Types of SSL: The Good, The Bad, and the Self-Signed

SSL

One does not need to have been the most curious person to have looked at the top of your browser and thought; “I wonder what that green padlock is for”. Maybe you decided to click on it and saw the term SSL, typed it into Google and ended up here – in which case, Welcome! If not, well then you are truly lost and may as well stay for the rest of the article.

 

SSL is an elegant answer to a growing problem within our increasingly online-centric world; security. With more devices than ever before being connected to the web, it is only (and unfortunately) human nature for some people to want to exploit it. Society has learned many difficult lessons about cyber-security from our time on the internet that it has resulted in some ingenious solutions to said problems.

 

You may not know what SSL is, but it is very much worth finding out about, not just if you plan to work with it, but also as a consumer to know how it protects you from unknowingly exposing your sensitive information to would-be fraudsters.

 

Quick-Fire

What is SSL?

SSL stands for “Secure Sockets Layer”. It is a protocol that has been widely adopted to enable secure communication between users’ computers and servers.

 

How does SSL Work?

Imagine a handshake between your computer and the web server you are accessing. You attempt to connect to the server, but even before the page loads they perform a ‘handshake’. This ‘handshake’ is the process of them coming to an agreement over how they will encrypt all the information they send to one another. Once they have their agreement, they can go ahead and send encrypted data between them with nothing to worry about.

 

Wouldn’t the Encryption Slow Things Down?

Actually no. The great thing about modern encryption is that it makes it a far-too difficult process to decipher – if you don’t have the right keys. If you have the correct codes in your possession, then it is a nearly instantaneous process for your computer to calculate. This removes the worrying from the equation so that anyone can listen in on your communication with the server, but will not be able to understand anything being said at all.

 

Levels of SSL

Oh yes, ladies and gents. Now we get to the fun part of SSL! It stands to reason that something that handles security and encryption would come in varying layers of intensity – and for good reason. Firstly, high level SSL Certificates are very powerful, but also expensive. Moreover, the higher your security level, the more intense the verification process will be, and the longer it will take.

 

So if you are in the market for an SSL Certificate, then below is our guide for you to use. Please keep in mind that there are multiple companies that offer this service, but we will be focusing on the most widely known and trusted of them all; Comodo.

 

Domain Validation (DV) TLS/SSL Certificate

Single Domain | $100

Secure one fully qualified Domain name on a single certificate.

Wildcard | $450

Secure a single domain and an unlimited number of subdomains.

Multiple | $285

Secure multiple, distinct domains on a single TLS / SSL certificate.

These work by the Domain Owner performing a verification step with the Security company to prove that they have control over the domain. This is usually done with a verification email sent to the domain. Once done, the SSL Certificate is activated. All three come with a warranty of $250,000 in the event of a breach.

 

Organization Validation (OV) TLS/SSL Certificate

These packages perform the same functionality as the Domain Validation Certificates. Albeit with some differences.

Single Domain | $180

Wildcard | $450

Multiple | $330

The verification process for this species of Certificate requires that the Domain Owner verify specific company information like its name, address, etc. This is also the minimum required security level required for eCommerce websites. All three come with a warranty of $250,000 in the event of a breach.

 

Extended Validation (EV) TLS/SSL Certificate

Single Domain | $249

Multiple | $500

This is one of the strictest verification processes available. These Certificates require that highly detailed information be gathered on the company. Information pertaining to everything from the legal entity controlling the website, to the legal jurisdiction of the business address etc. all must be provided. Both options come with a warranty of $1,750,000 in the event of a breach.

 

 

UCC Multi-Domain TLS/SSL Certificates

Multi-Domain | $285

This Certificate is not intended to provide a higher level of security as much as it provides a wider spread coverage. It is aimed at securing large networks within organisations that run multiple email and data systems that all need to be secured. This option comes with a warranty of $250,000 in the event of a breach.

 

Assessing your Needs

Now, most of these options will not be applicable to someone in the average person’s position, these are not worth ignoring. If you have read any of our Articles on SEO, you will remember how many times we have made mention of how important SSL Certificates are for SEO purposes, and this is only increasing. Google has recently announced that it will gradually start requiring websites to have SSL installed, or face the ranking factor chopping block.

 

 

Conclusion

Showing users that you care enough to spend the cash on an SSL Certificate, to get that green padlock in their browser as a sign of trust, could be the deciding factor between a sale or not. Users are starting to savvy up on what all these things mean, and with the growing popularity of online purchases, it makes sense that they will be looking out for just those signs when making their decisions. Don’t misunderstand us, the Enterprise level solutions are overkill, but do get something modest to do your part in keeping the web, and your customers, safe.