SSL/TLS continues to play the most crucial role in online privacy, encryption, and authentication. However, the rise of malware is still a concern for organizations and individuals.
SSL/TLS certificates play a significant role in websites creating a secure channel for communication on the internet so that all the bits of data are protected using a safe process that users can trust.
SSL/ TLS was introduced in 1995, and it soon became the most preferred way of securing data communication on the internet.
SSL certificates can be classified based on secured hostnames/domains and the basis of validation levels.
Types of SSL Certificates based on the validation level:
1) Domain Validated SSL certificate
This type of validation is the lowest level/primary level of validation type. In this kind of certificate, the Certificate Authority makes sure that the organization exercises control on the domain that is being certified.
Verification is typically done over email. The company needs to make some changes to DNS records or upload a file that is provided by the CA for the domain.
A certificate will be issued to the organization just by proving control on the domain. It just takes a few minutes or a few hours to obtain this kind of certificate.
The expense incurred in getting this kind of certificate is minimal as no human involvement is needed the browser will show a secure HTTP connection when this kind of certificate is presented.
2) Organization Validated SSL certificate
This certificate that carries organization validation needs organization existence for verification. The CA does a high level of validation on the application of the organization in this case. The CA will make contact with the company to ensure that it is authenticated by checking its registration documents.
In this case, the CA verifies that the domain belongs to the company whose information is part of the certificate. It takes a few days to obtain this kind of certificate.
The expense incurred in this case a higher than the domain validated certificate as human intervention is involved. The certificate, in this case, will display the information of the company in details of the certificate.
3) Extended Validation certificate
It is the strictest level of validation. In this, the CA carries out validation of ownership, physical location, legal existence and organization information of the organization.
It also authenticates that the company is aware of the request made for the SSL certificate before approving it. The CA validates the ownership, organization information, physical location, and legal existence of the company.
The company is required to submit documentation, and a lot of other checks are carried out by the CA before they certify the organization identity. It takes a few days to obtain this kind of certification.
The expenses to get this kind of certificate requires a bit more money. The browser will show a green bar along with the name of the company in this case.
Coming to the basis of domains covered by the certificate, we can be organized in the following types:
4) Single Name SSL Certificates
Singe name SSL certificate protects a single subdomain (hostname). For example, if you obtain a certificate for www.123domain.com, it will not cover my.123domain.com.
If you obtain a single name certificate for your www hostname (example: www.123domain.com), the certificate may also cover the root domain (123domain.com) based on the discretion of certificate issuing authority. You can find single domain SSL at a lower cost with up to 2 yr validity.
5) Multiple SSL SAN Certificates
A Subject Alternative Name (SAN) certificate allows the use of the certificate for multiple domain names.
For example, if you have a certificate for 123mydomain.com, you could add more SAN values to get the same certificate to protect 123mydomain.org and 123mydomain.net along with 123mydomain.com.
In most of the cases, you are allowed to change the SAN values any time in the life span of the validity of the certificate – all you will need to do is change the SAN value, and then get it reissued.
It is a cost-saving certificate and helps the certificate manager in managing a single certificate for multiple domains.
6) Wildcard SSL Certificates
A Wildcard SSL certificate provides coverage for securing multiple subdomains using the same certificate. In a lot of cases, the wildcard certificate makes more sense than obtaining a Subject Alternative Name (SAN) certificate because it provides coverage for an unlimited number of subdomains and you do not even need to specify them at the time you are purchasing the certificate.
You will be able to add the first level of subdomains with no need for redeploying the certificate. For instance, you can make use of a wildcard certificate for domain name *.123mydomain.com and that same certificate will also cover my.123mydomain.com, my1.123mydomain.com and any other subdomain of 123mydomain.com.
The wildcard use here means that certificate has been provisioned for *.123mydomain.com so that the certificate will work with all matching patterns with no reissue of the certificate required.
Given that the requirements of all certifications are different, from the low priced (DV certificates) to the high priced certificates for strict business validation (EV SSL Certificates); you would need to decide which one fits your requirements based on your business budget, documents, and location, etc.