As the internet began transforming into a more commercial space in the 1990s, there was a growing need for encrypted communication channels. This is why Netscape developed a secure protocol known as a secure sockets layer (SSL). This evolved into what’s now known as transport layer security (TLS) with TLS version 1.2 and TLS 1.3 currently in use. SSL/TLS helps to facilitate the encryption of the data transmission channel between a client (an end user’s browser) and the server it’s talking to with the intent of hindering cybercriminals from stealing data over the wire.
As time progressed , the players in the field of SSL/TLS certificates came up with different product offerings to suit the various needs of their customers. Let’s take a quick look at some of these products and what they have to offer.
Features of Different SSL/TLS Certificates
Listed below are the generic features of SSL/TLS certificates.
- Safety and Convenience: SSL creates an encrypted channel between the client and the web server via a process known as a TLS handshake to prevent any plain text information or data leakage. A commercial SSL/TLS certificate typically includes or enables:
- A site seal;
- A secure, encrypted HTTPS connection;
- Browser security indicators; and
- 128- to 256-bit strong encryption along with 2048-bit RSA signature key.
- Server Authenticity: SSL/TLS authenticates the server, so the client knows that it’s talking to the real one.
- Extensibility: SSL/TLS is configured to use most modern encryption and hashing algorithms. The client and server can negotiate the algorithms they want to use during communication through the TLS handshake process.
- Warranty: Every paid SSL certificate comes with a warranty — the amount of which varies based on the type of certificate purchased.
- Browser Compatibility: SLS certificates are trusted by virtually all major browsers.
- Reissuance Policy: Paid SSL certificates frequently come with free, unlimited re-issuance.
SSL/TLS Certificate Validation and Cost Comparison
SSL/TLS certificates are classified based on their three validation levels (DV, OV, and EV) and four types of functionality.
Domain Validation (DV) SSL
Domain validation is the least stringent form of validation. Here, the CA only verifies whether the applicant has rights to the specific domain name (typically through email verification). No additional information is vetted, and DV certificates can be issued and deployed within minutes. Though not the best option for websites that need to assert identity, it works for small-scale sites that do not collect any personally identifiable information (PII) or sensitive data.Get a DV SSL certificate starting at as little as $9.98 per year
Organization Validation (OV) SSL
Organization validation is one of the most viable options for enterprise environments and intranets. The CA not only verifies that the applicant has rights to the specific domain name but also conducts additional investigations of the applicant’s organization on a basic level. This information is displayed on the certificate for enhanced trust from the site’s end users. Finding the balance between its DV and EV counterparts, which we will discuss momentarily, OV SSL can also be used to secure IP addresses.Get an OV SSL certificate starting at $33.69 per year
Extended Validation (EV) SSL
As part of the extended validation process, the CA will do an intense verification of the site’s ownership as well as the legitimacy of the company. Applicants will need to provide acceptable documents about the organization during the vetting process to attest that they have rights to the specific domain and the business is genuine. It ensures a thorough investigation is performed on the company, and this information is displayed on the certificate. It’s the only certificate that enables the organization’s name to appear in the web address bar to indicate your website’s identity.Get an EV SSL certificate starting at $88.00 per year
Single Domain SSL Certificates
This type of certificate covers one fully qualified domain name (i.e., www.yourdomain.com). It does not include any other domain, though. If generated with the WWW, most CAs secure the non-WWW version as well. A single domain SSL certificate is available for all levels of validation.
Multi Domain SSL Certificates
Multi domain certificates are also referred to as UCC/SAN certificates, which stand for “unified communications certificates” and “subject alternative name” domains. One certificate covers multiple domains (i.e., www.yourdomain.com, www.site.com, www.example.net, etc.), and applicants have the option of adding or deleting SANs based on their needs . All domains will have the same level of validation.
These types of certificates from Sectigo can cover up to 250 domains total with the primary domain entered as the fully-qualified domain name (FQDN) in the certificate signing request (CSR) and the rest listed as subject alternative names.Get a multi domain SSL certificate starting at $29.00 per year
A wildcard SSL certificate is issued to secure an unlimited number of subdomains at the first level.For example, *.site.com will secure blog.site.com, products.site.com, dev.site.com, etc. Unlike other SSL certificates, wildcards are only available with DV and OV validation. extended validation is not an option for wildcard SSL certificates.Get a wildcard SSL certificate starting at $87.33 per year
Multi Domain Wildcard SSL
The most versatile of all SSL/TLS certificates, multi-domain wildcard SSL certificates, secure up to 250 domains or hostnames, as well as their multiple levels of subdomains, using a single certificate. For example, can be used to secure *.site.com, *.example.com, *.blog.site.com, etc.Get a multi domain SSL certificate starting at $174.13 per year