You can’t create a secure website without installing a Secure Sockets Layer (SSL) certificate. This will allow visitors to load your website over Hypertext Transfer Protocol Secure (HTTPS). All of the data that they send to and receive from your website will automatically be encrypted. There are many different types of SSL certificates, so let’s cover off the options before deploying your website over HTTPS.
Single-domain SSL certificates are those that provide HTTPS for a single domain. You can use a single-domain SSL certificate to protect all of your website’s pages with HTTPS. As long as the pages share the same domain, a single-domain SSL certificate will suffice.
Single-domain SSL certificates support an unlimited number of pages, assuming they are located on the same domain. You don’t have to purchase multiple single-domain SSL certificates. One single-domain SSL certificate will cover all of your website’s pages.
Note that with SSLs, a single domain would not refer to covering all subdomains from a root or main domain. A single domain would mean it covers www.example.com, but would not cover sample.example.com, a subdomain.
Multi-domain SSL certificates, as you may have guessed, provide HTTPS for multiple domains. They support Subject Alternative Names (SANs), which are additional hostnames or domains. With a multi-domain SSL certificate, you can deploy the domains of multiple websites over HTTPS. Many certification authorities offer multi-domain SSL certificates that are good for up to 100 domains.
When compared to single-domain SSL certificates, multi-domain SSL certificates are more expensive. But depending on how many domains you have, a multi-domain SSL certificate could prove more cost-effective. You can buy one multi-domain SSL certificate for all of your domains rather than several single-domain SSL certificates.
With multi-domain SSLs, you would need to identify all domains and subdomains up front that you would plan to secure with a SSL and cannot be added later. You could secure www.example.com, sample.example.com as well as entire other domain as well, www.test.com and sample.test.com.
There are also wildcard SSL certificates. Wildcard SSL certificates fall somewhere between single-domain and multi-domain SSL certificates. They provide HTTPS for a single domain, but they support subdomains as well.
You can use a wildcard SSL certificate to protect your website and all of its subdomains with HTTPS. Maybe your website has a blog at blog.example.com, or perhaps it has a mail server at mail.example.com. A single-domain SSL certificate won’t protect subdomains such as these; it will only protect your website’s domain. A wildcard SSL certificate offers a solution. It will extend HTTPS to your website’s domain and all of its subdomains.
If you are just looking to cover both www and also the root domain, you can use a single domain SSL for that.
SSL certificates can be classified according to the way in which they are validated. Whether single-domain, multi-domain or wildcard, all SSL certificates must be validated. Validation is designed to confirm the identity of a website so that visitors can access it over HTTPS.
Domain-validated SSL certificates are validated by the Certification Authority that issues them. Of all the different validation methods, domain is the least stringent. With a domain-validated SSL certificate, the certification authority will only check to ensure that you have control over the website that you want to be protected with HTTPS.
The least commonly issues validation option, Organization-validated SSL certificates are a step up from their domain-validated counterparts. They are still validated by the certification authorities that issue them, but organization-validated SSL certificates require an additional screening process.
When you purchase an organization-validated SSL certificate, the certification authority will screen your business. It will check to ensure that your business owns and controls your website, and the certification authority will verify your business’s information.
Organization-validated SSL certificates are only available to businesses. With an organization-validated SSL certificate, visitors can click the padlock icon in the address bar next to your website’s domain to view information about your business.
When people are looking for the additional verifications to put more trust behind that you’ve been verified, many organizations would choose the Extended Validation route.
Extended-validated SSL certificates are the most stringent in terms of validation. With an extended-validated SSL certificate, the certification authority will conduct a thorough background check. It will still perform the same steps as required for domain-validated and organization-validated SSL certificates, but the certification authority will dive deeper into your business’s background.
The certification authority may verify your business’s name, legal status, address and more. Only after verifying this information will it issue you an extended-validated SSL certificate.
An extended-validated SSL certificate will create a green address bar for your website. The address bar will feature the same padlock icon achieved with a domain- or organization-validated SSL certificate. An extended-validated SSL certificate, though, will make part or all of the address bar green as well. The green address bar may encourage visitors to interact with your website, as they’ll feel a sense of security.
Over the last number of years, many browsers are no longer displaying the green address bar and have degraded many of the optical features that would make it stand out that you’ve gone through the process of validating your organization through these extended validation processes.
Finally, there are self-signed SSL certificates. Self-signed SSL certificates aren’t issued or signed by a certification authority. Rather, they are private keys that websites issue and sign themselves.
Self-signed SSL certificates eliminate the need for a certification authority. You can use a self-signed SSL certificate without jumping through the validation hoops of a certification authority. As a result, self-signed SSL certificates are easy to acquire and equally easy to maintain.
The problem with self-signed SSL certificates is that most web browsers display a “not secure” or similar message for websites that use them. Self-signed SSL certificates use encryption, but they leverage a self-issued and self-signed private key. Without a certification authority acting as an intermediary, web browsers don’t trust them.
Because web browsers don’t trust them, self-signed SSL certificates don’t offer a padlock icon. Some visitors may assume that your website has been hacked. Others may simply perceive your website as being less secure than those with a domain- or extended-validated SSL certificate.
Self-signed SSL certificates are inherently less secure because they don’t have a certification authority. They are prone to man-in-the-middle (MITM) threats. An attacker may intercept the communications between your website and visitors. For protection against MITM threats such as well, you should choose a different SSL type. Self-signed SSL certificates will only leave your website at risk for MITM threats.
Choosing the Right SSL Certificate
Not all SSL certificates are the same. Some of the most common types of SSL certificates include single-domain, multi-domain, wildcard, domain-validated, organization-validated, extended-validated and self-signed.
When shopping for an SSL certificate, consider how many domains you want to protect with HTTPS and whether they have any subdomains attached to them. You should also consider the validation requirements. Extended-validated SSL certificates have the most thorough validation requirements, whereas self-signed SSL certificates have the weakest validation requirements.
As we value ensuring that price is not a barrier to ensuring that communication is encrypted, almost all of our hosting solutions including our Elastic Web Hosting, WordPress Hosting, Multi Account Reseller Hosting, and Managed Cloud Servers support the free and automated SSL certificates that will continually renew your certificate every 90 days. Nothing for you to worry about to manage or maintain and the encryption level is the same as any paid certificate.
You can read more about how Let’s Encrypt works with FullHost.