SSL, or Secure Sockets Layer, is an internet-based security protocol that encrypts the communication between two or more devices (typically a server and a client) in order to safeguard user data.
Today, SSL is being replaced by the more sophisticated TLS system, which stands for Transport Layer Security and builds its capabilities on top of the now-deprecated SSL encryption system.
For example, a website that uses SSL/TLS would have HTTPS in its URL, instead of HTTP for a website that doesn’t implement the same encryption system.
SSL vs TLS Communication Protocols
An important thing to note is that people still refer to TLS and website certificates based on TLS technology as the SSL protocol and SSL certificates respectively. Keep in mind that the terms SSL and SSL/TLS refer to TLS technology in almost all cases, with some exceptions.
In this guide, we’re sticking with the terms SSL protocol and SSL certificates because that’s how these products are being predominantly marketed to the general public.
ALL Types of SSL Certificates and Who Needs Each One
An SSL certificate is a digital document that authenticates a website’s identity and enables users to communicate via secure data exchange. Today, it’s imperative for private companies, public organizations, and individual business owners to implement an SSL certificate on their websites. This will prevent their customers’ information from being stolen, decrypted, and later abused by malicious actors.
In fact, an SSL certificate helps protect information like:
- Login usernames and passwords
- Credit card credentials
- Bank account information
- Contracts and other legally-binding documents
- Personal information such as a user’s full name, address of residence, and phone number
At any rate, there are several types of SSL certificates, and which one to use on your site will depend on your budget, goals, and needs. Here’s how to make the right choice.
Single domain SSL certificate
A single domain SSL certificate is valid for one domain, which includes both the WWW and non-WWW versions of the same domain. This type of SSL certificate can also be used to secure a single hostname, subdomain, mail server, or IP address. Once it’s applied, however, a single domain SSL certificate can’t be implemented to secure other domains—not even subdomains that belong to the main domain that it’s used on.
Additionally, all pages that fall under the main domain name are also authenticated with the SSL certificate. To illustrate, if crazyegg.com uses this certificate, then the A/B testing page under crazyegg.com/ab-testing will be covered by the same single domain SSL certificate, but example.crazyegg.com will not.
A single domain SSL certificate is ideal for individuals or small companies that successfully operate with one domain name or website and aren’t looking to expand, scale up, or diversify their online presence.
Multi-domain SSL certificate
A multi-domain (MD) SSL certificate, also known as a subject alternative name (SAN) SSL certificate, enables you to secure multiple domain names, subdomains that belong to your main domain name, and subdomains from different domain names under the same certificate.
Typically, one multi-domain SSL solution can cover up to 250 different domains with a single certificate. For instance, the URLs crazyegg.com, examplecrazyegg.com, and example.crazyegg.com are all eligible to enter under the umbrella of a single multi-domain SSL certificate.
These types of SSL certificates best serve large organizations, a booming ecommerce business, or an entity that owns multiple websites and requires an all-encompassing solution from a single SSL vendor.
Wildcard SSL certificate
A wildcard SSL certificate secures one main domain and all existing subdomains contained under the same main domain. In theory, you could secure an unlimited number of subdomains by applying a single wildcard SSL certificate.
For example, www.crazyegg.com, example1.crazyegg.com, and example2.crazyegg.com would all be covered by the same wildcard certificate that you’ve previously enabled for your main domain, i.e., crazyegg.com.
This certificate is an affordable solution for users who manage multiple subdomains under one main domain name.
Code signing certificate
A code signing certificate is an authentication process used for securing all types of software, including applications, scripts, drivers, additional content, and software updates. This certificate only protects the location where the software is installed locally, and typically can’t secure vulnerabilities if you’re distributing the software online. For that, you’ll need a combination of a code signing certificate and a separate SSL certificate to secure communications across all channels—both locally on your memory drives and your website servers as well.
This certificate is suitable for individual developers and companies creating desktop software, mobile apps, and video games. A code signing certificate is especially potent in preventing hackers from tampering with the code during the online distribution phase in software development.
Unified Communications (UCC) SSL certificate
A unified communications certificate (UCC) is a type of multi-domain (MD) SSL certificate that secures up to 100 website domains.
UCC SSL certificates are often implemented in Microsoft server environments that use Microsoft Exchange and Live Communications on more than three active servers.
The Levels Of Validation For SSL Certificates
SSL certificates are issued by a Certificate Authority (CA). Before a CA can issue an SSL to an individual business owner or an organization, they have to prove that the entity requesting the SSL certificate legally owns and operates its website’s domain. This process is known as SSL certificate validation.
To check if a website has a valid SSL certificate, click the icon next to the URL address in your browser and click on Connection is secure. A window will appear that shows whether the website’s SSL certificate is properly authenticated or not.
If a website doesn’t have an SSL certificate, you won’t be able to check this information and the website will be deemed insecure by most modern web standards.
Generally speaking, a website without a valid SSL certificate isn’t trusted by search engines, browsers, and users, and will appear less frequently in search engine results pages (SERPs), but we digress.
Currently, there are three levels of validation for SSL certificates: Domain Validation (DV), Organization Validation (OV), and Extended Validation (EV). Here’s what they mean.
Domain Validation (DV) SSL certificate
This is the most common type of SSL certificate validation because it’s low-cost, and the quickest and easiest to get. To acquire a DV SSL certificate, you need to prove that you have full ownership over your domain. In turn, you can prove your domain ownership by updating the DNS record that holds the domain, or sometimes by simply contacting the Certificate Authority via email. Because of its simplicity, this process is often automatically resolved.
Asking for a DV is the cheapest way to earn an SSL certificate and authenticate your domain. It’s a great solution for personal blogs, online CV and portfolio websites, or small and medium-sized enterprises that want a quick HTTPS validation without putting a hard strain on their stringent budgets.
Organization Validation (OV) SSL certificate
Organization Validation (OV) works by a CA member manually validating your request. The designated Certificate Authority will communicate with your organization and might do some additional investigating before issuing or denying an SSL certificate. A typical OV SSL certificate contains the name and address of the organization, which makes it a more detailed and trustworthy proof of authenticity than a DV certificate.
This validation level costs more than the DV SSL certificate and takes longer to receive because the CA verifies if you’re the owner of the domain and that your business is legitimate. It usually takes a few days to get and it’s an excellent choice for larger organizations that want to showcase legitimacy and brand recognition when users visit their website.
Extended Validation (EV) SSL certificate
An Extended Validation (EV) SSL certificate is time-consuming and costly to get, but it’s the most secure level of SSL validation compared to the other two validation types. When you apply for an EV SSL certificate, the CA will thoroughly examine your business, perform detailed checks about your legitimacy, and ensure that your business location directly corresponds with your stated address in the business listing directory. This validation process usually takes a week or more to complete.
As a side note, it used to be that an EV SSL certificate would turn the text next to your main URL handle green in the browser’s address bar, but this type of visual feedback has been phased out in favor of a simpler user interface in the most popular website browsers like Google Chrome, MS Edge, and Mozilla Firefox.
It is necessary for anyone who handles sensitive customer data, including names, credit card numbers, personal addresses, and login credentials to get an Extended Validation certificate. This includes large corporations, medical and financial institutions, NGOs, and ecommerce stores.
Recap
An SSL or TLS is an encryption protocol that allows an internet server to safely communicate with a user and drastically reduce the probability of someone else hacking that communication and using it for their own gain.
There are five main types of SSL certificates:
- Single domain SSL certificate
- Multi-domain SSL certificate
- Wildcard SSL certificate
- Code signing certificate
- Unified communications SSL certificate
To use these certificates, you need to validate them through a credible Certificate Authority. You can do this in three main ways:
- With Domain Validation (DV)
- With Organization Validation (OV)
- With Extended Validation (EV)
Smaller organizations and businesses should obtain a Domain Validation SSL, while it’s advisable for large enterprises to go for an Organization Validation or an Extended Validation SSL certificate.
Did you find our guide useful and interesting to read? Check out our other guides on how to get an SSL certificate and website security.