SSL Certificates

I was asked today by a client which SSL certificate they should buy for their website, so I thought I would use it as a basis for a blog post.

Every company that sells SSL certificates will have different ones you can buy, so before you buy one you need to understand what you need the certificate for. Here are some questions to ask yourself:

  • Do you need to protect one site?
  • Do you need to protect more than one site?

Types of Certificates

There are two main types of certificates:

  1. Single Site – protects just a single site (ie www.yourdomain.com) and is perfect for a company with a single domain that might never change.
  2. Sub-Domain or Wildcard – protects all various of yourdomain.com and is perfect for a company which is going to do several things, for example:
    www.yourdomain.com(main site).
    staff.yourdomain.com (staff website).
    vip.yourdomain.com (something special for those special customers).
    This type of SSL is more expensive as it can be used for so many things.

You can always upgrade from a single SSL certificate to a wildcard SSL certificate at any time with suppliers.

Now that you have your certificate sorted, you need to consider how you want it to look to the user.

All SSL certificates enable communication between the browser and the server in an encrypted way so that intercepting data is much harder. Essentially it has to be intercepted at the start or at the end – not in the middle. However, there are different ways that it appears to the users. The more obvious that a site is secure usually means the more hoops the site has to go through for verification (passports, etc..at the highest level – but at the lowest level just having control of the domain is enough).

Variations of SSL certificates and how they look

The variations are usually online these lines (starting with the simplest:

  1. Simple cheapest SSL
    1. Has a padlock on the URL bar.
  2. Medium Level SSL
    1. Has a padlock on the URL bar.
    2. Provides a “site seal” indicating that the site identity has been verified (also advertises the certificate provider).
    3. Usually provides new certificates if required.
  3. High-Level SSL
    1. Has a padlock on the URL bar.
    2. Provides a “site seal” indicating that the site identity has been verified.
    3. Unlimited re-issues or even re-keying if a major change happens.
    4. The green bar on major browsers (indicates a much higher level of verification – (Ltd company verified, individual passports etc).
  4. E-commerce/Highest Level (many of these are usually issued alongside PCI programs) – usually used by very large companies with significant brand protection.
    1. Has a padlock on the URL bar.
    2. Provides a “site seal” indicating that the site identity has been verified (also advertises the certificate provider).
    3. Usually provides new certificates if required (moving servers, hack etc…lots can break a certificate and with the cheapest you often pay for them).
    4. The green bar on major browsers.
    5. Site security testing – penetration testing, daily seal of tests etc.

Each provider has various and deals for how many domains can be covered, Linux, windows etc, how long it might last for (multi-year) but the variations of SSL levels usually encountered are all listed above.

If you would like more information on SSL certificates, please contact us via the Contact Us Page, our Facebook Page, or on Twitter.