Types of SSL Certificates and Their Usage: From EV SSL to Multi-Domain Certificates
Confused about SSL certificate iterations? Check out this romp through the world of SSL, with a look at EV SSL, OV SSL, DV SSL, multi-domain certificates, and wildcard certificates.
Join the DZone community and get the full member experience.Join For Free
Secure Sockets Layer (SSL) have risen to fame in the recent years especially among e-commerce websites because of their strong encryption features and ability to keep online threats at bay. Depending on the nature of a website, or what information the webmasters want to secure or display, there are many applications for SSL certificates. Most of the Certificate Authorities (CA) offer a range of SSL certificates that have different applications and offer specific benefits. Some of the major types of SSL certificates are discussed at length below:
Extended Validation (EV) SSL Certificates
EV SSL primarily has two major purposes, a) to identify the legal entity that owns and operates a website b) to encrypt communication exchanges with client browsers.
The authentication criteria for obtaining EV SSL are more thorough than other certificates and its issuance policy is in compliance with the EV Guidelines (officially ratified in 2007 by CA/Browser forum).
EV SSL helps verify the credibility of a business that operates a website and enables strong encryption to fight against malware attacks, phishing scams, and other attempts of cybercrime. Relatively speaking CAs take a longer time to issue EV SSL because of the rigorous process involved in authenticating the background of a business requesting the certificate.
Organization Validation (OV) SSL Certificates
A website obtains an OV SSL certificate when a CA thoroughly screens the identity of a business applicant and verifies their authority to use a specific domain name. The name of the business entity appears clearly on the Secure Site Seal in the URL address, which when clicked, displays the organization's background information in more detail.
Because OVs involve move authentication measures than DVs, they are considered to be more trustworthy than the latter. They are also a popular choice for big size corporations, governments, and organizations that want to ensure an enhanced level of confidence to their website visitors.
Domain Validation (DV) SSL Certificates
DV SSL provides a basic certification service that informs website visitors about data encryption measures that the website has taken. It might sound condescending, but it is not wrong to say that DV SSL provide the lowest level of validation when compared to other types of SSL certificates. The CA that issues the certificate doesn't go into the length of screening the business that's requesting the certificate, and as a result, the Secure Site Seal doesn't include any information about the requesting authority.
DV SSL is mostly automated and because not much validation is involved, they cost lower than other types of certificates.
A Wildcard SSL certificate uses Subject Alternative Names (SANs) to encrypt unlimited sub-domains through a single certificate. If a website has a specific second and top level domain, a Wildcard SSL can secure unlimited first level domains using only a single SSL certificate. For example, getting a Wildcard SSL certificate for example.com will also provide encryption to mail.example.com, payment.example.com, login.example.com, etc.
Most CAs offer Wildcard certificate with unlimited server licensing; websites only have to pay once regardless of how many servers they have.
The difference between a Wildcard SSL and a multi-domain SSL certificate is that the latter offers security to different second level domains. Also known by its another name – Unified Communications Certificate (UCC) – multi-domain SSL certificates can encrypt up to 210 domains using a single certificate. They allow websites to secure a primary domain name and up to 99 additional SANs with a single certificate. Multi-domain SSL works best in shared hosting environment, and a website will have “issued to” information of the primary domain name in the Secure Site Seal.
Opinions expressed by DZone contributors are their own.