An SSL (Secure Sockets Layer) certificate enables encryption and a secure connection between a visitor and your website. These certificates are recommended where sensitive information is requested from users, such as payment details or a password. An SSL certificate creates a secure connection and activates a lock that prevents third parties from seeing online activity such as login credentials, passwords and sensitive information such as credit card numbers.
It is quite easy to identify a site that has an SSL. You will often see a green padlock next to the URL. Alternatively, you can identify an SSL by “https://” rather than just “http://” letting you know the site is secure (note the “S” stands for “Secure”). Secure browsing has become increasingly important for social media sites. An SSL is necessary to prove identity to users, in particular for e-commerce sites or a site utilizing email servers. As SSL Certificates can increase conversion rates, a user is more likely to purchase goods and services from sites that are secure.
If you are buying an SSL for your site for the first time, what is the right SSL for you? There are 5 main types of SSLs that can be grouped into 2 categories. SSLs by validation and SSLs by Secured domains. Validation level relates to the Certificate Authority that confirms the identity of the entity that is applying for the certificate.
Which SSL should I choose?
For SSLs, by Validation level, there are 3 main types of certificates, organisation validated (OV) extended validation (EV) and domain validated (DV). Some certificate types can offer a higher level of protection over another certificate, but the type of certificate required generally relates to the specific level of validation required to access a specific service. So a payment gateway will require a higher level of validation than a standard static website like a promotional site that doesn’t require any user details.
Domain validated SSL certificates show that a domain name is registered and there is a site administrator running the URL. The CA (Certificate Authority) can validate through email, DNS or HTTP. Typically these will be validated by the CA sending an email to the owner of the site who will click on a link to verify.
DV certificates are for encryption only and all that is required to obtain one is to establish ownership of the site. DV Certificates are the easiest to acquire. The advantages are they are inexpensive and simple to deploy. The disadvantages are they are not as secure as OVs or EVs. Any hacker can obtain a DV certificate which means that visitors may not trust these sites and be reluctant to provide payment information with these certs.
Organisation Validated Certificates verify that in addition to owning the domain name you also are the owner of an entity in a particular country/city. Obtaining an OV requires a few additional steps to verify the company identity as the name suggests. These certificates will take longer to provision – up to a few days. The advantages of OVs are that users are more likely to trust them over DV’s as they have this additional layer of information.
Extended Validation certificates require an even greater amount of information to prove the ownership of a company. These certificates require you to prove that you have legally registered your company and the physical location of the company. They can take days to weeks to approve, depending on the CA. The advantages of EVs are they are the most secure certificates when it comes to validation level and is the most trusted.
SSLs by secured domains?
For SSL certificates by secured domains, the options are single name or multi named SSL certificates. One or more hostnames can get an SSL certificate, which means that the scope of a certificate can be limited. Single-name SSL certificates protect one subdomain so these are provisioned where you need to add a certificate to just one subdomain. Note that there is also the option here of a Wildcard SSL certificate securing a number of subdomains for just one single domain.
Multi-domain SSL certificates provide security for several different domains with just one certificate by using the SAN extension. These certificates are usually called SAN certificates for this very reason. With multi-domain SSL certificates, you can combine many different hostnames, regardless of whether they are from the same domain or not.
To purchase an SSL you will need a unique IP address and a Certificate Signing Request (CSR). This is a piece of text that you have to create on your web server before you can order the SSL certificate. The CA will use the information in the CSR, such as your domain name, public key and company name, to issue your certificate.
Here’s a tip!
A tip here is to ensure that the information in your WHOIS record is correct. You may encounter difficulties if the WHOIS information does not match the certificate order. If you are looking to purchase a new SSL or simply renew an existing SSL we can assist with all your SSL requirements. Please contact us for an obligation-free quote.
Brandsec is a corporate domain name management and brand protection company that looks after many of Australia, New Zealand and Asia’s top publicly listed brands. We provide monitoring and enforcement services, DNS, SSL Management, domain name brokerage and dispute management and brand security consultation services.