SSL Certificate Type
SSL Certificates offer secure sessions and encrypted communications between your website and any internet browser. SSL abbreviation means Secure Sockets Layer, the cryptographic protocols which provide the encryption and secure site communications on the Internet. SSL Certificates are typically installed on website pages that require end-users to submit sensitive information over the internet like credit card details or passwords, for example, this information is frequently required on payment pages for credit card transactions, personal login and password form of users, and data transfer.
SSL Certificate Competitive Comparison
There is no one-size-fits-all when it comes to choosing which ssl certificate to buy for your website. There are different types of certificates that vary according to:
· The strength of encryption.
· The extent to which the identity of the website owner has been validated by the 3rd-party.
· The ability for the SSL to be shared by multiple websites with either the same name eg) website1.xyz.com and website2.xyz.com), or having a single certificate be shared by multiple disparate domain names eg) website1.abc.com and website1.xyz.com.
Let’s take a look at some examples of the various types of certificates and what are the security implications of using each:
Extended Validation SSL offers perhaps the highest level of website integrity, by subjecting the website owner to a rigorous set of tests to validate the website owner’s legitimacy to the claim of domain ownership from a legal standpoint. From a technical perspective, EV SSL will cause the padlock icon and the “https://” in modern web browsers to turn green, indicating that the session is being secured through EV SSL.
You can obtain a , , or a Symantec (now Digicert Secure Site) at anyone of the aforementioned levels of validation.
An organisation validated certificate is a step up from a domain validated one, in that the ownership of the domain and the verification of the existence of the domain owner as a legal entity must be established, prior to the issuance of this type of certificate. This may involve submitting legal documentation to the certificate issuer for verification purposes.
A domain validated certificate is the most rudimentary type of certificate, in terms of validating the website owner’s identity and legitimate claim to the domain. It basically asserts that the certificate was authorized by the domain name owner, and that is the extent of it. It does not guarantee that the website owner is a legitimate entity. While the SSL session guaranteed encrypted, this is done in the absence of any assertion of confidence in the credibility of the website owner. This can leave open the possibility for phishing or “man in the middle” attacks and scams, and should not be used for commercial websites which involve significant financial transactions, particularly where government oversight and regulation may be involved.
Depending on your business needs, if you need to secure only one single website, then a single certificate would suffice. But if you have multiple websites that you manage, then it would be simpler and more cost-effective for you to buy either a wildcard certificate or a SAN (subject-alternative-name) certificate.
You can obtain a , , or a Symantec (now Digicert Secure Site) that offers either one of these options for securing multiple websites.
Establishing trust with your customers should be of utmost priority, especially in this day and age when security breaches, fraud, and identity theft are rampantly occurring with increasing frequency.