If you want your website to look legitimate and trustworthy, you need an SSL certificate.
You especially need it if you’re selling something online or allowing users to create accounts with your company. SSL certificates help protect your information and the information of your customers.
This is one of the many reasons why I have SSL certificates for all of my sites.
But what if you don’t know anything about SSL certificates or where to even start?
It can be intimidating to dive into something that has so many available options without having a clear understanding of all of your choices and what they mean.
That’s why I’m going to lay out each kind of SSL certificate and what they do so that you’ll be able to choose the one that best suits your company’s needs.
Plus, I’ll tell you exactly what you’ll need to buy one (and how to do it).
Before we dive into the specifics, let me tell you what an SSL certificate is and why you need one.
What is an SSL certificate?
SSL certificates allow you to encrypt and secure the communication between your website and a visitor’s browser.
They bind together domain names and server names as well as an organization’s information (such as their name) and location.
These certificates are usually installed on web pages that request sensitive information from users, such as payment details or a password.
So you’ll want to make sure you add them to your payment pages, login pages, opt-in forms, and more.
When these encryptions are present, it activates a “lock” that keeps others from being able to see the online activity, making the connection entirely secure.
This prevents hackers from being able to read and steal credit card information, login credentials, passwords, data, and more.
When it comes to social media sites, this type of secured browsing is also becoming hugely important.
When you’re browsing the web, identifying sites that have an SSL is incredibly easy.
You’ll usually see a padlock right next to their URL, too, letting you know that the site is secure.
For example, one should appear in your browser’s address bar when you head to most popular sites, such as Google.
For any site, especially an e-commerce site or a site utilizing email servers, the actual SSL certificate itself is a necessity to prove their identity to users.
The SSL certificate is available for any user to view and check the identity of the company.
As we’ve already discussed, SSL certificates protect users’ payment information, usernames, passwords, and more.
They also keep data secure, boost your Google rankings, and build trust between you and your customers.
Because of this, SSL certificates can boost conversion rates significantly. A user is far more likely to buy from you if your site is secure.
To start implementing secure browsing sessions with visitors, you just have to install the certificate onto a web server.
Once you install it, web traffic between the web browser and the web server will no longer be vulnerable.
Another way to identify a secure site is by looking at the URL. You’ll see “https://” rather than just “http://” at the beginning of websites that are secure.
You might be wondering what the extra “s” added onto “http” actually stands for. It simply stands for “secure.”
HTTPS means “Hypertext Transfer Protocol Secure.”
So now you know what an SSL certificate is and why you need one. But what types are there to choose from?
There are five main types of SSL Certificates that fall into two different categories: validation level and secured domains.
SSL certificates by validation level
Validation level refers to how the Certificate Authority confirms the identity of the company and person(s) who are applying to obtain the certificate.
There are three main types of certificates: domain validated (DV), organization validated (OV), and extended validation (EV).
When a security certificate is not trusted, users will receive this notification:
An authentic authority must obtain the certificate so that users won’t see this message.
Any certificate will provide the same level of protection, no matter the type of validation.
But some authorities might require a specific level of validation to use certain services.
For example, a payment system requires much more validation than a plain domain certificate.
This is because it’s important to verify that the company collecting funds legally exists as a registered business.
Let’s take a look at domain validated SSL certificates first.
1. Domain validated SSL certificates
Domain Validated SSL certificates show that a domain is registered and that a site administrator is running the URL.
The certificate authority can typically validate through email, DNS, or HTTP.
When validating via email, the certificate authority will send an email to the administrator. From there, the owner of the site will click a link in the email requesting a certificate to verify.
With DNS verification, the owner validates that they own the site through a DNS record that is attached to the website domain.
A DNS record is a text file showing which IP addresses each domain is associated with.
HTTP validation includes the owner proving ownership by creating and saving a text file in the public web root of their domain.
Once a certificate is valid and the authority signs it, web browsers will show that there is now a secure HTTPS connection.
Domain validated certificates are encryption certificates only.
All you have to do to obtain one is prove your ownership of the site.
Because they are so easy to get, there are several advantages and disadvantages of domain validated SSL certificates.
Advantages of domain validated SSL certificates
- They’re cheap. The process for obtaining a domain validated SSL certificate is usually automated, making it cost less than other SSL certificates.
- It doesn’t take long to obtain one. You can typically get an SSL in just a few minutes this way and you won’t have to send extra documents to verify your business.
Disadvantages of domain validated certificates
- They aren’t as secure as other SSL certificates. Any hacker can obtain a domain validated SSL certificate and then hide their identity. That’s even true for your site if they poison your DNS servers. There’s no way to verify identities for sure when it comes to domain validated certificates.
- Because of this, visitors might not trust your site as much as they would if you had a certificate that forced you to validate your company.
- Potential buyers might not feel comfortable handing their payment information over with this kind of certificate.
2. Organization validated SSL certificates
The organization validated SSL certificate shows that you own a domain while also verifying that you own an organization in a particular country, state, and city.
The process for obtaining one of these certificates is exactly like getting a domain validated certificate, but you have to take some extra steps to verify your company’s identity.
It doesn’t take too long to obtain this kind of certificate: anywhere from several hours to several days.
These kinds of certificates also show your company’s information in the certificate details, like this one from Amazon.
For consumers, having this extra information might seem a bit more legitimate, leading them to be more likely to make a purchase.
3. Extended validation SSL certificates
The extended validation SSL certificate requires businesses to provide even more records to prove their ownership of a company.
This certificate gives you the same kind of validation as both domain and organization validated certificates, but it also proves that you have legally registered your company as a business.
In addition to this, it also shows that a company is aware of the request for an SSL certificate and approves it.
This validation can take days or weeks, depending on what the certificate authority requires.
This one requires you to provide documents certifying your company’s identity as well as some other bits of information.
You can easily identify these kinds of certificates by the green bar in your web browser that contains the company’s name, like PayPal.
The certificate authorities only grant these kinds of certificates after they have received documents that prove two things: the operational existence and location of a company and the consistency between those records.
After that, the organization that issues the certificate will issue the proper authorization to the company and the website.
For these reasons, this is the most secure type of SSL certificate when it comes to validation level.
Now, let’s go over how SSL certificates work when it comes to domains and subdomains.
SSL certificates by secured domains
One or more hostnames can get an SSL certificate, which means that the scope of a certificate can be limited.
On your certificate, you have to provide a list of subdomains that are also secured. However, this means that an SSL certificate doesn’t automatically secure domains and subdomains.
If you try to use the certificate for a subdomain that isn’t on the list, users will receive that dreaded security warning when trying to access your site.
Single-name and wildcard SSL certificates can help explain this process in greater detail, and they’re useful for securing other subdomains that you may not have included in your original certificate.
4. Single-name and wildcard SSL Certificates
Single-name SSL certificates protect one subdomain.
If you purchase a certificate for www.website.com, it won’t apply to mail.website.com.
Single-name certificates can be a great choice if you need to add a certificate to just one subdomain that you may have left out or added later when your site evolved.
Wildcard SSL certificates are also important to discuss, as they secure a number of subdomains for just one single domain.
If you purchase a certificate for www.website.com, this kind of SSL certificate will secure example.website.com as well. However, it won’t secure example.shop.website.com.
That’s where multi-domain SSL certificates come in.
5. Multi-domain SSL certificates
Multi-domain SSL certificates provide security for several different domains with just one certificate by using the SAN extension.
These certificates are usually called SAN certificates for this very reason.
With multi-domain SSL certificates, you can combine many different hostnames, regardless of whether they are from the same domain or not.
Now that you know the different types of SSL certificates, here’s how to buy one.
How to buy an SSL certificate
Once you have identified which SSL certificate works best for your site, you’ll need to have a few things on hand before you can purchase one.
To start out, you’ll need a unique IP address. You must have a separate IP address for every certificate you want to use.
If you don’t, older browsers and devices might not be able to view your website.
You can use a wildcard SSL certificate here if you have more than one subdomain on one IP address.
SSL Shopper has a list of the best SSL wildcard certificates to choose from.
You’ll also need a Certificate Signing Request (CSR). This is a piece of text that you have to create on your web server before you can order the SSL certificate.
You can generate one of these on your own easily.
The certificate authority will use the information in the CSR, such as your domain name, public key, and company name, to make your certificate.
You should also be sure that the information in your WHOIS record is correct.
When you purchase a certificate for a domain name, the certificate authority has to verify that you own it (and that you have the authority to order a certificate).
They can do this through your WHOIS record, which is a record showing contact information and ownership details for each domain name.
Essentially, a certificate authority will just make sure that the information on your WHOIS record matches the certificate order.
Some certificate authorities will even call the phone number you’ve listed, but most will just send an email to the address to verify that you are who you say you are.
You can check what the current WHOIS record for your website looks like for free by using a tool like Namecheap.
You should also have business validation documents ready to send off if you plan to purchase a certificate that requires it.
Certificate authorities can look at government databases to see if your organization is registered.
But they may also request a copy of your business registration if they can’t find it in a database or if they want extra verification.
It really depends on the certificate authority here, so you may want to check to see if your state government lists your company as an active business.
You can easily do that by searching databases on sites such as Instant SSL.
If you’re buying an extended validation SSL certificate, it’s a good idea to have these kinds of documents on hand when you place your order just in case the certificate authority asks for them.
Be sure to choose a reputable certificate authority when purchasing, too. Browsers, mobile devices, and operating systems all have a list of certificates that they trust.
If your certificate doesn’t match up with one of these, you’ve pretty much just wasted your time buying it.
The browser will just present untrusted error messages to the end user.
And this means that you could lose tons of business, especially if you’re an e-commerce site.
You’re guaranteed to lose trust from the majority of consumers if they see this error when heading to your site to browse or buy.
By using Symantec, your sites will receive a “Norton Secured Seal.”
This could help you grow your business faster by giving customers proof that you value their security with a single logo.
It’s important to note that certificate authorities are audited each year to ensure that they are following protocol to submit SSL certificates. So make sure to check this data before committing to one.
The more devices and browsers that the certificate authority embeds roots in, the more trustworthy your SSL certificate becomes.
Aside from possibly boosting your search engine ranking, SSL certificates give you a huge advantage online.
They’re especially important if you’re selling products or services.
They provide customers with confidence that you’re protecting their information and that you care enough to make it secure.
You wouldn’t just give your credit card information to anyone. And neither would your customers.
By encrypting their information with secure keys, they can have peace of mind that hackers can’t easily steal their sensitive data.
Certificates also prove to users that they can trust you as a business and believe that you are the company you say you are, rather than an impostor.
Choose a certificate that best fits your site needs, whether it’s a domain, organization, or extended validation SSL certificate.
I would recommend paying for an extended validation SSL certificate if you can, especially if you’re selling anything on your site.
However, if you aren’t selling anything on your site, a domain validated or organization validated SSL is the way to go. These are perfect for a blog site.
Don’t forget about single-name, wildcard, and multi-domain SSL certificates, either. If you just need to validate one or two sites, go with single-name and wildcard certificates.
However, if you need to certify multiple domains, choose a multi-domain SSL certificate.
Pick the best certificate depending on whether you want to certify one, several, or all of your domains and subdomains.
What’s the best advice you’ve heard when it comes to SSL certificates?