What are the different types of SSL certificate?
Secure Socket Layer (SSL) Certificates have become a necessary requirement for anyone looking to build trust with their users and provide a secure connection. Without an SSL certificate, your website is going to look unprofessional, untrustworthy and unsecure. Browsers will warn visitors that your website isn’t providing an encrypted connection and this can be hugely detrimental if you’re running an ecommerce website or governmental website.
SSL Certificates work by using private and public keys to encrypt the visitor’s information on the website, meaning that attackers can’t intercept the information being sent to the website.
This blog post will explain the following types of SSL certificate:
DV SSL Certificates are the most commonly purchased SSL certificates. This form of certificate validates the domain name and associated email address, to check the applicant’s right to use the domain name.
This is the lowest form of validation and there’s no checks on the company’s identity or integrity. This will mean that in the browser, the user will not be able to see the full identity of the person holding the website they’re visiting.
While this type of certificate has less validation than other types of SSL certificates, your information will still be encrypted to the same level.
This type of SSL certificate works perfectly for anyone looking for a low cost, quick and easy-to-install SSL certificate for their website. This provides an encrypted connection to your users and helps build trust in your customers.
This type of certificate has a much higher level of validation than a DV SSL certificate. With this certificate, the same checks are made as for a DV certificate, however extra information is gathered from the organization requesting the SSL certificate. Agents will authenticate the organization against governmental registry databases and the organization will be required to provide the Certificate Authority (CA) with the necessary business information.
The level of encryption is functionally the same as a DV certificate however when the user selects the padlock, they are given much more information about the organization running the website that they’re sending the data to. This might include the company name or geographical location for example.
Visually, many browsers don’t indicate much of a difference between the OV and DV certificates, however much more information about the organization is provided. This helps show users that your organization is a legitimate one, and that their information is safe with you.
This is the highest level of validation available for an SSL certificate. Rigorous vetting is performed and every aspect of the companies business identity is examined. Specific guidelines for EV validation must be followed by the Certificate Authority before the certificate can be issued to the applicant. This means that illegitimate businesses will be unable to use this form of certificate; therefore reassuring visitors that the organization holding their website is a trusted, legitimate business and not a scam website or fake business. (ADD SOME MORE)
Functionally the EV certificate encrypts the visitor’s information the same way any other certificate does, but the most noticable difference between the other certificates is that the EV SSL certificate shows the green bar in the browser along with the companies name – as opposed to just the green padlock sign. Clicking on this will display relevant information about the company and identifies the physical company who are holding the domain.
In the following examples we have the Comodo website with an EV SSL certificate, and Wikipedia’s website with a regular SSL certificate.
An EV SSL certificate is best suited for those running an ecommerce website, governmental institutions or corporate business. Using an EV SSL certificate allows you to build trust in your users which can in turn increase sales in an ecommerce environment. Potential customers will no longer be turned away by a lack of transparency on your website.
A self signed SSL certificate doesn’t require any validation from the certificate authority, and anyone can create one without any sort of proof of business identity or proof of intent.
For this reason, a self signed certificate is not trusted on almost all common browsers, meaning if you have a self signed certificate applied to your website then users who visit will be warned.
As a result, self signed certificates should never be considered for a public-facing website.
Below is an example of an error you might see when visiting a website with a self signed certificate
Need to secure your website? Look no further – visit our website to see our range of SSL certificates.