Let’s talk about SSL certificates and which SSL certificate is best for you and your website. And let’s skip straight to the point: there is no “right” answer to this question. Every website, and every organization that owns a website, is different. They all have different needs and different goals. What works best for Google might not work best for you. So, pretending there’s any consensus answer on this is silly.
So, let’s start with what an SSL certificate is, then we’ll cover what kinds are available. Then, with that information, you can decide what’s best for YOU. We don’t want to pushy like that.
What is an SSL Certificate?
SSL/TLS is an internet protocol that encrypts connections between client devices used by internet users and servers that host websites. Essentially, an SSL certificate is a cryptographic file that facilitates SSL.
Specifically, an SSL certificate does two things:
- Authenticates the identity of the server that owns the certificate; and
- Verifies that the server is the owner of the provided key pair.
SSL certificates do not encrypt anything. They facilitate encryption via a handshake process. This is an important fact to note when trying to decide which SSL certificate is best. But the certificate itself has absolutely no bearing on the actual encryption that occurs. The strength is determined by the capabilities and configuration of the server and client.
The way SSL works is this, when a client arrives at a website with an SSL certificate installed, a handshake takes place. During that handshake, the server is identified and authenticated, then a secure encryption key is passed between the client and server. They will use this key to communicate during the connection. Once the handshake is complete, the connection ensues, and the data transmitted between the server and the client is encrypted (HTTPS) as opposed to being sent in plaintext (HTTP). This is what we refer to as data in-transit encryption.
Now, let’s talk about the types of SSL certificates with regard to how they are validated by the issuing certificate authorities (CAs). This is another step in your journey to figuring out which SSL certificate is best for you.
SSL Validation Levels
When choosing which SSL certificate is best for your eCommerce website, blog, or other type of website, you need to consider which validation level you want.
There are three types of validation available with SSL certificates:
- Domain validation (DV) — The certificate asserts server identity only.
- Organization validation (OV) — The certificate asserts some organization identity.
- Extended validation (EV) — The certificate asserts full organization identity.
When an internet user clicks on the padlock icon in their address bar, they can see the information that’s been validated in the subject field of the certificate details. DV SSL is the least trustworthy. Many CAs offer it for free and it’s widely used by criminals and phishers. OV and EV are considered business authentication certificates. They display verified organizational information in the subject field and are associated with a much lower preponderance of phishing.
SSL Functionality Types
There are four different kinds of SSL functionality.
- Single Domain — Secures one domain.
- Wildcard — Secures one domain and its subdomains.
- Multi Domain — Secures up to 250 different domains.
- Multi Domain Wildcard — Secures up to 250 different domains and their subdomains.
Now, a few things. You cannot get wildcards or multi domain wildcards in extended validation, only DV and OV. So, if you need to secure subdomains, it either needs to be done with multi-domain certificates or by using OV.
Additionally, multi domain certificates use something called SANs, or Subject Alternative Name domains. These aren’t free — most multi domain certificates come with two to four domains, but more can be purchased as needed. You list the additional domains in the SAN fields when creating your certificate signing request (CSR).
So, What’s the Right Choice?
There is no correct answer to this question. Before you purchase an SSL certificate, you need to answer two questions.
- How much identity do you want the certificate to assert (validation level)?
- What do you need it do secure (functionality)?
Once you know the answer to those questions, the answer to your original question of which SSL certificate is best should be right in front of you.
Save Up to 82% on SSL Certificates from RapidSSLonline!
Protect your website with an SSL Certificate from brands like RapidSSL, Symantec, GeoTrust, and Thawte.