SSL Certificates

Understanding the different types of SSL certificates

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInShare on VKPin on Pinterest

What happens when a client connects to an SSL-secured Web site? The first step is that the browser tries to connect to the web server, asking for its certificate, in order to verify whether the server has an SSL-secure connection or not. The latter will answer with a copy of its SSL certificate, and this way the browser can verify if the certificate is valid. If it is the case, it sends a message to the web server that it is ready to perform the SSL handshake.

Not all SSL certificates are the same. Some offer basic security like data encryption, while others offer more security properties, like authentication. In this post I will explain the different types of SSL certificates.

Self signed

Self signed certificates can be issued by anybody and thus there is no chain of trust. The certificate has been signed by itself (imagine printing your own driver’s license). The web browser will then issue a warning, telling you that the certificate cannot be verified. These kinds of certificates are useful only for testing or development environments, where data security is not essential. An example of self-signed certificate looks like this:

Self signed certificate
Self signed certificate

In terms of data confidentiality, these certificates are as efficient as any other ones, because they provide encryption. The problem is that you don’t know if the company that issued this certificate really is who it claims to be. You cannot verify if you received the certificate from the right entity. Consequently, a hacker might forge his own certificate and give it to you, playing the Man In The Middle attack.

That is why you should not use self-signed certificates in production environments, as your visitors will not trust your web site to be safe.

Domain validation

Domain validated (DV) certificates are issued based on proof of control over a domain name. In most cases, that means sending a confirmation email to one of the approved email addresses. If the recipient approves, then the certificate is issued. These certificates offer basic encryption, are cheap and relatively quick to obtain. An example of DV certificate looks like this:

Domain validated certificate
Domain validated certificate

Organization validation

A step up from DV certificates, Organization validated (OV) certificates allow a company’s information to be checked through a secure site seal. The validation procedure is stricter than for Domain Validated certificates, checking both that the applicant has the right to their domain name and that they are a legitimate business. This in turn provides greater trust between the website operator and end user. These certificates are more expensive than DV ones.

Visually, in the browser bar, OV certificates are identical to DV certificates. However, in the case of OV certificates, a site seal is also provided, that includes additional information that is more trustworthy to the user. The advantage of this certificate over a DV certificate is that it not only encrypts data, but it provides a certain level of trust about the company or organization who owns the website.

Extended validation

Extended validated (EV) certificates also require identity and authenticity verification, but with event stricter requirements. They were introduced to address the lack of consistency in OV certificates. They offer a greater degree of authentication and inspire a greater level of trust, so it’s no surprise that the validation procedures are extensively documented. The reason behind this is that hackers usually go after high profile domain names. Because of this, Certificate Authorities refuse to issue certificates for them without careful and manual confirmation. Unlike DV certificates that can be quickly obtained, it can take days or even weeks to obtain an EV certificate.

These certificates are much more expensive, but you will get the most trusted symbol on the internet: the green address bar, along with a dynamic site seal and business’s name. An example of such certificate looks like this:

Extended Validation certificate
Extended Validation certificate

The table below compares the existent types of certificates and the level of security guaranteed by each one.

Type Cost Issuance Time Encryption Business vetting Dynamic
site seal
Verified
company name
next to URL
Self Signed Free 0-1 minutes
DV 5-10 $ 1-5 minutes
OV 30-50 $ 1-2 days
EV 100-500 $ 1-10 days

Conclusion

I hope that this post gave you a better understanding of the existent types of SSL certificates and that helped you make the right choice when choosing one for your business. The certificate you choose to purchase depends entirely on your needs. If you provide e-commerce services and collect sensitive user information, then an EV certificate is essential in order to maintain a trusted communication with your clients. On the other hand, if you’re running a small blog, an DV or OV certificate should be enough.

13 thoughts on “Understanding the different types of SSL certificates

  1. This is really fascinating, You’re an overly skilled blogger.I have joined your feed and sit up for searching for extraof your wonderful post. Also, I have sharedyour web site in my social networks

    http://www.vividleds.us/

  2. 只需要上網辦理手續,手續簡單,提供最貼心的方案 樓宇按揭貸款- 中國及海外業務| 中國業務| 海外業務. … 永隆銀行竭誠為您實現置業大計,提供一站式的國內樓宇按揭貸款服務,透過本行的專業服務及靈活貸款安排, …

    http://wealthlink.hk/?page_id=228

  3. 日本農場成功研發可連皮吃香蕉 味道竟然似菠蘿 Marie Claire (HK) Edition 眾所周知,生果含有豐富的維他命和纖維,水果皮的營養價值更是勝於果肉,不過鑑於果皮苦澀難吞,因此大部分人食生果都有去皮的習慣。最近日本一家農場培育出一種可以連皮吃的香蕉,不但比傳統香蕉更有營養,連味道也

    https://cosmetic.wiki/tag/潤澤防曬底霜

  4. SAMI MOKBEL AT THE EMIRATES: Liverpool laid down a statement of intent by opening their Premier League campaign with a thrilling 4-3 victory over Arsenal. Arsenal 3-4 Liverpool – PLAYER RATINGS: Sadio Mane is divine on his debut but Rob Holding is given a baptism of fire

    https://bit.ly/2JCArSc

  5. Simon Jones is Sportsmail’s man on the inside of all the major transfer moves. His column offers an insight into the deals which will be done and those that won’t. Adebayor in line to complete Real Madrid move as Chelsea consider De Rossi swoop

    https://bit.ly/2S3sXus

Leave a Reply

Your email address will not be published. Required fields are marked *