SSL Types
Find the right type of SSL/TLS certificate that meets your requirement
If you’re in the market for an SSL certificate, the chances are that you’ve been bogged down by a multitude of acronyms and the various varieties – DV, OV, wildcard certificates, and so on. There are several different types of SSL/TLS certificates, and almost all of them have but one primary goal – data security. We understand that it’s not feasible to figure out which one is best suited for your needs all on your own, so we’ve gone ahead and categorized these offerings based on their functionality and validation levels to nudge you in the right direction.
SSL/TLS Certificates: Classified According to Their Validation Levels
Domain Validated (DV) Certificates
Domain validation (DV) is the easiest and the least involved form of validation. With DV, the certificate authority (CA) only has to determine if the applicant can provide evidence to prove the domain ownership of the specific domain name. This is typically achieved via email verification though there are other ways to get it done if you don’t have access to the registered email id. Since no additional information is verified by the CA, DV certificates can be issued and set up within minutes. It is well suited for personal websites and blogs. However, if your business processes personally identifiable information (PII) or sensitive data, it is not the recommended solution.
Organization Validation (OV) SSL
Organization validation or OV SSL certificates are one of the most suitable options for business environments and intranets. The CA conducts a much more thorough investigation as compared to DV certificates and not only verifies the applicant’s right to the domain but also examines the organization information on a basic level. The company information is showcased on the certificate to inspire trust in customers and provide business authenticity. OV SSL falls in the sweet spot between its DV and EV variants and can also be used to secure IP addresses.
Extended Validation (EV) SSL
For extended validation (EV) certificates, CA’s conduct the most intense verification of the site’s ownership as well as business information. Applicants are required to submit acceptable documented evidence to attest to the legitimacy of the organization during the vetting process. After a thorough examination, the company details are displayed on the certificate. EV SSL certificates command the highest possible trust in customers due to the extensive validation performed by the issuing CA.
SSL/TLS Certificates: Classified According to Their Functionality
Multi-Domain SSL Certificates
Multi-domain certificates, also known as UCC/SAN certificates, secure multiple domains on a single certificate by listing additional domains or subdomains as subject alternative names (or SANs).
For instance, if the common name is listed as www.domain.com, other sites like www.site1.com, www.site2.net, blog.site2.net, etc. Can be added as SANs on the same certificate. All the domains and subdomains on the certificate will have the same level of validation.
Wildcard SSL Certificates
A wildcard SSL certificate secures an unlimited number of first-level subdomains using a single certificate. The asterisk indicates the level of the subdomain to be secured, for example, *.domain.com will secure blog.domain.com, order.domain.com, and so on. All the subdomains are encrypted automatically without the need to reissue or modify the certificate every time a subdomain is added. However, wildcard certificates are only available for two validation levels – DV and OV.
Code Signing Certificates
Code signing certificates are used to securely sign software and applications. They authenticate the identity of the publisher to end-users and assure them that the program they’ve downloaded has not been manipulated by a malicious actor. These are also the only certificate that gives developers an instant reputation with the Microsoft SmartScreen filter and helps remove the “Unknown Publisher” warning messages.
Multi-Domain wildcard SSL Certificates
Multi-domain wildcard SSL certificates secure multiple domains and unlimited multi-level subdomains, all using a single certificate. Apart from the obvious advantages of convenience and ease of use, some CAs also give away additional perks such as vulnerability assessments with these certificates. However, it does not by default secure the non-www versions of the wildcard entries. Additionally, the certificate lists all the domains it secures, and if domain visibility for site visitors is a concern for your business, this certificate might not be the best bet for you.
Single Domain SSL Certificates
True to its name, the single-domain SSL certificate secures only one fully qualified domain name, for example, www.examplesite.com. Though it does not cover any other domain, if the certificate signing request (CSR) is generated with the www, most CAs automatically secure the non-www version as well. This type of certificate is available in all validation levels.
