, 100 or even 250 domains and an infinite number of sub-domains.
Wraps Up
And you have it there, that’s a fast run-down on the different forms of SSL certificates. SSL is an incredibly valuable tool not only to protect your website but also to create trust with your customers.
Hopefully this guide will help you decide which form of SSL certificate is best for you.