Without doubt, building customer trust and obtaining customers’ confidence in your business, and by extension your website, should be high on your priority list. The best way to accomplish this is to turn on SSL encryption on your website, which ensures secure connections and protects your visitors’ personal information. But what is SSL, and how do you use an SSL certificate?
What is SSL?
SSL stands for “secure sockets layer” and is a cryptographic protocol used to secure data between two machines through encryption. Without SSL in place, anyone would be able to monitor all the personal information you send to a server in plain text, including passwords and credit card numbers, and easily steal it. That’s why all websites today should have a digital certificate for SSL encryption installed.
What is an SSL Certificate?
SSL certificates assign a specific cryptographic key to your particular organization’s details (e.g. a domain name) to secure your website when users are required to submit any sensitive information, from filling out forms to logging into their account.
When an SSL certificate is active on your server, your URL will change from HTTP to HTTPS and feature a grey padlock next to it in all web browsers, so your visitors will be able to recognize the visual cues to know your website can be trusted. Having a certificate showing on your site in the address bar is similar to registered trademarks in this way.
In addition, search engines like Google now incentivize website owners to install SSL certificates by boosting their web rankings.
How Do SSL Certificates Work?
In essence, SSL certificates are data files used to verify the secure connection between your website and web server based on public key cryptography.
Your private key is known to your server and can be used to encrypt any message sent to your website. But this message can only be decrypted using the public key contained in your certificate.
SSL certificates are generated and issued by a trusted Certificate Authority (CA). There is more than one type of certificate, and all are based on their validation levels.
Here are the six types of SSL Certificates to consider:
- Extended Validation Certificates (EV SSL)
- Organization Validated Certificates (OV SSL)
- Domain Validated Certificates (DV SSL)
- Wildcard SSL Certificate
- Multi-Domain SSL Certificate (MDC)
- Unified Communications Certificate (UCC)
You might be already asking yourself, “What type of SSL certificate do I need?” To pick one, let’s discuss the essential differences between them first.
1. Extended Validation Certificates (EV SSL)
The highest-ranking and most expensive SSL certificate type is an Extended Validation Certificate.
Setting up an EV certificate requires the website owner to go through a standardized identity verification process to confirm they have the exclusive rights to their domain.
Use Cases for EV SSL Certificates
Since EV certificates are expensive and require an extended verification process, they are mostly used by high-profile websites that require a lot of personal information from their visitors or frequently collect online payments (e.g. banks or medical providers).
2. Organization Validated Certificates (OV SSL)
The Organization Validation SSL certificate’s primary purpose is to encrypt sensitive information during transactions. The OV certificate has a high assurance, similar to the EV certificate, and is also used to validate business credibility.
OV SSL certificates are the second-highest in price. To obtain them, website owners need to complete a substantial validation process administered by a Certification Authority, which investigates the website owner to see if they have the right to their specific domain name.
Use Cases for OV SSL Certificates
OV certificates are often required for commercial and public-facing websites that collect and store their customers’ information (e.g. web apps).
3. Domain Validated Certificates (DV SSL)
Compared to other SSLs, Domain Validation SSL certificates have low assurance and minimal encryption. Hence, the validation process to obtain this certificate type is minimal. The process only requires website owners to prove domain ownership by responding to an email or phone call.
Use Cases for DV SSL Certificates
As DV certificates are one of the least expensive and fastest types to obtain, they are often used by blogs or informational websites that don’t need to provide extra assurance to their visitors.
4. Wildcard SSL Certificates
Wildcard SSL certificates are available as both OV and DV, and are used to secure a base domain and unlimited subdomains. The main benefit of purchasing a wildcard certificate is that it’s cheaper than buying several single-domain certificates.
Wildcard SSL certificates have an asterisk as part of their common name. The asterisk represents any valid subdomain that has the same base domain. For example, the common name can be *.example.com, which would allow this certificate to be installed for blog.example.com and account.example.com as well.
Use Cases for Wildcard SSL Certificates
Depending on the business needs, customers can purchase either OV or DV Wildcard certificates when they need encryption for multiple subdomains. This could be valuable for blogging solutions that create different subdomains for their user accounts, for example.
5. Multi-Domain SSL Certificates
Multi-Domain SSL certificates can secure up to 100 different domain names and subdomains using a single certificate, which helps save time and money. Businesses have control of the Subject Alternative Name (SAN) field to add, change, and delete any of the SANs as needed.
Domain Validated, Organization Validated, Extended Validated, and Wildcard certificates could be upgraded to secure multiple domains. Here are some domain name examples that can gain security with just one Multi-Domain certificate:
Use Cases for Multi-Domain SSL Certificates
Multi-Domain SSL certificates are often used by companies that have representations in different jurisdictions, as well as international conglomerates that need to secure different top-level domain names.
6. Unified Communications Certificates (UCC)
Unified Communications Certificates (UCC) are also considered Multi-Domain SSL Certificates and have the same benefits. UCCs can be used as EV SSL certificates.
Use Cases for Unified Communications Certificates
UCCs were initially designed to secure Microsoft Exchange and Live Communications servers. However, today, any website owner can use them to encrypt multiple domains with a single certificate.
Essential SSL Takeaways
As you can see, having the right SSL certificate securing your website is crucial to maintaining trust with your visitors and customers. After all, there’s nothing as important in the digital world as keeping private information safe and secure.
Here are three key SSL takeaways to remember:
- If a website has HTTP instead of HTTPS, the browser sends all the information as plain text to the web server. If anyone is watching that web traffic, they can see that information.
- If the website has an SSL certificate installed and is using HTTPS, the web traffic is encrypted. Encryption is of great importance for protecting any customer’s sensitive information.
- Lastly, Google incentivizes websites that have SSL certificates installed by ranking them higher in its organic search results.
Need Help Securing Your Entire Infrastructure? Download Your Security Infrastructure Checklist for SMBs.
About the AuthorFollow on Linkedin More Content by Todd Terwillegar