Guide on Choosing SSL Certificate
The growing hazard of hacks, phishing and other malicious online activities makes world being more and more focused on the online security. Those who work in the industry for a long time most likely noticed how many attention is brought to Secure Socket Layer (SSL) certificates nowadays. The biggest players on the market reiterate the necessity of encryption which will change the industry and make the Internet a more secure place. Thus if your website doesn’t have HTTPS, you risk not to suffer losses in your SEO and even more.
You may know about getting SSL for free and such things as Lets Encrypt SSL. This article is not about them but about choosing a proper commercial certificate. The free SSL certs are covered in a separate material.
So, you decided that you need to follow the global trends and you need to install SSL certificate on your website. You may notice that there are quite a few options from different SSL certificate providers so let’s find out what to start from.
SSL Encryption Levels
The main purpose of SSL is not clear for many people as it’s somewhat technical. Thus there is some volume of misbelief. There are two main technical parameters of encryption – a key size for asymmetric encryption (2048/4096-bit) and a key size for symmetric encryption (128/256-bit).
Asymmetric encryption means different keys are used for encryption and decryption and actually depends on the certificate and private key. In most cases, 2048 bit is considered as sufficient till the 2030 year and 4096 bit is rather overkill which requires much more CPU resources for work.
Symmetric encryption means the same key is used both for encryption and decryption and depends on settings of client’s browser and server the website certificate is installed on.
SSL Validation and the Level of Trust
To begin with, you need to define the required level of trust for your website. There are three levels:
Domain Validation (DV) – the lowest level and the cheapest. You receive the encryption which already provides security but the only thing the certificate proves is that administrator of the website owns this particular domain name.
Organization Validation (OV) – these certificates have the same level of security as DV but suppose business validation. So, basically, having OV on your website means your visitors will be sure that your organization runs this website. Though to do that they need to check SSL certificate details.
Extended Validation (EV) – the highest level and the most expensive. Having EV certificate installed means your visitors will see a nice green bar with your company name on it. Though the encryption level is the same as for both DV and OV.
Which level of trust to select? Mostly this depends on your purpose and resources. A website which conducts financial operations (such as an online store) should have EV to gain the trust of clients. A company website (when you don’t sell products from it) can have OV. In both cases, you will need to have a legal entity. If you don’t worry about brand identity and only need the encryption then DV would be enough for you.
It is important that obtaining OV and EV will require a lot of efforts as compared to DV due to their higher validation standards.
The Number of Domains to Cover
At the same time, SSLs vary according to the number of domains you may cover with it.
Single domain – means you can install SSL for one domain only (e.g. hostinsider.net). The good news is that www. A subdomain is included as well.
Multi domain – you can cover numerous domain names with one certificate (e.g. hostinsider.net, hostinsider1.net, and hostinsider2.net would have the same server certificate).
Wildcard – in terms of SSL certificate wildcard means all subdomains related to your domain name will have SSL installed. (e.g. mail.hostinsider.net, payment.hostinsider.net) and so on.
Each of these certificates may at the same time by DV, OV or EV (except for wildcards. There are no wildcard EVs).
A single domain option is a reasonable decision if the entire information on your website is located on one domain name. No need to overpay in this case.
Multi domain works well for parked domains. You may have a group of similar domains of different TLDs such as yourcompany.com, yourcompany.net, yourcompany.org. Or this can be a group of different online stores which work under one company name.
Wildcard is a good idea for WordPress multisites which use subdomains. Also, it is good for covering some separate functions of your website such as mail.
SSL Warranty Level
Different providers offer different volume of warranty for your visitors who suffer a loss from a mis-issued certificate. It is important to know that the warranty is paid to the victim, not to the certificate owner. Also, the loss is to be proven. There is a special certification center which resolves such disputes. Warranty may vary from $10k for single domain DVs to more than $1 million for EVs. However, hardly this is a crucial parameter when you’re choosing a certificate.
SSL Providers – Trusted Certificate Authority List
There are several SSL providers out there so below you can find short description below:
Comodo – this ssl certificate authority has near 40% of market share. They are really locked on the Internet security and their interest spread beyond just SSL certificates. So, these guys know what online security is. They have many SSL products for different segments of the market so everyone can find a suitable product with Comodo.
On the other hand, in 2011 there was a known security incident with this certificate authority with the fraudulent issue of certificates. Anyway, we are sure these guys learned their lessons.
IdenTrust – they hold near 30% of the market but that’s a b2b provider which is used mostly by banks.
Symantec Certificate Authority – a direct competitor of Comodo. They target on a niche of more expensive certificates. However, they also include GeoTrust and RapidSSL certificate company where you can buy a DV at $59. Also, you need to know about Symantec’s recent conflict with Google.
Go Daddy Secure Certificate Authority G2 – a well-known domain provider also has their own SSL service with products for different needs and budgets.
There are even more certificate providers and I hope you will find the more suitable one thanks to these recommendations. Be safe!
Some recommended reading – What is CAA record?