Types of SSL Certificate
SSL Certificates are typically deployed to add security to pages where end-users are expected to submit highly confidential data. Examples include payment forms (which require the user to submit credit cards details), account login pages (where the user must enter their username and password) and secure services like internet banking and online email (where complete privacy is required). However, SSL certificates are certainly not restricted to sensitive pages and can be used to add security throughout a website. Indeed, Google is encouraging website owners to deploy SSL on all pages by giving better search ranking to HTTPS pages.
When a webpage uses an SSL certificate to secure a connection, the beginning of the URL will change from HTTP to HTTPS, with the 'S' standing for 'secure'. Users will also see a padlock and, in the case of extended validation certificates, the entire address bar will turn green.
SSL certificates are issued to websites by a trusted third party known as a 'Certificate Authority' (CA) and are available in a variety of types and validation levels:
All SSL certificates are a combination of a particular Validation Level + Type (as shown above). There are certain exceptions though. For example, you cannot purchase a wildcard version of an Extended Validation certificate as these are not permitted by the guidelines which govern the issuance of EV certificates.
The rest of this page provides a quick overview of the validation levels and certificate types discussed above.
Certificate Validation Levels
Extended Validation Certificates:
EV certificates provide the highest levels of security, trust and customer conversion for online businesses. EV certificates are issued only after the issuing CA has conducted rigorous background checks on the company according to the guidelines laid out by the Certificate Authority/Browser (CA/B) Forum. Because of this, EV certificates contain a unique differentiator designed to clearly communicate the trustworthiness of the website to its visitors. Whenever somebody visits a website that uses an EV certificate, the address bar will turn green in major browsers such as Internet Explorer, Firefox and Chrome. EV certificates are used by all major online retailers and banks and are highly recommended for businesses that wish to immediately build customer trust in their site.
Organization Validated Certificates
OV certificates include full business and company validation from a certificate authority using their established and accepted manual vetting processes. Each OV certificate contains full company name and address details, which means they provide significantly higher levels of assurance to end-users than Domain Validated certificates. However, because they are not validated to the CA/B forum standards, they do not possess the ability to turn the browser address bar green.
Domain Validated Certificates
DV certificates provide the same high levels of data encryption as the other validation levels but do not provide assurance about the identity of the business behind the website. Whereas EV and OV certificates are only issued after the applicant organization has been manually vetted by a certificate authority, DV certs are issued after domain control has been established using an automated, online process. DV certs are a popular choice amongst small-medium sized web sites because of their faster issuance times and lower price points.
Example: Essential SSL
Single Domain Certificates
A single domain certificate allows a customer to secure one Fully Qualified Domain Name on a single certificate. For example, a certificate purchased for www.domain.com will allow customers to secure any and all pages on www.domain.com/. Single domain certificates are available in DV, OV and EV variants at a variety of price points and warranty levels. The straightforward nature of the single domain certificate makes it ideal for small to medium sized businesses managing a limited number of websites. However, businesses that operate or anticipate operating multiple websites may benefit from the added flexibility, convenience and savings offered by wildcard or multi-domain certificates.
Wildcard SSL Certificate
A Wildcard certificates allows businesses to secure a single domain and unlimited sub-domains of that domain. For example, a wildcard certificate for '*.domain.com' could also be used to secure 'payments.domain.com', 'login.domain.com, 'anything-else.domain.com' etc. A wildcard certificate will automatically secure any sub-domains that a business adds in the future. They also help simplify management processes by reducing the number of certificates that need to be tracked. For growing online businesses, Wildcard certificates provide a flexible, cost effective alternative to multiple single certificate purchases
Example: Comodo Premium SSL Wildcard
Multi Domain SSL Certificate (MDC):
As the name suggests, a Multi-Domain certificate allows website owners to secure multiple, distinct domains on a one certificate. For example, a single MDC can be used to secure domain-1.com, domain-2.com, domain-3.co.uk, domain-4.net and so on. Indeed, an MDC will allow you to secure up to 100 different domains (or wildcard domains) on a single certificate. Customers can easily add or remove domains at any time. This simplifies SSL management because administrators need only keep track of a single certificate with a unified expiry date for all domains instead of keeping tabs on multiple certificates. In addition, MDCs usually represent a cost saving over the price of individual certificates.
Unified Communications Certificate (UCC):
Unified Communications Certificates are specifically designed to secure Microsoft® Exchange and Office Communications environments. UC certificates use the Subject Alternative Name (SAN) field to allow customers to include up to 100 domains on a single certificate - eliminating the need for different IP addresses per website that would be required otherwise. UC Certificates also support the Microsoft Exchange Autodiscover service, a powerful feature which greatly eases client administration. As with MDCs, a single UCC can greatly reduce SSL management duties while allowing customers to realize cost savings over individual purchases.