Which Type Of SSL Certificate Do I need? Know the Difference and Choose Well!
So, you’ve decided to get an SSL certificate for your website. An excellent decision! You are not only providing strong security for your website visitors’ data but also boosting your users’ trust and getting SEO benefits as an extra perk! But let’s be honest here. Buying an SSL certificate is a confusing process! Isn’t it? With different SSL brands, types of SSL certificates and price differences, the entire buying process can be daunting. If that is not enough, there are free SSL available in the market! What’s the difference and which SSL should you pick from such a large pool of options?
We totally understand this dilemma. In this article, we’ve covered the most common questions regarding SSL types:
- TLS vs. SSL certificate: What’s the difference?
- What do DV, OV, and EV SSL mean? Which is the right one for my business?
- What are multidomain and wildcard SSL? Are they really needed for my business?
- Free SSL vs. Paid SSL: What’s the real difference?
Let’s start solving these SSL riddles one by one!
Types Of SSL Certificates: Part 1- TLS vs. SSL certificate: Which one to choose?
All SSL (Secure Socket Layer) certificates are basically TLS (Transport Layer Security) certificates.
TLS is a new upgraded version of SSL. But the word SSL has been in use for a long time and people are more familiar with it. That’s why the certificate authorities (CAs) have continued to use the word SSL. In short, when CAs say SSL, they mean TLS!
SSL’s last version SSL v3 was introduced in 1996 but declared insecure in 2004. Since 2008, newer, more secure protocols such as TLS v1.2 are used by all SSL/TLS certificates. In May 2019, TLS v1.3 was introduced.
Thus, you don’t need to choose between a TLS and SSL certificate because you are by default going to get a TLS certificate.
Types Of SSL Certificates: Part 2-What do DV, OV, and EV SSL mean?
SSL certificates are categorized into 3 types based on their SSL validation process.
As you know, you won’t immediately get an SSL certificate as soon as you buy it. The Certificate authority will vet your credentials, make sure you own the claimed domain and follow any other verification processes before issuing a certificate.
The SSL certificates are divided into DV, OV, and EV categories based on the steps involved in this vetting process.
Domain Validation (DV) SSL
DV SSLs are the basic SSL certificates which have a light verification process. For DV SSL, the CA will verify whether you own the domain for which you have applied for an SSL certificate. The CA will send a verification email to a specific email id such as firstname.lastname@example.org, email@example.com, with a verification link or ask you to place a verification file on a particular location on your server.
- DV SSLs are the cheapest, easiest to get and can be issued in minutes.
- The cheapest DV SSL available in the market are Positive SSL, which you can get for less than $10/year.
- DV SSL is suitable for personal websites, blogs, and informational websites which don’t take clients’ personal or financial information via any forms or checkout process.
Organization Validated (OV) SSL
Organization Validation has stricter vetting process than DV SSL: along with verifying the domain authority, you have to prove your organizational details and local presence, then go through telephone verification, domain authentication, and a final verification call. It takes 1-3 days to complete the verification process.
- The CA will check all the required details in online government databases. If the CA doesn’t find the required details or if more information doesn’t match up, they will ask you to provide official registration documents, Dun & Bradstreet or Professional Opinion Letters (POLs).
- Websites that take customers’ personal details via any type of form (names, physical addresses, passwords, birthdates, phone numbers, email ids) are recommended to use OV SSL.
- The Cheapest OV SSL in the market is Instant SSL, which starts from $33.69/year.
Extended Validated (EV) SSL
For Extended validated SSL certificates, the CA completes a rigorous verification process. Your organization must go through all the domain validated (DV) and Organization Validated (OV) SSL’s process.
Plus, you need to prove that your company has been operating for at least 3 years and is in good standing. Only business organizations are eligible to apply for an EV SSL (not individuals).
If your company is younger than 3 years, you need to provide Bank Confirmation Letter that confirms your active checking account and/or a Professional Opinion Letter (POL), which is a notarized letter from a lawyer or accountant vouching for your company’s legitimacy.
- EV SSLs are highly recommended for financial institutions, healthcare industry and websites that are dealing with customers’ financial information (credit card numbers, bank account details, SSN, tax-related details) like websites offering eCommerce facilities, paid subscriptions, fundraisers for charity, paid memberships, etc.
- An EV SSL displays the organization’s legally registered name on the users’ address bar, before the domain name. This helps users identify the authentic company website and protect against phishing attacks.
- EV SSL starts from $88/year.
Types Of SSL Certificates: Part 3- What are multidomain and wildcard SSL? Are they needed for my business?
SSL certificates are divided into 4 categories based on the URLs they protect:
- Single Domain
- Multidomain Wildcard
Single domain SSL: As the name suggests, if you have just one website/domain name, you should get a single-domain SSL.
All single domain SSLs cover both the WWW and non-WWW version of your domain. Single domain SSLs are available in DV, OV, and EV validation levels.
Multidomain SSL: If you have multiple domains (mysite.com, mysite1.com, mynewsite.com) or domains with different extensions (site.com, site.ca, site.org, site.in, site.net, etc.), you can get all the websites covered under a single SSL certificate, called a multidomain SSL.
Multidomain SSL starts from $28/year and is available in all validation types: DV, OV and EV.
Wildcard SSL: You can secure all subdomains (mail.yoursite.com, blog.yoursite.com, billing.yoursite.com, etc.) along with your main domain under a single SSL certificate i.e., a Wildcard SSL certificate.
You don’t need to buy separate SSL for each of the subdomains and go through validation process for each of them individually — all wildcard SSLs secure UNLIMITED subdomains, irrespective of the certificate authority you choose.
Wildcard SSL is available in DV and OV validation type.
Multidomain Wildcard SSL: If you want to secure both, multiple domain names and subdomains under same SSL certificate, you should get multi-domain wildcard SSL.
Multidomain Wildcard SSL is available in DV and OV validation type.
Get Positive Multidomain Wildcard Today-Save 50%
Industry-Standard 256-bit encryption, Encrypt up to 250 different domains, Encrypt an unlimited number of sub-domains and Get Free Dynamic TrustLogo
Summary of SSL certificate types:
|Domain Validated (DV)||Organization Validated (OV)||Extended Validated (EV)|
Types Of SSL Certificates: Part 4- Free SSL vs. Paid SSL: What’s the catch?
How can we forget the last and the most significant dilemma people face regarding SSL types: Free SSL vs. Paid SSL certificates. We often hear from customers that if there is no difference between a free SSL and commercial SSL, why should we pay for that SSL certificate?
Now ask the same question again with a bit of logic. “if there is no real difference between a free SSL and commercial SSL, why people are still happily paying for SSL certificates?” There are, of course, substantial differences between free and paid SSLs.
Here is the catch:
- Free SSLs are not available in OV and EV validation types.
- You won’t get any warranty with free SSL. SSL warranties work like insurance in the event of encryption failure. Encryption failure is rare but not impossible.
- Secure site seals are visual indicators of trust. Site seals, also known as trust logo, are small images that are placed in footer and other important places like check out pages, shopping cart etc., to show your users that your website is secured by a trusted certificate authority. It is a well-proven fact that trust logos improve conversion rate. Only paid SSLs provide site seals.
Difference between a paid SSL and free SSL
|Paid SSL||Free SSL|
|2048-bit RSA Signature key.||Yes||Yes|
|Encryption up to 256-bit.||Yes||Yes|
|Removes the “Not Secure” warning.||Yes||Yes|
|Enable HTTPS connection and padlock||Yes||Yes|
|Secure Site Seals||Yes||×|
|Validity period||2 years||3 months|
|24*7*365 Live customer support||Yes||×|
Massive Discount-Get Positive SSL Today and Save 79%
Get Industry-Standard 256-bit encryption, Powerful 2048-bit signature key, $50,000 Warranty and Free Dynamic TrustLogo