What is a Security Certificate, and how can you get it? Why is it even helpful information for you to have? If you’re struggling to find the answers to these questions, this article should bring some clarity.
A Security Certificate (SSL) is, according to an article from 101domain.com, “a cyber-security protocol that digitally encrypts information sent from a browser to a server.” (Read the full article here). Having an SSL certificate increases the security of your website by protecting customer information. With the Secure Sockets Layer (SSL), it is impossible for hackers to read any data that gets transferred between a visitor and a site owner. SSL certificates are used to protect data such as credit card numbers, passwords, usernames, email addresses, and other important information. SSL Certificates can be indicated in your browser via an “https” tag, padlock icon in the browser, or a site seal from a Certificate Authority. More advanced and premium options will have a green bar wrapped around the URL, and some allow your organization’s name to appear in the URL bar as well.
Like any type of security system, there are several types of SSL certificates. They can be broken into four main categories: Domain Validated (DV) SSLs, Organization Validated (OV) SSLs, Extended Validation (EV) SSLs, and Wildcard SSLs.
Domain Validated SSLs
Domain Validated SSLs are the simplest of these certificates, but they add industry standard encryption and security to websites and internal systems. These SSLs require only one step to validate, and typically are complete in minutes. The owner of the website is required to prove domain ownership via an email response or phone call. The validation display will be minimal: only a padlock and the “https,” and no business name will be displayed. This site is a good option if your website visitors do not need extra security assurance, such as if you run a non-commercial blog. Additionally, HTTPS boosts search engine ranking, according to geekflare.com. These certificates are best used when encryption for passwords, usernames, or credit card information is not required. Installing these types of SSLs varies from different Certificate Authority Houses, but most hosts offer step-by-step instructions for installing SSLs. I would recommend using ZeroSSL, which promises to be set up after a few minutes, and is free. You will have to renew the certificate after 90 days, but there is no additional cost for this. Additionally, you can generate SSLs for multiple domains at no extra cost.
Organization Validated SSLs
Organization Validated SSLs are a step above Domain Validated SSLs for a few reasons. They are considered a middle ground between DV and EV certificates. The main purpose of these certificates is to encrypt sensitive information more securely than an Domain Validated SSL. These are used primarily for websites used for transactions. Obtaining an Organization Validated SSL requires a more intensive vetting process through a Certification Authority before it can be issued. Part of this process includes the owner proving they have ownership of the website and domain, usually through providing legal documents such as existence records, attestation letters, government licenses, incorporation articles, bank statements, letter of issuer’s relationship with an organization, or a third party database list. They also take 2-3 days to be completely installed. However, an Organization Validated SSL provides more trust indications, and provides greater security for sensitive information. This version has a high assurance for secure information, and it displays the website owner’s information to the user, which helps the user distinguish your real site from a malicious imposter. These types of SSLs are required by commercial websites or public facing websites, such as Amazon. They also protect websites from phishing attacks, and keep data secure from hackers.
Extended Validation SSL
Extended Validation SSLs are the highest level of business validation. These SSL certificates provide the highest level of security encryption. The main difference between Extended Validation and Organization Validation SSLs are that EV certificates identify the legal entity that controls the website. They also enable encrypted communications within a website. Additionally, they establish legitimacy of a business that claims to operate a website or distribute code. This reliable third-party verified identity helps prevent problems caused by phishing, malware, and other forms of online fraud. These types of certificates are becoming more common, especially as businesses such as Bank of America, Twitter, and Paypal have started to use these certificates. They are most commonly used with online data collection, processing logins, and online payments, where high levels of security are crucial for user safety. EV certificates require that businesses are official companies, registered with the government. These validations display security using a padlock, https marking, and a green address bar. This security also shows the country of origin of the website, which is helpful for ensuring user security. Extended validations require an extensive set up process, especially with a premium subscription. You will need to begin by signing the Subscriber Agreement and Certificate Enrollment form. Then you will need to authenticate your organization. You will also need to verify that your organization has been in operation for 3 years, and that you have a physical address and telephone number for your organization. The person setting up the account must also verify their employment with the company, and provide verification for the domain ownership. The final step is a verification call with the Central Authority.
Wildcard and Multi-Domain SSL Certificates
What’s unique about Wildcard SSL is that it covers one main domain name, but it also covers unlimited subdomains. These certificates are useful for securing a base domain and several subdomains, because they are cheaper than purchasing multiple single-domain SSL certificates. This also cuts down on administrative effort, because there are fewer SSLs to manage for each subdomain. Wildcard certificates are available for OV and DV SSLs, but they are not available for EV SSLs, because they pose a security risk. However, there are Multi-Domain SSLs for up to 100 different domain names, which saves time and money. Multi-Domain SSLs have Extended Validation types available. Wildcard SSL demonstrates differently than most SSLs. Security is verified by including a period and asterisk before the domain name (.*domain.com, for example).
The basic process for obtaining a Security Certificate is the same for all of the different SSL types. You will need to begin with a dedicated IP address, as you want to ensure that traffic is only going to your site, and that other websites are not using the same location. You then need to purchase a certificate, and then activate your certificate. This part of the process will vary based on the web host, and it is best to let them do it for you, since this process tends to get complicated. After you activate the certificate, be sure to generate the CSR, which you will need to do within your web hosting control panel. After this, install the certificate. Your web host may be able to do this step for you as well, so it is generally a good idea to check with them. The final step is to update your site, and any links to target pages. Once this step is complete, your site will be ready to go.