SSL (Secure Socket Layer) protocol is a technology that protects data from being intercepted by middle-men while it is in transmission from web server to browser/client and vice-versa. An SSL certificate can be issued by a Certification Authority (CA), which is trusted by common browsers.
It is also possible to have a self-issued SSL certificate, however it will give an error just like below:
How SSL certificate works?
Whenever a user visits your website, the activity by user, specially forms and input items are sent to the server in the form of a request, which in turn are processed by your server and returned in form of the response. However the nature of HTTP means the requests will be in plain-text, meaning anyone on the same network can “intercept” the submitted values. These submitted values may also contain usernames, password and other sensitive information.
When you use SSL, HTTPS is used instead of HTTP for transferring the data, which means that every web request is encrypted by the browser using the public key of your server before transmission which prevents interception. This request is then decrypted by your server and after processing the response is encrypted before sending.
Hence if you have a website where users are submitting information, it is necessary to have an SSL certificate.
Types of SSL certificates
SSL Certificates come in various packages, based on the use-case. Before we decide what SSL certificate is best for us, let us review them.
Domain-validated (DV) SSL
DV SSL is the most simplest (and cheapest) SSL certificate, and infact Let’s Encrypt is free. Issuing a DV takes less than 10 minutes, as soon as the domain ownership is verified by changing the DNS records or uploading a file. DV SSL is assigned to a single domain, and you need a separate certificate for each domain.
Organization-validated (OV) SSL
Getting an OV SSL is slightly complicated – the CA verifies your organization’s identity and then gives you the SSL certificate. However this may take 24-48 hours for the issuing since the issuer verifies your business registration details as well as address by searching from online databases. Hence OV is expensive than DV, and LetsEncrypt does not provide OV.
Extended Validation (EV) SSL
EV SSL, as it name suggests, is awarded after extensive verification of the organization. The CA verifies not only the organization’s identity and address, but also phone numbers and other means of communication. The verification is done physically and the process may take 7-10 days to complete. However this is the most beneficial SSL since it leverages complete trust over the organization, which is reflected by the organization name in the address bar.
Wildcard SSL is similar to DV SSL but it is valid for unlimited subdomains under the domain on which certificate is issued.
Subject Alternative Name (SAN) SSL
SAN is considered to be the king of SSL certificates because of the following reasons:
- You can use the same SSL certificate for securing multiple domains. That means that if you have a lot of domains it will add a great financial value for you.
- You can use SAN SSL certificate to protect a particular IP address of a server. That means you can host multiple sites on a single server and protect them all by a single certificate.
- You can add number of domains at the later time as per your requirement.
Comparison of SSL certificates
I have made a table of comparison related to SSL certificates based on above points.