If you’re looking to buy an HTTPS certificate, it’s natural to feel overwhelmed by the plethora of choices that are available to you. We’ll discuss the different types of SSL/TLS certificates to help you understand which one is best suited for your website. Every SSL certificate can be issued with the same encryption strength. The difference, however, lies in their validation levels and functionalities. As we look at each of these categories individually, you will get a better insight into their workings. Without further ado, let’s dive right in and get the HTTPS certificate that your business needs.
I Need to Buy an HTTPS Certificate: Which Validation Level Do I Need?
As I’m sure most of you already know, an SSL/TLS certificate establishes an encrypted communication channel between the computer of the end-user and the server with which it is communicating. An HTTPS certificate not only provides users with a secure channel, but it’s also useful when it comes to verifying the identity of the server.
SSL/TLS certificates are categorized depending on their validation levels and functionality. There are three types of validation:
- Domain Validation, or DV — DV certificates offer the lowest level of authentication, but they also have the least stringent verification process. The certificate authority (CA) merely checks to see whether the applicant owns the domain for which they’re requesting the certificate.
If you have a personal blog that you wish to make accessible over HTTPS, this might be a perfect choice. However, since DV certificates do not require a thorough verification process, they’re not the most trusted certificates. If you have a business that processes sensitive information or an e-commerce website, you should consider the other two validation levels. DV certs can be issued in a matter of minutes.Get a DV SSL certificate starting at as little as $9.98 per year
- Organization Validation, or OV — OV certificates, as the name suggests, are best suited for enterprise environments and intranets. They’re also the only certificates that can secure an IP address. The CA verifies that your company is a legitimate legal entity and may request that you to submit supporting documents as evidence. You can obtain an OV certificate once you satisfy the requirements for:
- Organization AuthenticationLocality Presence
- Telephone Verification
- Domain Control Validation
- Final Verification Call
As you can see, the vetting process is a lot more rigorous for OV than DV certs, requiring one to three business days for a CA to issue the certificate. The certificate, once issued, will contain the organization’s details, and any person visiting the website can see this information as long as they know where to look for it.Get an OV SSL certificate starting at $33.69 per year
- Extended Validation, or EV — EV certificates have the most rigorous vetting process and, therefore, offer the highest level of authentication. It may take up to five business days to issue an EV cert, but the process can be expedited.
If establishing trust in end-users is of utmost importance to your business, buy an HTTPS certificate with extended validation. Some EV certs come bundled with additional security offerings such as malware scans and vulnerability assessments. To obtain an EV cert, you will need to satisfy the following requirements:
- Organization Authentication
- Enrollment Form
- Operational Existence
- Physical Address
- Telephone Verification
- Domain Control Validation
- Final Verification Call
It’s important to note that wildcard certificates cannot be issued together with extended validation regardless of the issuing CA. In case you have multiple subdomains, consider using a subject alternative name (SAN) certificate instead, which will be discussed later, or opt for an OV cert. Also, Google Chrome and Mozilla Firefox will no longer support the green address bar that has historically been associated with EV certificates. In these browsers, the EV visual security indicator will be moved to the Page Info or Certificate Details sections (depending on the browser) for all web pages irrespective of the issuing CA.Get an EV SSL certificate starting at $88.00 per year
HTTPS Certificate: How Many Domains and Subdomains Do I Need to Secure?
- Now that we’ve explored the different validation levels, let’s look at various HTTPS certificates in terms of their functionalities Single Domain SSL Certificates — Single domain certificates are issued for only one fully qualified domain name (FQDN), e.g., www.yourwebsite.com. It can’t be used to secure any other domain. These certificates are available at all three validation levels.
- Multi-Domain SSL Certificates — Also known as SANs or unified communication certificates (UCCs), these certs secure up to 250 domains with a single certificate. All domains listed as SANs will have the same level of validation. For example, www.yourdomain.com, www.yoursite.com, www.website.com, etc. can be covered on a single SAN certificate. You can also list your subdomains as alternative names and include them on the same certificate. Multi domain certificates can be obtained for every level of validation.
- Wildcard SSL Certificates — Wildcard certs are used to secure first-level subdomains. For example, if you have a website www.site.com with multiple subdomains like mail.site.com, products.site.com, and blog.site.com, you can use *.site.com to cover all of these subdomains. These certificates can be issued with two levels of validation — DV, and OV.
- Multi Domain Wildcard SSL Certificates — As the most versatile of all the certs, multi domain wildcards can be used to secure multiple domains and subdomains at varying levels. The only limitation being that since these are wildcard certs, they can’t be issued as EV certs. However, they’re available as DV and OV certificates.
HTTPS Certificate: Other Influencing Factors
Now that we’ve discussed the major influencers, let’s look at some other factors:
- Warranties — As a general rule of thumb, the higher the validation level of the certificate, the greater the warranty. A certificate warranty exists as a safeguard to cover you from any damages in case something goes wrong with your certificate or the encryption it facilitates. Because there’s a very slim chance of something like this happening, consider all the other factors before focusing on this one.
- Price — Based upon your requirements (the level of trust you wish to develop with customers, plus the number of domains/subdomains you need to secure), you’ll usually find multiple solutions at different price points with different features. Be sure to review them all to find the one that best serves your needs.
- Support — Before making a purchase, compare the level of support offered by the different CAs or third-party. You don’t want to be left stranded just in case you run into some issues and require assistance. When you make a purchase from sectigostore.com, you’ll have access to live chat with web security experts, you can find answers in their knowledge base, or submit a ticket to the support team available round the clock each day.
- Issuance Time — As mentioned earlier, the issuance time of each certificate depends on the type of validation and the intensity of the vetting process. As a reminder, DV certs take the least amount of time, followed by OV and then EV
Needless to say, you will always want to rely on a reputed CA for all your SSL/TLS needs, so be sure to research the reputation of the CA from whom you plan to buy the HTTPS certificate. While purchasing directly from them is definitely an option, it might be more cost-effective to buy your certificate from one of their platinum partners, like sectigostore.com.