Nowadays, it’s easier than ever before to get an SSL certificate for your site. Virtually all managed hosts offer it right from the dashboard, some even providing a free SSL certificate, so check with your host before looking into third-party certificates. If they don’t offer a free one, they may still sell and offer configuration of third party SSL certificates. But as with most other things, the price and complexity of configuration depends on your specific use case. In this article we take a look at the types of SSL certificates that are out there, so you can decide what is right for you.
Types of SSL Certificates
There are three main levels for SSL Certificates: Domain Validated (DV), Organization Validated (OV), and Extended Validated (EV). They all offer different levels of validation and coverage at different prices.
Domain Validated (DV) Certificates
This is the base-level SSL certificate that offer encryption of server-browser communication only. They are good for sites where trust and credibility are less important and only need encryption for logins, forms or other non-transactional data. They don’t include company verification, so if proving identity is important on your site, you might want to go a step up. However, there are many free SSL options out there at the DV level, so it is easy to for any website to meet basic SSL certificate requirements.
This article from Elegant Themes shows you how to set up a free SSL certificate on your WordPress site, both manually in cPanel, and using WordPress plugins.
Organization Validated (OV) Certificates
OV certificates do everything that a Domain Validated certificate does, except it adds on some of that business authentication into your address bar details. It’s not prominently displayed, so your site visitor has to view the certificate itself to verify, but still acts as some proof that you are who you say are. They do look pretty much the same in the browser as a DV certificate, so aren’t as popular as EV certificates if identity validation is important.
Extended Validation (EV) Certificates
EV Certificates are the strongest certificates you can buy – and also the most expensive. They cover the most in terms of a breach, and as such, companies must meet the highest, and most stringent requirements to obtain one. But they offer that green “lock” icon in the address bar, that users are beginning to expect on sites that process transactions and sensitive personal data.
But wait, there’s more!
With all the current SSL talk, you’ve probably been hearing the word “WildCard” thrown around a bunch, and are wondering where that fits into all of this. WildCard, SAN and UCC are really just names for the types of services that can be bundled together under one SSL certificate.
A Standard SSL certificate covers only a single domain name, and none of the subdomains within it. This is the most basic package.
A WildCard SSL certificate allows you to bundle sites with multiple subdomains into one certificate. It is a top choice for organizations with sites across multiple subdomains because it allows one certificate to represent them all, saving you time and money. In the WordPress world this means that if you have a multisite install that is set up with subdomains, this is the certificate for you. In general, WildCard certificates are much more flexible than a single purpose certificate, and it can be applied to a number of different services. There are limitations, however: if you use multiple TLD’s (top level domains), WildCard will not support both. So for example, wordpress.com and wordpress.org cannot use a single WildCard to cover both sites.
Multi Domain (aka SAN or UCC) Certificates
That’s where multi-domain (also called SAN or UCC) certificates come in! They not only cover multiple subdomains across multiple top level domains, but can cover up to 100 sites all at once. And finally, keep in mind that Security requirements vary greatly and as a result, some businesses may require a Multi-Domain Certificate with Wildcard capabilities.
Choosing an SSL Certificate
It’s important for you to understand what types of information you are processing/transmitting on your website in order to find the SSL Certificate that’s right for you. As we discussed in our previous post, Demystifying SSL and HTTPS, your SSL Certificate is necessary to allow your site to transfer data securely via HTTPS.
Obviously, an HTTPS connection will secure credit card transactions, and is a requirement for all ecommerce sites. But it does far more than just protect ecommerce transactions! HTTPS also secures:
- Logins to the WordPress Admin
- User logins, profile information and uploads to the frontend of your site
- Social media sites browsing
- Newsletter email signup forms
- Information submitted via your site’s contact form
- All other data transfers!
Evaluate Your Website Needs Against Your SSL Certificate Options
An SSL Certificates is an investment into the security and authenticity of your website, and by extension, your business itself. Start by evaluating your business needs in order to inform your choice. Ask yourself these questions before buying an SSL Certificate.
How Many Domains or Subdomains Do You Need to Secure?
As discussed above, there are many different levels of SSL bundling, depending on how many sites you need to secure. There is an administrative benefit to using one SSL Certificate across multiple domains and subdomains: one certificate to manage, one certificate to pay every year. Take a look at your web properties to find out what level of bundling you need.
What Type of Website Do You Have?
Ecommerce sites processing credit cards directly will need more coverage (your warranty in case of a breach) than a typical site only collects email addresses for their newsletter. After identifying the types of data you are collecting, you will have a much better idea of the level of warranty you need from your SSL. This is a major factor in the certificate decision process.
Different Levels of Trust
How important is it that your users trust your website and identity? Each SSL Certificate level is shown differently in the user’s browser, to indicate how much your business identity has been authenticated. These identifiers include a green address bar, your organization name in the URL, a website seal, etc. SSL Certificate information is available to your site users, and can increase trust in your business and show your site is safe for your users to share personal and sensitive information.
High level SSL Certificates require many more steps to authenticate your business. Those requirements vary by Certificate Authority. Check out this link to see an example of the documentation process you can expect for EV-level SSL.
What is Your Budget? SSL Certificate Prices Vary
The cost of SSL certificates vary depending on what type of certificate you get. They can be as little as free (a DV certificate), or very expensive when they include a strict business validation process (EV). Price all depends on the warranty you want, the type of information you are processing, and the amount of sites and domains you want to cover with one certificate. In general, the more expensive and comprehensive the certificate, the bigger the warranty they provide if their encryption somehow fails and leads to monetary loss by any of your users.
Check out this post on ChargeBee to get an idea of the range of costs associated with different types of SSL Certificates.
Just Do It
Remember: free, DV-level SSL Certification is better than no certificate at all. If you are unsure or unable to do a comprehensive evaluation right now, go with a simple DV certificate while you figure out next steps. SOME encryption is better than no encryption at all!! And as most web hosts offer DV SSL, this is the easiest and most straightforward option.
In general, taking the steps to find the level of SSL Certification is a smart business decision that can save your business a LOT of headache and heartache down the road, no matter the type of website you have.