SSL (Secure Socket Layer) is an Internet-based security protocol that encrypts communications between two or more devices (usually servers and clients) to protect user data.
Today, SSL is being replaced by the more sophisticated TLS system, which stands for Transport Layer Security and builds its functionality on top of the now-deprecated SSL encryption system.
For example, a website that uses SSL/TLS will have HTTPS in the URL, while a website that does not implement the same encryption system will use HTTP.
SSL and TLS communication protocols
It should be noted that people still refer to TLS and website certificates based on TLS technology as SSL protocols and SSL certificates respectively. Keep in mind that the terms SSL and SSL/TLS refer to TLS technology in almost all cases, but there are some exceptions.
In this guide, we stick with the terms SSL protocol and SSL certificate because that’s how these products are primarily marketed to the public.
All Types of SSL Certificates and Who Needs Each
An SSL certificate is a digital document that authenticates a website’s identity and enables users to communicate through secure data exchange. Today, private companies, public organizations and individual businesses are required to implement SSL certificates on their websites. This will prevent customers’ information from being stolen, decrypted and subsequently misused by malicious actors.
In fact, SSL certificates help protect the following information:
- Login user name and password
- Credit card voucher
- Bank account information
- Contracts and other legally binding documents
- Personal information, such as the user’s full name, residential address and phone number
Regardless, there are many types of SSL certificates, and which one to use on your website depends on your budget, goals, and needs. Here’s how to make the right choice.
Single domain SSL certificate
A single domain SSL certificate is valid for one domain, which includes both WWW and non-WWW versions of the same domain. This type of SSL certificate can also be used to protect a single hostname, subdomain, mail server, or IP address. However, once applied, a single domain SSL certificate cannot be implemented to protect other domains, or even subdomains that are part of the main domain it is used for.
In addition, all pages under the main domain are also authenticated through SSL certificates. For example, if crazyegg.com uses this certificate, then the following A/B test page crazyegg.com/ab-testing will be overwritten by the same single domain SSL certificate, but example.crazyegg.com will not.
Single domain SSL certificates are ideal for individuals or small companies that are successfully operating with one domain or website and do not wish to expand, scale, or diversify their online presence.
Multi-domain SSL certificate
A Multi-Domain (MD) SSL Certificate, also known as a Subject Alternative Name (SAN) SSL Certificate, allows you to protect multiple domains, subdomains belonging to your main domain, and users from different domains under the same certificate. subdomain.
Typically, a multi-domain SSL solution can cover up to 250 different domains using a single certificate. For example, the URLcrazyegg.com, examplecrazyegg.com, and example.crazyegg.com are all eligible for protection under a single multi-domain SSL certificate.
These types of SSL certificates are best suited for large organizations, thriving e-commerce businesses, or entities that have multiple websites and require a full-service solution from a single SSL provider.
Wildcard SSL certificate
Wildcard SSL certificates protect a primary domain and all existing subdomains contained under the same primary domain. In theory, you can protect an unlimited number of subdomains by applying a single wildcard SSL certificate.
For example, www.crazyegg.com, example1.crazyegg.com, and example2.crazyegg.com will all be overwritten by the same wildcard credential that you previously enabled for your primary domain, which is crazyegg.com.
This certificate is an affordable solution for users who manage multiple subdomains under one main domain.
code signing certificate
Code signing certificates are a verification process used to protect all types of software, including applications, scripts, drivers, add-ons, and software updates. This certificate only protects the location where the software is installed locally, and generally does not protect vulnerabilities if you distribute the software online. To do this, you need to use a combination of code signing certificates and a separate SSL certificate to secure communications on all channels, including local memory drives and the website server.
This certificate is available to individual developers and companies creating desktop software, mobile applications, and video games. Code signing certificates are particularly effective in preventing hackers from tampering with code during the online distribution phase of software development.
Unified Communications (UCC) SSL Certificate
A Unified Communications Certificate (UCC) is a multi-domain (MD) SSL certificate that protects up to 100 website domains.
UCC SSL certificates are typically implemented in Microsoft server environments that use Microsoft Exchange and Live Communications on more than three active servers.
Verification level of SSL certificate
SSL certificates are issued by the Certificate Authority (CA). Before a CA issues an SSL to an individual business owner or organization, they must prove that the entity requesting the SSL certificate legally owns and operates the domain name for their website. This process is called SSL certificate verification.
To check if a website has a valid SSL certificate, click the icon next to the URL address in your browser, then click Safe connection. A window will appear showing whether the website’s SSL certificate has been verified correctly.
If a website doesn’t have an SSL certificate, you won’t be able to check this information, and the website will be considered unsecured by most modern web standards.
Generally speaking, a website without a valid SSL certificate will not be trusted by search engines, browsers, and users, and will appear less frequently in search engine results pages (SERPs), but we digress.
Currently, there are three levels of verification for SSL certificates: Domain Verification (DV), Organization Verification (OV), and Extended Verification (EV). This is what they mean.
Domain Validation (DV) SSL Certificate
This is the most common type of SSL certificate verification because it is inexpensive, fastest, and easiest to obtain. To obtain a DV SSL certificate, you need to prove that you have full ownership of your domain. In turn, you can prove your domain ownership by updating the DNS records that hold the domain, or sometimes just by contacting the certificate authority via email. Due to its simplicity, this process usually resolves itself.
Requesting a DV is the cheapest way to obtain an SSL certificate and verify your domain. This is a great solution for personal blogs, online resume and portfolio sites, or small and medium-sized businesses that want HTTPS verification quickly without putting a strain on a strict budget.
Organization Validation (OV) SSL Certificate
Organizational Validation (OV) Manual validation of your request by a CA member. The designated credential authority will communicate with your organization and may perform some additional investigation before issuing or denying an SSL credential. A typical OV SSL certificate contains the organization’s name and address, making it a more detailed and trustworthy proof of authenticity than a DV certificate.
This level of verification costs more than a DV SSL certificate and takes longer to receive because the CA verifies that you are the owner of the domain and that your business is legitimate. Typically taking a few days to obtain, this is an excellent option for larger organizations that want to demonstrate legitimacy and brand recognition when users visit their website.
Extended Validation (EV) SSL Certificate
Obtaining an Extended Validation (EV) SSL certificate is time-consuming and expensive, but it is the most secure level of SSL verification compared to the other two verification types. When you apply for an EV SSL certificate, the CA will thoroughly inspect your business, perform a detailed check on your legitimacy, and ensure that your business location directly corresponds to the address stated in the business directory. This verification process usually takes a week or more to complete.
By the way, EV SSL certificates used to turn the text next to the main URL handle in the browser’s address bar green, but this type of visual feedback has been phased out in favor of a simpler user interface. Browsers such as Google Chrome, MS Edge and Mozilla Firefox.
An Extended Validation certificate is required for anyone who handles sensitive customer data, including names, credit card numbers, personal addresses, and login credentials. This includes large corporations, medical and financial institutions, NGOs, and e-commerce stores.
review
SSL, or TLS, is an encryption protocol that allows Internet servers to communicate with users securely and greatly reduces the possibility of others deciphering that communication and exploiting it for personal gain.
There are five main types of SSL certificates:
- Single domain SSL certificate
- Multi-domain SSL certificate
- Wildcard SSL certificate
- code signing certificate
- Unified Communications SSL Certificate
To use these certificates, you need to verify them with a trusted certificate authority. You can do this in three main ways:
- Has Domain Verification (DV)
- With Organizational Validation (OV)
- With Extended Validation (EV)
Small organizations and businesses should obtain domain-validated SSL, while larger enterprises are advised to obtain an organization-validated or extended-validated SSL certificate.
Did you find our guide useful and interesting to read? Check out our other guides How to obtain an SSL certificate and Website security.
