Get a breakdown of the different types of SSL certificates that enable secure websites
Gaining the trust of your customers and site visitors is essential. To establish trust in a digital world that’s filled with cyber threats, you need to demonstrate that you have their best interest in mind. This means taking the necessary precautions to protect their personal information and sensitive data from cybercriminals. One of the ways to do this is by using different types of SSL certificates.
Using an SSL/TLS certificate creates a secure website that they can feel comfortable and confident using. Depending on the certificate’s validation type, it enables you to identify and authenticate your domain and/or organization.
There are different types of SSL certificates that you can choose from depending on the needs of your site and organization. All of these SSL types offer different benefits for your organization, and their validation requirements vary significantly. The benefits that apply to all SSL certificates on our website include:
- Up to 256-bit encryption and a 2048-bit RSA signature key;
- HTTPS secure browser padlock and/or other visual security indicators;
- Boost in Google search rank;
- A static or dynamic site seal from your chosen certificate authority (CA);
- 24/7 issuance and support;
- 30-day money back guarantee; and
- A CA-backed warranty (up to $1.75 million, depending on the CA and the certificate).
What are the Different Types of SSL Certificates?
Click on the links below or scroll down manually to learn more about each of these specific types of SSL certificates. Each section will inform you about how each certificate is used to validate and protect your domain, organization, multiple domains, and/or subdomains.
- Domain Validation SSL Certificate (DV SSL)
- Organization Validation SSL Certificate (OV SSL)
- Extended Validation (EV) SSL Certificate
- Single-Domain SSL Certificate
- Multi-Domain SSL Certificate
- Wildcard SSL Certificate
- Multi Domain Wildcard SSL Certificate
Types of SSL — By Category
When you consider the seven types of SSL certificates that can be installed on a web server (or multiple servers), they’re generally clumped into two main categories: validation levels and multiple domains/subdomains.
Category One: SSL Validation Levels
There are three validation levels offered for SSL/TLS certificates:
DV SSL is the most common and basic type of SSL certificate. Much like how it sounds, a domain validation SSL certificate allows you to validate that you do, in fact, own your website domain — but nothing more. They’re easy to get and can be issued in as little as five minutes.
This type of certificate is ideal for internal testing domains or even blog posts because they offer full encryption and basic trust indicators. However, a DV certificate is not ideal for eCommerce sites that handle personal or financial information. For those sites, it’s best to go with one of the types of SSL certificates that require more in-depth validation (ideally, extended validation, or what’s known as EV SSL).
In addition to the benefits outlined at the beginning of the article, all types of DV SSL certificates from our vendors offer:
- Domain validation by a trusted third party
- Modest warranties (at least $10,000)
- Unlimited server licenses
All that is required to get a certificate issued is for the certificate authority to verify your domain. That’s it. They can do this through:
- Email-based authentication — The CA sends an email to a pre-approved email address; or
- File-based authentication — The CA sends a text file that needs to be uploaded to your website root directory; or
- CNAME-based authentication — The CA sends two hash values (MD5 and SHA1) that must be entered into a CNAME DNS record on your domain. Note: This method is for Comodo CA/Sectigo certificates only.
When comparing multiple types of SSL certificates in terms of their validation levels, an OV SSL cert is a significant step above a DV certificate because it requires you to not only verify that you or your organization owns a domain, but it also requires a step-by-step verification that your organization is legitimate through a variety of steps. These validation requirements include:
- Organization authentication — This verifies whether your business or organization exists.
- Locality presence verification — This verifies whether your organization can legally operate at its registered location.
- Telephone verification — This helps the certificate authority verify that your organization has a valid phone number and can be found via a reputable online directory.
- Domain verification — This helps the CA ensure that your organization owns the registered domain.
- Final verification call — This last step requires the CA to call and speak with you (or another organizational representative) to confirm the details of your SSL certificate order.
Why should you choose an organization validation SSL certificate over other types of SSL certificates? In addition to the list of benefits we mentioned at the beginning of the page, here’s what an OV SSL certificate offers:
- Domain and basic business validation by a trusted third party
- Up to $1.5 million in warranties
- Unlimited server licenses
EV SSL stands head-and-shoulders above the other two validation levels. Extended validation not only validates your domain but requires in-depth validation of your business as well. As a result of this comprehensive validation, web browsers will display your verified company name in the web address bar. This leads to greater trust and authenticity, which can affect your bottom line in a very positive way. Usability research has found that EV SSL certificates make people feel confident that their personal and financial data are secure, so they are more likely to convert, make purchases, and provide their information on your website.
In addition to the list of benefits we mentioned at the beginning of the page, EV SSL certificates also offer:
- A “green address bar” (it’s gray or green, depending on your browser) that shows your verified company details;
- Domain and full business validation by a trusted third party; and
- Up to $2 million in warranties.
Just as EV SSL offers more benefits, extended validation certificates also have more stringent requirements than its DV SSL and OV SSL counterparts. Extended validation is like organization validation on steroids — some of the verification steps are the same, but there are also additional steps required, including:
- Completion of an enrollment form
- Organization authentication
- Operational existence
- Physical address verification
- Telephone verification
- Domain authentication
- A final verification call
- A run through of five verification questions
- Download an opinion letter (a professional opinion letter)
The good news, though, is that so long as you are a legitimate business and are relatively well organized, this validation process is relatively simple. If you hit any snags in the validation process, our support team can help you navigate the steps and get your EV certificate issued quickly!Shop EV SSL Certificates
A Side-by-Side Comparison of SSL Validation Levels
Category Two: Types of SSL Certificates Based on How Many Sites They Protect
A basic SSL certificate will secure a single website, called a fully qualified domain name (FQDN). Example.com, site.com, and blog.example.com are all separate FQDNs. In addition to securing a primary domain, many businesses also have multiple domains (in the context of SSL certificates, additional domains are referred to as subject alternate names or SAN domains) and subdomains to contend with for their website. The certificates that fall within this category are those that can be used to secure multiple domains (SANs) and/or subdomains. There are three types of SSL certificates that meet this definition: wildcard, multi-domain, and multi-domain wildcard.
If you’re looking to secure a single domain, it’s good to know that you have options. Single domain SSL certificates are the most popular certificates and can be used to secure:
- The “WWW” version of your domain (www.domain.com) and the non-“WWW” version of your domain (domain.com), OR
- A single subdomain (*.domain.com)
These certificates are available in DV, OV, or EV validation levels.Shop Single-Domain SSL Certificates
Wildcard SSL certificates are used to secure and protect all the subdomains you have on your website that exist on the same main domain. There is no limit to the number of subdomains you can protect on a single wildcard certificate, so no matter whether you have two subdomains or 5,000, you’re covered. Let’s say you have registered the domain mydogsaccessories.com. On this domain, you may have multiple subdomains such as blog.mydogsaccessories.com, cart.mydogsaccessories.com, or leashes.mydogsacessories.com. This means that all of these subdomains (and all others on the same domain) would be covered.
In addition to the list of benefits we mentioned at the beginning of the page, some of the benefits of choosing a wildcard SSL certificate is that it:
- Offers the ability to secure unlimited subdomains
- Is a “future-proof” certificate – automatically protects new subdomains without being reissued
- Simplifies SSL/TLS certificate management
- Comes with a warranty of up to $1.5 million
- Offers unlimited server licenses
Wildcard types of SSL certificates from different brands offer either domain validation or organization validation capabilities — you’ll need to review each certificate individually to see which level of validation applies.Shop Wildcard SSL Certificates
If you need to secure multiple domains, a multi-domain certificate (MDC) is a cost-effective and versatile approach to the website validation process. For example, if you have mydogsaccessories.com as your main domain but also own mydogsaccessories.net, mydogsaccessories.biz, and mydogsaccessories.co.uk as well, then you can use one certificate to secure all of these different top-level domains (TLDs). These are all considered SAN domains and one SAN/multi domain certificate can be used to cover them.
If your website uses Microsoft Exchange or an Office Communications server, then you’ll likely want to choose a unified communications certificate (UCC). These types of SSL certificates — UCCs — were historically recommended for domains operating on these types of web servers because they were originally designed for deployment on Microsoft Exchange servers. However, UCCs are now considered multipurpose and often can be deployed across other servers as well.
Unlike wildcard certificates, you can choose from DV SSL, OV SSL, and EV SSL levels of validation for your UCC/SAN/MDCs. In addition to the list of benefits we mentioned at the beginning of the page, other benefits include:
- Secure multiple domains (SANs)
- A site seal from your chosen CA
- A warranty of up to $1.75 million
- Simplify certificate management
- Unlimited server licenses
In a nutshell, a multi-domain wildcard certificate is a jack of all trades as far as the types of SSL that are available. It is the most versatile of the types of SSL certificates because you get to enjoy the benefits of both multi-domain and wildcard certs in one easily managed SSL/TLS certificate. Depending on the CA, you can secure up to 250 domains as well as unlimited subdomains — all without the hassle of juggling multiple certificates. This saves you significant time, money, and effort.
In addition to the list of benefits we mentioned at the beginning of the page, these types of SSL certificates offer:
- Secure multiple domains and unlimited subdomains
- Simplified SSL/TLS certificate management
- Warranty of up to $1.5 million
Furthermore, multi-domain wildcard certificates are available in domain and organization levels of validation. An MDC/UCC/SAN certificate can help you both secure your existing website as well as any future subdomains while boosting your site’s credibility.
[Button: Shop Multi-Domain Wildcard SSL Certificates]
Types of SSL Certificate Encryption Algorithms: EEC vs RSA
Another way to evaluate and differentiate between different types of SSL certificates is to look at their digital signature algorithms to determine what is best for your site. Historically, SSL/TLS encryption has been undergirded by RSA, which stands for the surnames of the people who created it (Rivest, Shamir, and Adleman), and ECC, or elliptic curve cryptography. Both of these terms refer to the mathematical equation that is used to sign your SSL/TLS certificate.
Why Choose ECC
The ECC mathematics-based approach is a lighter and faster form of digital signing than RSA; it uses smaller key sizes that are better for scalability and security. For example, a 256-bit ECC key requires significantly less computational overhead than an RSA key that is 2048 bits while actually being more secure. A 224-bit ECC key is the equivalent of a 2048-bit RSA key. Likewise, a 256-bit ECC key is the equivalent of a 3072-bit RSA key, a 384-bit ECC key is the equivalent of a 7680-bit RSA key, and so on.
Although ECC is superior in many ways, some webmasters still choose RSA because, historically, it’s been more widely supported by web servers and hosting companies. If you prefer RSA, you can choose any of the SSL certificates on our website. However, it’s important to note that TLS 1.3 has eliminated RSA key exchange, mandating perfect forward secrecy.
However, the majority of SSL resellers and CAs will offer the option of choosing ECC for some types of SSL certificates. Some of these inclusive CAs are Comodo CA/Sectigo and Symantec/DigiCert. Specific examples of some SSL/TLS certificates on our website that enable ECC digital signing include Symantec’s Secure Site Pro and Secure Site Pro with EV.