SSL Certificate Details

6 Options for SSL Certificates to Secure Your Website

Building customer trust or obtaining customers’ confidence in your business website is a must. The best way to accomplish this trust is to install a SSL certificate. SSL (Secure Sockets Layer) certificates are used to secure website pages when submitting necessary sensitive information. Sensitive information can be in the form of payment methods, online services such online banking, and account login websites. SSL certificates can also be used to gain an end user’s trust. Google has incentives for website owners to install SSL certificates for search engine rank benefits. When the SSL certificate is installed to a website, the URL will change from http to https. A padlock will appear in the URL address bar. This builds immediate trust with those visiting your site.

A Certificate Authority (CA), a trusted third party, generates and issues SSL certificates for websites. There are a variety of types of SSL validation levels. It’s important to be familiar with them to know which to install.

Below is a list of the different types of SSL certificates that can be purchased.

  • Domain Validated Certificates (DV SSL)
  • Wildcard SSL Certificates
  • Organization Validated Certificates (OV SSL)
  • Extended Validation Certificates (EV SSL)
  • Multi-Domain SSL Certificate (MDC)
  • Unified Communications Certificate (UCC)

Here is more detail:

Domain Validated Certificates (DV SSL)

Domain Validated SSL Certificates have a low assurance and basic encryption typically for blogs or informational websites. The validation process to obtain this SSL certificate is minimal. The process only requires for website owners to prove domain ownership by responding to an email or phone call. This SSL certificate type is one of the least expensive and fastest to obtain. The browser address bar will only display HTTPS and a padlock. The business name will not be included. If you do not need extra assurance for your website visitors, then you would install a Domain Validation SSL certificate.

Types of Browser Views with DV SSL Certificates

All browsers will only show a green padlock and HTTPS.

Wildcard SSL Certificates

Wildcard SSL certificates are used to secure a base domain and unlimited subdomains. Purchasing a wildcard SSL certificate is cheaper than purchasing several single domain SSL certificates. OV Wildcard SSL certificates or DV Wildcard SSL certificates are available for purchase. Wildcard SSL certificates will have an asterisk * as part of the common name. The asterisk * will represent any valid subdomain that has the same base domain. For example, the common name can be *.example.com. This SSL certificate can be installed for install.example.com, list.example.com, etc.

Organization Validated Certificates (OV SSL)

Organization Validation SSL certificates’ main purpose is to encrypt user’s sensitive information during transactions. This version of the SSL certificates has a high assurance similar to the EV SSL certificate which is used to validate a business’ creditably. This SSL certificate type also displays the website owner’s information in the address bar to help distinguish from malicious sites. OV SSL certificates are the second highest in price. Commercial or public facing websites have a requirement to install an OV SSL certificate to assure that any customer information shared remains confidential. To obtain an OV SSL certificate, the website owner will need to complete a substantial validation process. A Certification Authority (CA) will investigate the website owner to see if they have the right to their specific domain name. Once the SSL certificate is installed, the business information will be displayed in the browser address bar.

Types of Browser Views with OV SSL Certificates

  • Chrome shows padlock, business name, country code and HTTPS in green font.
  • Firefox shows a green padlock, business name and country code in green font, and HTTPS.
  • Microsoft Edge shows a green padlock, business name and country code in green font, and HTTPS.
  • Safari will show the green padlock and the name of the business.

Extended Validation Certificates (EV SSL)

The highest ranking and most expensive SSL certificate is an Extended Validation Certificate. This type of SSL certificate, when installed, will display on the browser address bar, the padlock, HTTPS, name of the business, and the country. Displaying the website owner’s information in the address bar will help distinguish the site from malicious sites. To receive this type of SSL certificate, the website owner will need to go through a standardized identity verification process to confirm the website owner is authorized legally to the exclusive rights to their domain. EV SSL certificates are used, in high profile websites, for applications that require identity assurance such as collecting data, processing logins or online payments.

Types of Browser Views with EV SSL Certificates

  • Chrome will show a padlock, HTTPS, the name of the business, and the country code in green font.
  • Firefox will show a padlock, the name of the business, and the country code in green font and HTTPS.
  • Microsoft Edge will show a padlock, the name of the business, and the country code in green font and HTTPS.
  • Safari will show the green padlock and the name of the business.

Multi-Domain SSL Certificates

Multi-Domain certificates can secure up to 100 different domain names and subdomains using a single certificate which helps save time and money. You have control of the Subject Alternative Name (SAN) field to add, change, and delete any of the SANs as needed. Domain Validated, Organization Validated, Extended Validated, and Wildcard SSL types are available as well. Here are some domain name examples that can be secured with just one Multi-Domain SSL certificate:

  • www.domain.com
  • www.domain.in
  • www.domain.org
  • domain.com
  • checkout.domain.com
  • mail.domain.com
  • secure.exampledomain.org
  • www.website.com
  • www.example.co.uk

Unified Communications Certificates (UCC)

Unified Communications Certificates (UCC) are also considered Multi-domain SSL certificates. UCCs were originally designed to secure Microsoft Exchange and Live Communications servers. Today, these certificates can be used by website owners. This type of SSL certificate allows multiple domain names to be secured on a single certificate. UCC Certificates are organizationally validated and display a padlock on a browser. UCCs can be used as EV SSL certificates to give website visitors the highest assurance through the green address bar.

Conclusion

There is a great importance to having SSL certificates securing websites. Giving website visitors’ confidence in their safety is key to having a successfully website.

Remember:

  • If a website has HTTP instead of HTTPS, then the browser will send all the information as plain text to the web server. If anyone is watching the web traffic, they will be able to see that information.
  • If the website has a SSL certificate installed and using HTTPS, then the web traffic will be encrypted. This is of great importance for collecting any customer’s sensitive information.
  • Lastly, Google has incentives for websites that have SSL certificates installed. And helping Google to rank your website higher should be at the top of your list.
Alpha SSLAlpha SSL WildcardOrganizational SSLExtended Validation SSL
Trust LevelGoodGoodExcellentHighest Level
Verification RequirementsDomain OwnershipDomain OwnershipFull Company VettingExtended Verification
Warranty$10,000$10,000$1.25 Million$1.5 Million
SHA-256 EncryptionYesYesYesYes
Validity Period1 and 2 Years1 and 2 Years1 and 2 Years1 and 2 Years
Issuance SpeedSame DaySame Day1-2 Business Days3-4 Business Days

Definitions

Certificate Authority (CA)

A certificate authority (CA) is a trusted entity that issues electronic documents that verify a digital entity’s identity on the Internet. The electronic documents, which are called digital certificates, are an essential part of secure communication and play an important part in the public key infrastructure (PKI). Certificates typically include the owner’s public key, the expiration date of the certificate, the owner’s name and other information about the public key owner. Operating systems (OSes) and browsers maintain lists of trusted CA root certificates to verify certificates that a CA has issued and signed.

Digital Certificate

A digital certificate is an electronic “passport” that allows a person, computer or organization to exchange information securely over the Internet using the public key infrastructure (PKI). A digital certificate may also be referred to as a public key certificate.

Just like a passport, a digital certificate provides identifying information, is forgery resistant and can be verified because it was issued by an official, trusted agency. The certificate contains the name of the certificate holder, a serial number, expiration dates, a copy of the certificate holder’s public key (used for encrypting messages and digital signatures) and the digital signature of the certificate-issuing authority (CA) so that a recipient can verify that the certificate is real.

To provide evidence that a certificate is genuine and valid, it is digitally signed by a root certificate belonging to a trusted certificate authority. Operating systems and browsers maintain lists of trusted CA root certificates so they can easily verify certificates that the CAs have issued and signed. When PKI is deployed internally, digital certificates can be self-signed.

Private Key (Secret Key)

In cryptography, a private key (secret key) is a variable that is used with an algorithm to encrypt and decrypt code. Quality encryption always follows a fundamental rule: the algorithm doesn’t need to be kept secret, but the key does. Private keys play important roles in both symmetric and asymmetric cryptography.

Most cryptographic processes use symmetric encryption to encrypt data transmissions but use asymmetric encryption to encrypt and exchange the secret key. Symmetric encryption, also known as private key encryption, uses the same private key for both encryption and decryption. The risk in this system is that if either party loses the key or the key is intercepted, the system is broken and messages cannot be exchanged securely.

Asymmetric cryptography, also known as public key encryption, uses two different but mathematically linked keys. The complexity and length of the private key determine how feasible it is for an interloper to carry out a brute force attack and try out different keys until the right one is found. The challenge for this system is that significant computing resources are required to create long, strong private keys.

Secret-key ciphers generally fall into one of two categories: stream ciphers or block ciphers. A block cipher applies a private key and algorithm to a block of data simultaneously, whereas a stream cipher applies the key and algorithm one bit at a time. Symmetric-key encryption is much faster computationally than asymmetric encryption but requires a key exchange.

Public Key

In cryptography, a public key is a large numerical value that is used to encrypt data. The key can be generated by a software program, but more often, it is provided by a trusted, designated authority and made available to everyone through a publicly accessible repository or directory.

A private key is another large numerical value that is mathematically linked to the public key. In asymmetric cryptography, whatever is encrypted with a public key may only be decrypted by its corresponding private key and vice versa.

PKI (Public Key Infrastructure)

A public key infrastructure (PKI) supports the distribution and identification of public encryption keys, enabling users and computers to both securely exchange data over networks such as the Internet and verify the identity of the other party.

Without PKI, sensitive information can still be encrypted (ensuring confidentiality) and exchanged, but there would be no assurance of the identity (authentication) of the other party. Any form of sensitive data exchanged over the Internet is reliant on PKI for security.

Elements of PKI

A typical PKI consists of hardware, software, policies and standards to manage the creation, administration, distribution and revocation of keys and digital certificates. Digital certificates are at the heart of PKI as they affirm the identity of the certificate subject and bind that identity to the public key contained in the certificate.

A typical PKI includes the following key elements:

  • A trusted party, called a certificate authority (CA), acts as the root of trust and provides services that authenticate the identity of individuals, computers and other entities
  • A registration authority, often called a subordinate CA, certified by a root CA to issue certificates for specific uses permitted by the root
  • A certificate database, which stores certificate requests and issues and revokes certificates
  • A certificate store, which resides on a local computer as a place to store issued certificates and private keys

A CA issues digital certificates to entities and individuals after verifying their identity. It signs these certificates using its private key; its public key is made available to all interested parties in a self-signed CA certificate. CAs use this trusted root certificate to create a “chain of trust” — many root certificates are embedded in Web browsers so they have built-in trust of those CAs. Web servers, email clients, smartphones and many other types of hardware and software also support PKI and contain trusted root certificates from the major CAs.

Along with an entity’s or individual’s public key, digital certificates contain information about the algorithm used to create the signature, the person or entity identified, the digital signature of the CA that verified the subject data and issued the certificate, the purpose of the public key encryption, signature and certificate signing, as well as a date range during which the certificate can be considered valid.

Additional Information

If you have additional questions about SSL Certificates and security please contact us directly.