What Is SSL?
SSL stands for Secure Sockets Layer. It’s essentially just the encryption protocol used when your browser communicates with the server of a secured site. If a site uses SSL it must have an SSL certificate, which means a certificate authority like Comodo or Digicert has certified and verified that site. By using this secure protocol, a site helps avoid many security threats that can happen when a remote user interacts with a website. It is a major part of any internet security plan used by a business organization or individual on their site.
You may have heard the term TLS, which stands for Transport Layer Security. Transport Layer Security is basically just the latest, most updated version of SSL. Most people still use the term SSL, even though the TLS protocol replaced the SSL protocol many years ago.
Why Are SSLs important?
SSLs are important because they help ensure you have a secure connection. Without the SSL it would be relatively simple for anyone to snoop and steal your information. SSLs make it much more difficult for criminals listening in to pick up the important and private data sent between your computer and the server of the site you are on.
With an SSL, someone visiting the site can have a little more trust in who they are actually dealing with. This is because a site must verify who they really are before a certificate authority will issue a certificate to them. The level of verification varies, depending on which type of SSL certificate the site uses, but there is always at least a minimal amount.
Consider this: Would you feel as comfortable giving out your credit card number to a site that wasn’t secured? Without SSL and the accompanying certificate, anyone could claim to be a company and actually be a random person who wanted to scam people or steal their identity.
If a site has that little lock in the address bar, you can have at least some trust that they are who they claim to be. If they haven’t secured their site you will see something else. Some browsers show a lock with a red slash across it, others show an exclamation mark. The important thing is, it’s not the typical lock. In that case, you should think very carefully before sharing any important information like social security or checking account numbers.
Some browsers also show https:// instead of http:// at the beginning of these web addresses, while other browsers chop these from the address. All major browsers show the lock for secure sites, whether they show the https visual indicator or not.
Differences Between Available SSLs
If you have a website, there are several types of SSL certification you can use to verify your site’s security and provide trust to your visitors. Each of these provide a different level of security and verification.
DV SSL
DV stands for Domain Validated. This is the most basic type of SSL, and the only thing the certificate authority checks before granting the certificate is whether the applicant has the right to use that specific domain. It’s basic, but it at least provides some checks to be sure they aren’t using someone else’s name for their domain and it provides encryption.
An advantage these kinds of certifications have, from the perspective of the site owner, is that they are very quick to set up. Usually, within minutes of applying for DV SSL you will be issued the certificate. The certificate authority verifies you have a right to the domain by sending an email to the email address on file with the domain registrar. They are also incredibly low-cost compared to other types, and some places even offer them for free.
This type of certificate is the absolute least you should have for your site. It’s commonly used by individuals and small businesses. With this type of certificate, when a user clicks on the lock in the address bar to view the certificate information they will not find anything about your company except the domain name. It provides very little assurance you are actually a legitimate entity. About the most a visitor can know is that you have a right to use the domain and that the connection is secure.
OV SSL
The OV in OV SSL stands for Organization Validated, and that’s just what it means. When a site applies for this certification the certificate authority requires verification of the identity of the site owner and the person applying, as well as the physical address of the company or person applying. They also check the right of the applicant to use that domain.
When a visitor to a site clicks on the lock in the address bar and looks into the subject line of the certificate they will find the company information. The visitor will be able to see the actual company and their physical business address.
This is a good type of certification for a lot of small and medium-sized businesses. It provides a site’s visitors with proof that they are dealing with a legitimate site and that the company or entity a site claims to represent actually owns the domain and is the one using it. Someone cannot get a OV SSL certificate for a domain by claiming to be a business they are not. The certificate authority will not issue the certificate to someone whose information they cannot verify.
EV SSL
An EV SSL, or Extended Validation SSL, is the most secure type of SSL available. The issuing certificate authority checks to be sure the applying entity is who they claim to be, verifies the physical address, makes sure the ID of the applicant matches the records of the company, verifies the applicant has exclusive rights to the domain, and verifies with the domain owner that they actually authorized the issuance of the certificate. This can take several weeks, as they do a thorough job and require actual paperwork.
This kind of SSL is great for ecommerce sites. In past years, the address bars of many major browsers would turn green when a site had this kind of certification to show that this site was safe. This led some people to refer to EV SSL as Green SSL or Green EV SSL.
When your site has EV SSL a visitor can rest assured that you went through thorough vetting. The visitor has full information on the company or individual when they look at the certificate information. Visitors to a site can have a lot more trust when dealing with this kind of site than others.
Wildcard SSL
With a single SSL, you register a specific domain. This means you may have a certificate for yourdomain.com. But this isn’t always ideal, especially if you have many subdomains. A wildcard SSL covers all your subdomains under a single certificate. That means it covers any *.yourdomain.com that you may add.
This kind of SSL is a great value because you can cover all your subdomains with one certificate. It’s also flexible since you can push out a new subdomain and it is automatically covered, no need to apply for a new certificate.
Imagine you have a domain, yourdomain.com, and you use a wildcard SSL. This means it covers anything you add as a subdomain. Any *.yourdomain.com. So if you want to add three sites, such as:
- Bobs.yourdomain.com
- Your.yourdomain.com
- Uncle.yourdomain.com
You can just add them. Your original wildcard certification covers them. There is no need to apply for a new certificate or wait for any further verification.
These are great for growing businesses that may want to add subdomains for specific uses down the road. But they do have less security than some SSLs, since you cannot get an EV SSL that is a wildcard SSL. This is because EV SSL requires that you list each domain and subdomain covered by the certificate when you apply.
SAN SSL
SAN, or Subject Alternative Name SSL, lets a website owner cover multiple domains and subdomains with a single certificate. Sometimes people also call these Multi-Domain SSLs.
The main difference between these and the wildcard SSLs is that an applicant must list each domain and subdomain when they apply for these. This makes them more secure from a user point of view.
A problem with these is that the certificate authority must reissue the certificate any time the site owner wants to add a domain or subdomain. That can become tedious and take a lot of time.
These are great when multiple domain names go to the same server. This may be the case for large corporations who may have five or six domains, each one for a different division of the company. One certificate can secure all of them.
Which SSL Is Right For Me?
It is vital that a site has an SSL certificate. Some browsers, to help quell security issues online, will alert users of a site without one that there may be security concerns with a site. This can come in the form of a simple message, but in some cases, users may encounter connection errors when they attempt to access a site that is insecure.
This may lead you to wonder which SSL you should choose. That depends a lot on what kind of site you are securing. It also depends on what type of entity you represent.
For a personal blog or a web-based application, you probably will be fine with the DV SSL. There isn’t a lot of security risk for these kinds of sites, since you aren’t selling anything and aren’t passing a lot of data that may require higher security. It’s a great option for something this small, since it is the most affordable of the certifications.
If you have a site selling many items then you may be better off with an OV SSL. Your site has a higher security risk and you are passing payment information around, so you want the increased assurances for users that this type of certificate provides. The downside is this is more expensive than the DV SSL. Some major retailers use these kinds of certificates, so it’s a good choice for many online stores.
In cases where you really want to provide the safest environment with the greatest trust for your visitors you probably want the EV SSL. It shows the most credibility to your visitors, and they can rest assured that you are doing what you can to address security issues and keep their data safe while transmitting it back and forth. Major financial and eCommerce sites often use this kind of certificate.
Wildcard or SAN SSLs won’t be necessary for most sites. These are ideal for large companies, and they work best in those cases. If, for some reason, you have a need for multiple subdomains, then the cheaper of these options is the wildcard, but it provides less assurance of your identity than the SAN does, so keep in mind how your visitors will use your site and how that may affect them.