SSL Certificates Overview - Which to Buy?

For online shops and websites of a community where users enter and transmit confidential or private data, security and data protection are important topics. Website operators must deal with methods to ensure the necessary security. SSL certificates offer the appropriate solution. Thanks to the special encryption technology, the connection between the user and server can be secured. Nowadays, there is a huge number of different certificates from various providers on the market. Customers are often unsure which is the right certificate for their own website. We help you keep track.

What is an SSL Certificate and what is it used for?

When transmitting data over open networks like the Internet, encryption helps ensure that unauthorized third parties cannot read the transmitted data. The most commonly used protocol for secure data transmission is the SSL (Secure Socket Layer) protocol. This ensures the secure exchange of data between the sender and the correct recipient. This encryption technology requires certificates that confirm the identity of a computer. Special Certification Authorities (CA) provide the necessary certificates.

What are the different types of SSL certificates?

To find the right certificate according to your needs, you can choose from various types of certificates. The criteria that differentiate the individual certificates are as follows:

• Encryption Strength
  Certificates are offered with 128-bit or 256-bit encryption.
   
• Validation
  Both domain-validated and identity-validated certificates are available.
   
• Browser Compatibility
  Certification authorities have varying browser acceptance.
   
• Trust Seals
  Static or dynamic site seals can be used.
   
• Certificate Type
  Different certificates can apply to one or multiple domains and can be used for subdomains.

As there are now numerous certification authorities from different countries, it is sometimes not clear which company stands behind which product. To achieve the highest level of trustworthiness, when choosing the certification authority, it is advisable to rely on large and well-known companies such as VeriSign, GeoTrust, Comodo, etc.

How do I find the right certificate?

There are different certificates available for various purposes. In general, certificates can be divided into three categories:

Domain Validation

These types of certificates are suitable for private websites such as forums, blogs, or smaller websites of any kind. Domain ownership is only verified via email and therefore does not offer identity validation. The advantage is that the setup can be completed within a few minutes and certificates of this kind are available at affordable prices. A static site seal can be embedded on the website after authentication to indicate SSL encryption. However, particularly inexpensive certificates from lesser-known certification authorities may not always be accepted by all browsers.

• For private websites
• Static Site Seal
• Domain verification via email
• Quick setup
• Low browser acceptance

Organisation Validation

Commercial websites such as online shops, corporate sites, customer interfaces, or email services should rely on organisation-validated certificates. In addition to domain ownership, an identity check of the applicant is carried out. This means that the identity of the domain owner is confirmed based on the commercial register extract, bank details, and sometimes telephone contact. Certificates of this kind take longer to set up and are accordingly more expensive. Dynamic Site Seals, which authenticate the certificate holder with name and address, can be integrated into the website to increase visitors' trust. Issuers of organisation-validated certificates also have higher browser acceptance.

• For commercial websites
• Dynamic Site Seal
• Domain and identity verification
• Higher browser acceptance

Extended Validation

Extended Validation is primarily aimed at websites with high security and reputation standards, such as large online shops, government sites, online banking, or well-known corporate sites. Similar to organisation-validated certificates, domain ownership and identity are verified here. The guidelines are even stricter, for example, the certificate can only be issued to natural persons registered in a public register. Setting up these certificates is the most complex and incurs the highest costs. In addition to a dynamic Site Seal that provides and verifies real-time data about the owner, an additional feature is that the browser's address bar is coloured green for visitors to the website. These measures ensure the highest level of trust among visitors. Extended Validation certificates also support many older browsers.

• For representative websites
• Dynamic Site Seal
• Green address bar
• Domain and identity verification
• Highest browser acceptance

In addition to the three different validation options, three different types of certificates can also be distinguished:

SSL Certificate for a Domain
If the SSL Certificate is intended for a single domain, a Single Root Certificate is required. This can be used to protect a domain such as www.mydomain.co.uk. This type of certificate is possible for all validation variants.

SSL Certificate for Multiple Domains
If you want to secure multiple domains with SSL, you will need a Multi-domain SSL certificate. This allows SSL encryption to be used on multiple domains such as www.mydomain.co.uk and www.myshop.co.uk. These types of certificates are available for all validation types.

SSL Certificate for Multiple Subdomains
If you want to secure various subdomains with SSL encryption, you should use Wildcard SSL certificates. This allows SSL to be used on subdomains like shop.mydomain.co.uk and mail.mydomain.co.uk. These certificates cannot be used with an Extended Validation certificate as they are not issued for subdomains.

Conclusion

The vast array of different certificates may seem confusing at first glance, but it offers the advantage of being able to find a suitable certificate for every requirement. Before implementing an SSL certificate on your own web project, it is important to consider the criteria that need to be met and the available budget. Following this, a suitable choice can be made from the available providers.