SSL (Secure Sockets Layer) certificates are files installed on web servers that digitally engrave an encrypted key. It enables encrypted exchange of data between a server and users’ browsers.
A must for payment pages and login forms, SSL certificates are used by millions of websites to decrease the risk of data ending up in the wrong hands. Additionally, they avoid being flagged by Google as unsafe.
This ultimate guide to SSL certificates will introduce you to the ten types of SSL certificates and help you decide which kind of certificate works best for you.
Note: An SSL-secured website has the HTTPS prefix at the beginning of its web address. There will also be a padlock icon on the left side of the address bar in your browser. You can click on the padlock to learn more about the website and the organization running it.
To learn what an SSL certificate is, read our article that explains how SSL certificates work.
Types of SSL Certificates – Overview
SSL certificate types differ in two basic parameters:
- Validation. The level of validation the website admin goes through prior to receiving a certificate from a Certificate Authority (CA). Validation may range from very low, to very detailed. The higher level of validation, the more authority your website will gain.
- The number of domains it can be used for. Based on the number of domains you need to protect, you can issue a single-domain SSL certificate or one that protects multiple domains.
The following sections explain each type in further details.
Types of SSL Certifications Based on Validation
All SSL certificates offer the same encryption. However, the level of validation a CA goes through to verify the website admin’s identity can vary.
The extent of checks depends on the website’s scope and the kind of data it requests from users. For example, an online store with an intricate payment system requires more checking than a site used solely for blogging.
The three types of SSL validation are:
- Domain validated certificates (DV SSL)
- Organization validated certificates (OV SSL)
- Extended validated certificates (EV SSL)
Domain Validated SSL Certificates (DV SSL)
DV SSL certificates require the lowest level of validation. Once requested, CAs do not check the identity of a person or company running a website. They only verify that a site admin runs the URL, which is enough to register a domain.
With a DV SSL certificate, the web address has the HTTPS prefix and browsers display the padlock symbol. Clicking the padlock allows visitors to inspect the certificate and see the basic info about website ownership.
Domain Validated SSL certificates are ideal for smaller websites and blogs.
Pros of DV SSL certificates:
• The verification process takes place online and is usually automated
• CAs do not ask for any paperwork
• You receive this certificate on the same day you request it
• DV SSL certificates are the cheapest option on the market
Cons of DV SSL certificates:
• Low level of validation can make end users reluctant to share information
• They are not as secure as other options as anyone can obtain a DV SSL certificate and imitate your website
Organization Validated SSL Certificates (OV SSL)
An Organization Validated SSL certificate proves that you own the website domain and an organization in a specific country and city. A website must go through several background checks to receive an OV SSL.
A website with this certificate has the HTPPS prefix in its URL and a padlock icon next to the address bar. Once a user clicks the padlock, a browser shows who owns the domain and reveals relevant names, addresses, and countries of origin.
OV SSL certificates are an ideal option for smaller companies and platforms that collect sensitive user information.
Pros of OV SSL certificates:
• Strong all-around security
• More trustworthy than DV SSL certificates as visitors have more information at their disposal
Cons of OV SSL certificates:
• You need to prepare and submit business documents to a CA
• More expensive than a DV SSL certificate
Extended Validated SSL Certificates (EV SSL)
The Extended Validation SSL certificate gives the same validation as both DV and OV, but it also proves that you have registered your website as an official business.
When issuing EV SSL certificates, CAs do extensive background checks. They inspect domain ownership, legal existence, physical location(s), and more.
The exclusive feature of an EV certificate is that it turns a part of the browser address bar green. It also places the organization’s name next to the padlock symbol. This reassures visitors that it is safe to interact with the website.
Extended Validation SSL certificates are a perfect fit for enterprises, financial institutions, and eCommerce stores.
Pros of EV SSL certificates:
• Top-notch protection against phishing attacks, whaling attacks, email fraud, and other attacks
• By clearly stating the company name, EV SSL certificates emphasize that the business has been validated
Cons of EV SSL certificates:
• The most expensive SSL certificate on the market
• The verification process can take a few weeks
Types of SSL Certificates Based on the Number of Domains
Another factor that affects the type of SSL certification you choose is how many domains you wish to protect.
The five types of SSL based on the number of domains are:
- Single-Domain SSL certificates
- Wildcard SSL certificates
- Multi-Domain SSL certificates
- Multi-Domain Wildcard SSL certificates
- Unified Communications SSL certificate
The following sections explain each type and how website owners can benefit from buying the right SSL certificate.
Single-Domain SSL Certificates
A Single-Domain SSL certificate secures one domain and all its pages. Single-Domain SSL covers both www and non-www versions of the domain.
It is the cheapest type of SSL. It is enough to protect data coming in and out of a website. Buying this type of SSL certificate for a domain will not apply to its subdomains.
Validation options: Single-Domain SSL certificates are available for all three levels of validation.
Wildcard SSL Certificates
Wildcard SSL certificates protect a single domain and an unlimited number of subdomains. For example, if you buy a certificate for mywebsite.com, subdomains such as mail.mywebsite.com or login.mywebsite.com are also secured.
Wildcard SSL certificates are great if you plan on adding subdomains. It allows you to use the certificate for any subdomain. As an added benefit, it is far easier to manage a Wildcard certificate than single certificates for each of your subdomains.
Validation options: Wildcard SSL certificates can only have DV and OV levels of validation.
Multi-Domain SSL Certificates
A Multi-Domain certificate can protect multiple domains as well as subdomains. Depending on the CA, a Multi-Domain SSL certificate will allow you to secure up to 250 domains.
With a Multi-Domain SSL, the first domain is treated as the Base Domain. All others are regarded as SAN (subject alternative names) domains.
Validation options: Multi-Domain SSL is available with DV, OV, and EV levels of validation.
Multi-Domain Wildcard SSL Certificates
A Multi-Domain Wildcard SSL certificate combines features of Wildcard and Multi-Domain SSL certificates. A Multi-Domain Wildcard SSL certificate protects multiple fully qualified domains and an unlimited number of subdomains.
The initial investment is substantial. A Multi-Domain Wildcard SSL certificate is a good choice if you’re running multiple sites. It allows admins to manage a unified certification for all websites.
Validation options: Multi-Domain Wildcard SSL certificates provide DV and OV SSL validation.
Unified Communications (UCC) SSL Certificates
UCC SSLs are issued for environments that utilize Microsoft Exchange and Office Communications.
United Communications SSL allows users to protect multiple fully qualified domains under a single certificate. Like with Multi-Domain SSL, the first domain is the Base Domain, while others rely on SAN extensions instead of different IP addresses.
Depending on the CA, UCC can enable you to secure anywhere between 25 to 250 domains.
Validation options: Unified Communications SSL certification come with either DV or OV SSL validation.
Code Signing Certificates
Code Signing certificates allow you to encrypt software codes to ensure hackers cannot tamper with them. You want your files to have a CS certificate because all major operating systems warn users when they start downloading or installing unsigned software.
Adding this layer of protection allows you to:
• Build trust and confidence with users
• Protect the integrity of your software package
• Establish yourself as the software publisher
• Boost the number of downloads
Once a user tries to install a signed piece of software, the OS displays a popup window. The user can go to the developer’s website or click the publisher’s name to inspect the certification.
Validation options: You can get a Code Signing certificate with DV, OV, and EV verification. The Extended Validated version will enable two-factor authentication of your software.
Self-Signed SSL Certificates
Another way to secure your site with the SSL protocol is to generate a self-signed certificate. The website owner generates a self-signed certificate instead of a certificate authority.
Self-signed certificates provide data encryption and add HTTPS to your address, but unlike other types of SSL certificates, anyone can create them.
There’s no trusted third-party guaranteeing user safety, so most browsers will display a warning message to users visiting the website, as seen in the image below.
Unless you are using a website for private purposes, any other certification is better than a self-signed one.
How to Choose the Best SSL Certificate Type for Your Website
You should now have a clear idea of what type of SSL certificate best suits your needs. If you are still struggling to find the perfect fit, here is what you should consider:
• The size of your website
• How users interact with your website
• What information you collect from visitors
• How many domains and subdomains you wish to protect
• The number of subdomains you plan to add in the future
• Whether you use Microsoft Exchange and Office Communications environments
As a rule of thumb, Domain Validated SSL certificates work best for blogs and websites that do not process any personal data from its users.
Organization Validated SSL certificates are ideal for small and medium-sized websites that request personal data from its users.
Enterprise Validation SSL certificates are best for large companies with an array of front-facing web properties.
As for the number of domains you need to protect, the choice should be obvious. If you need to protect one or two domains, invest in a Single-Domain or Wildcard certificate. If you wish to certify multiple domains, go with a Multi-Domain SSL certificate.
Can You Have Multiple SSL Certificates for One Domain?
Having two or more certificates on one domain forces the server to choose which one to use. Sometimes, the server will send the most recent certificate to visitors. Other times, the server may rotate and serve older ones.
Having multiple SSL certificates can cause issues with SSL protocols and impact the security of the website.
In most cases, there’s no need to have more than one SSL certificate per domain. However, there are a few use cases where you could be using separate certificates in the same IT environment:
• Content-delivery network (CDN): When using a CDN, you have two SSL connections. One connection is between the visitor and the CDN and the other between the CDN and the server. You can use two SSL certificates, one on the server and the other on the CDN, to segment access to your private keys.
• Using multiple servers: If you installed your website on multiple servers, you could use two SSL certificates for the same domain to segment access and improve security.
• Test servers: You might have another environment for developing and testing new features and pages. It is normal to use a different SSL certificate for your test server in these cases.
Outside of these cases, you are better off using a single certification per domain.
The online environment has its rules and regulations. Securing your website with SSL is no longer a luxury, but a necessity to do business online. SSL certificates reassure your visitors that they can identify and trust you in an online setting.
While there are still many websites using SSL, if you want to follow the most up-to-date security recommendations, you should switch your website to TLS 1.2 or 1.3. Check out our article about the SSL vs TLS to learn the difference between these to security protocols.
After buying an SSL certificate, the next step would be to learn how to install SSL certificate on Nginx or how to install SSL certificate on Apache. If you still haven’t decided between the two, please refer to our Nginx vs Apache comparison article.