At Superb Internet, we’re always looking out for you. That’s why we want to take the time to give you a crash course on one of the most important elements to keeping your website safe, secured, and compliant – SSL certificates.
Giving You the Lowdown on SSL Certificates
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant.
Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information, such as a customer’s personal and credit card information. By adding an SSL certificate, you not only protect your business but also increase customer confidence by safely encrypting your customers’ most sensitive data.
For online transactions, an SSL certificate turns sensitive data into encrypted secure code. The web browser then checks the SSL certificate to make sure that the website is legitimate. Once verified, the web browser and server processes the encoded information.
This helps to ensure that the sensitive data delivered between the web browser and server is handled safely, securely, and that the website is PCI (Payment Card Industry) compliant.
Why Picking the Right Certificate Authority (CA) Matters
Picking the right Certificate Authorities (CA) is integral in the entire SSL process because they’re the ones issuing these digital certificates. In essence, digital certificates, such as an SSL, are small verifiable data files containing identity credentials that help authenticate the online identity of people, websites, and devices.
Each digital certificate includes valuable information like the expiration date of the certificate, the owner’s name and other important information, along with a public key – a value provided by some designated authority as an encryption key.
As a trusted entity issuing these digital certificates, the CA must meet strict and detailed criteria before being accepted as a member. Once accepted, the CA is authorized to distribute SSL certificates.
The longer the CA has been operational, the more browsers and devices will trust the certificates issued by the CA. One important thing to note is that for certificates to be transparently trusted, it must have “ubiquity” where it’s capable of being backwards compatible with older browsers, including mobile devices.
Overall, CAs play a vital role in how the Internet operates today by protecting information, encrypting billions of online transactions, and enabling secure communication. Without CAs, the Internet would not be as transparent and trustworthy as it is and online transactions would be more susceptible to hacks, data breaches, and phishing.
Get the Perfect SSL Certificate(s) to Meet Your Needs
Of course, not all SSL certificates are created equal. To ensure that you pick the right SSL certificate(s) for your needs, it’s important to understand the main differences in regard to its validation level:
Server Gated Cryptography (SGC) SSL Certificates
To begin, let’s start with one of the original secured digital certificates – the Server Gated Cryptography (SGC) SSL certificate. SGC SSL certificates were made available from the mid 1990’s as a means to increase the cryptographic strength of the SSL connection from 40, or 56 bits, to 128 bits.
At that time, the goal was to force weakly encrypted browsers to use the stronger 128-bit encryption method for online financial transactions. Of course, times have changed and SGC browsers, such as Netscape, are obsolete. The once reliable, and unbreakable 128-bit encryption, is now susceptible to new vulnerabilities and are unable to support the ongoing revisions of SSL protocols.
Today, the standard SSL encryption is 256-bit and we recommend anyone with an SGC SSL certificate to replace it immediately with one of the other types of SSL certificates below based on their validation level and security requirements.
Organization Validated (OV) SSL Certificates
Organization Validated (OV) SSL certificates are more trusted because the validation process not only requires for the domain to be authenticated but also additional information and documentation to certify the company’s identity.
The CA must authenticate the company against the business registry databases held by the local government to confirm information, such as the entity’s name, city, state, and country to ensure that it’s a legitimate business. Because of this, the entire process can take anywhere from a few hours, to a few days to complete depending on the CA’s validation process.
OV certificates are considered the standard type of certificate for any commercial website because it contains all the necessary information for company validation. By giving people more visibility into who is actually behind the site when they click on the Secure Site Seal (lock icon) located on the address bar, visitors feel more comfortable sharing their personal information with the site.
Domain Validated (DV) SSL Certificates
Domain Validated (DV) SSL certificates are used on public websites and are one of the cheapest certificates to get. The validation process is very simple and is typically performed via email or DNS to confirm that the domain is registered and that someone with admin rights is aware of, and approves, the certificate request.
Since no company information is vetted, the entire process can be complete almost immediately. If the certificate is valid and signed by a trusted authority, the browsers would indicate a successfully secured “Hyper Text Transfer Protocol Secure (HTTPS)” connection in the address bar.
DV certificates are ideal only to those wanting a quick and low cost SSL where organization validation is not a concern. With this in mind, an informed user may acknowledge that DV certificates do provide encryption and security as other certificates but they may still not trust the site with their personal information because no company information has been vetted as part of the validation process.
Extended Validated (EV) SSL Certificates
If you’re looking to go the extra mile in keeping your website(s) safe, secured, and compliant, then Extended Validated (EV) SSL certificates is the perfect solution for you. Unlike the validation process for DV and OV certificates, getting an EV certificate is more difficult because of its strict and stringent authentication procedure that requires domain ownership and additional company documentation, along with other steps and checks. Overall, there are two main phases to the authentication process.
The first phase requires the CA to conduct thorough research to identify the legal entity that controls the website. This is done by verifying the legal, physical, and operational existence of the company. In addition to verifying that the organization’s identity matches official records, the CA must also ensure that the organization has exclusive rights to use the domain specified in the EV certificate and that it has properly authorized the issuance of the EV certificate. Typically, the CA will also obtain an attorney’s legal opinion on the validity of not only the business but also the information provided to obtain the EV certificate.
The second phase assist with enabling encrypted communication of information over the Internet between the website and the user of an Internet browser. By having processes for facilitating the exchange of encryption keys to prevent hacking, phishing and malware, organizations with EV certificates have a vehicle in place to properly address online identity fraud.
Since the validation process for EV certificates are much more in-depth, the entire process can take a few days, to even a few weeks to complete. Plus, CA’s issuing EV certificates must undergo recurring audits to ensure the integrity of the SSL certificate issued.
EV certificates are an ideal solution for businesses that wish to assert the highest levels of authenticity and security. By adhering to the strictest authentication process, any company with an EV certificate is rewarded with a visible “Green Bar” that’s clearly noticeable on any modern browser. This gives visitors and customers the utmost confidence that the site is extremely secured and compliant.
Wildcard (*) SSL Certificates
Wildcard SSL certificates secures your website similar to standard SSL certificates and the requests are processed using the same validation method. These types of SSL certificates are available for most of the validation levels (DV, OV, EV) mentioned above and can help protect an unlimited number of subdomains for a single domain.
One of the key differences is that Wildcard SSL certificates uses “Subject Alternative Names (SANs)” to secure a domain and all of its first-level subdomains. Whereas, a standard SSL certificate will only secure the domain that you bought the SSL certificate for and any subdomains will be left unprotected unless you purchase a Wildcard SSL certificate or additional SSL certificates for each subdomain.
For instance, let’s take www.SSL.com as an example. By purchasing a Wildcard SSL certificate for this domain, all you would have to do is add an asterisk (*) in the subdomain area located left to the common domain name and you can secure an unlimited number of subdomains for *.SSL.com, such as the following:
Overall, Wildcard SSL certificates is a great solution for those with multiple subdomains who want to save time, money, and to make the SSL administration process easier for securing their site. However, the drawback with Wildcard SSL certificates is that each subdomain is not individually protected. So if a certificate is revoked on one subdomain, other subdomains will be compromised and revoked as well.
Always be on the Lookout and Manage Your SSL Certificates
Having an SSL certificate is an essential part in protecting sensitive data in transit. And while SSL certificates provide additional layers of security, it can still be vulnerable and susceptible to attacks. This is where SSL certificate management comes in. You always have to be on the lookout to ensure that the SSL certificates are managed properly.
Proper SSL certificate management requires knowing the status of each certificate across sites, browsers, and networks. Through careful monitoring of these certificates, website owners can prevent major incidents from occurring, such as phishing and data breaches, which can not only be expensive to resolve but also cause long-term damage to your reputation with customers.
Now is the Time to Protect Yourself, Your Business, and Your Customers
Thinking about getting an SSL certificate for your website? Let us help keep your website safe, secured, and compliant. Whether you’re thinking about getting an SSL certificate to encrypt sensitive information, authentication, PCI compliance, to gain your customers trust, or to prevent phishing and data breaches, we have a wide-array of trusted brands to choose from.
Start now and easily compare SSL certificates from major global CA’s like GeoTrust, Comodo, and Symantec. See our latest line of secured, reliable, and affordable SSL certificates below. Get trusted, be protected, and stay compliant today!
|Certificate Authority||Certificate Name||Validation Level(s)||1 Year||2 Year||3 Year|
|GeoTrust||True Business ID||OV||$119||$199||$289|
|GeoTrust||True Business ID with EV||OV/EV||$299||$469||N/A|
|GeoTrust||True Business ID Wildcard||OV/WC||$499||$998||$1,497|
Recommended Validation Level(s):
Domain Validated (DV) SSL Certificates:
DV certificates are ideal only to those wanting a quick and low cost SSL where organization validation is not a concern.
Organization Validated (OV) SSL Certificates:
OV certificates are the standard type of certificate and contains all the necessary information for company validation.
Extended Validated (EV) SSL Certificates:
EV certificates are an ideal solution for businesses that wish to assert the highest levels of authenticity and security.
Wildcard (WC) SSL Certificates:
WC certificates are a great solution for those with multiple sub-domains who want to save time and money.