In most webhostings there is the possibility to install a free SSL certificate from Let's Encrypt for each website, so that the page load for the visitors is encrypted, as it is now the industry standard. But there is also the possibility to obtain extended SSL certificates. Often there is a lack of clarity as to who needs which certificate and when.
Let's take a closer look. As always, explained in a beginner-friendly way.
What does an SSL certificate do anyway?
First, let's take a quick look at what an SSL certificate actually does. Simply put, an SSL certificate establishes a secure connection between a website and a visitor. This is to ensure that transmitted data cannot be intercepted. For this purpose, a kind of tunnel is established.
You can imagine that the walls of the tunnel are made of signs and numbers and so the signs and numbers of the information flow between the visitor and the site cannot be interpreted properly from the outside. Only the participants who originally established the connection can do that. That is, the website and the visitor. Thus, credit card information, messages and anything else remain between the two parties.
However, this technology is not only used for websites. An example that you also know is the sending of e-mails. That's why there are always encryption methods to choose from when setting up an e-mail address in Outlook and the like. If the thought of setting up an email address in email programs causes sweaty helps you by the way this article.
Encryption is thus achieved through various encryption protocols.
Difference between SSL and TLS - simply explained
Maybe you've been hearing more and more about TLS lately, but you're not sure what it actually is.
SSL stands for Secure Socket Layer and TLS stands for Transport Layer Security. You don't have to remember this, but it's good to have heard it.
Both are protocols which are used for the encryption of connections to protect against access to transmitted data by third parties.
TLS is basically the successor protocol of SSL, which provides higher security. TLS is already used in most security certificates, but they are still called SSL certificates because of user custom.
Many SSL certificates today already use version TLS 1.2 or 1.3. Lower versions are not recommended and some browsers react with warning messages if one is used.
SSL Certificate Types: DV, OV, EV - which means what?
If you only want to encrypt the connection between the website and the visitor, it is not necessary to choose a paid certificate over a free one, as the technology is basically the same.
However, if you want to ensure for your own website that the association or company is verified and the visitor can then also be sure that he has landed at the company that the website claims to be. For this purpose, there are paid extended certificates, which otherwise, however, technically do basically the same as the certificates from Let's Encrypt: They encrypt the connection between website and visitor via SSL (Secure Socket Layer).
A distinction is usually made between these extended certificates in DV (domain validation), OV (organization validation) and EV (extended validation). The issuance of these certificates is always preceded by more elaborate verification procedures to ensure that the website is legitimate.
To provide a bit of clarity, here is a brief overview of the specifics of each SSL certificate type:
DV stands for Domain Validation and it is checked by the certification authority (or CA for Certificate Authority) before issuance, if the orderer actually has influence on the domain. Either a specific email must be received and confirmed or the creation of a specific DNS record is required (if you are not sure what a DNS record is click here). A third possibility that a file has to be placed on the website, which proves that the orderer has access to it.
OV Stands for Organization Validation. Here, it is not only checked whether the ordering party has influence on the domain and, for example, can create a DNS entry required by the certification authority, but also whether the ordering party is demonstrably legitimate. For this purpose, the respective commercial register as well as public business directories are checked and the organization is contacted.
EV stands for extended validation. Often wrongly interpreted as enterprise validation. With this certificate, it is not only checked whether the ordering party has influence on the domain and can, for example, create a DNS entry required by the certification authority, but also whether the ordering party is demonstrably legitimate. For this purpose, the respective commercial register as well as public business directories are checked and the organization is contacted.
It is no coincidence that you read more or less the same thing twice in a row. In most cases, there is no significant difference between the validation process for OV and EV certificates.
What is the difference between free and paid SSL certificates?
Roughly summarized, the difference is that paid SSL certificates are issued only after a stricter validation and therefore enjoy a higher reputation. After all, not everyone can obtain such a certificate. There is usually no significant difference in the encryption.
However, in order for visitors to trust the website more, they must first notice that the website uses an SSL certificate with higher validation.
In the past, the more stringently verified certificate variants were immediately visible in the browser's address bar. For example, when a page with an EV certificate was visited, it was colored green in whole or at least in part. This immediately suggested a higher level of trustworthiness to the visitor.
In the meantime, however, this is no longer the case and it is hardly recognizable at first glance in a browser what kind of certificate is used by the page. It is usually only comprehensible when the more detailed information is called up by clicking on the lock symbol.
Another advantage of paid SSL certificates is that they are insured. If there is an incident where the encryption fails, there is a certain amount of coverage. As a rule of thumb, the higher the price of an SSL certificate, the higher the insurance coverage.
As with any insurance, you should always check exactly which cases are covered.
Which SSL certificate type is right for you?
When it comes to deciding between an EV SSL certificate and a DV SSL certificate, there are a few things you'll want to take into account. First, consider the level of security that you need. If you're running an online store or handling sensitive customer data, then EV SSL is probably a better option since it offers the highest level of security.
On the other hand, if you're just running a simple website or blog, DV SSL may be enough.Another thing to consider is cost. EV SSL certificates are more expensive than DV SSL certificates, so if cost is a factor then DV SSL may be the better option.Finally, think about how your website will be perceived by visitors. EV SSL can help to build trust and credibility, while DV SSL may not have as much of an impact. Ultimately, the decision between EV SSL and DV SSL comes down to your individual needs and budget.
However, it might also be that an EV Multi Domain SSL certificate would be right for you. Or an OV SSL maybe?
EV Multi Domain certificates
Multi Domain Certificates? What is that again?
Multi-Domain EV SSL Certificates offer the highest level of validation and security for your website. They provide up to 256-bit encryption and come with a Site Seal to show your visitors that your site is safe and secure. Multi-Domain EV SSL Certificates are also known as Unified Communications Certificates (UCC) because they can secure multiple domains and subdomains on a single certificate. This makes them perfect for businesses with multiple websites or a website with multiple subdomains.
Multi-Domain EV SSL Certificates are issued by Certificate Authorities (CAs) after verifying the business identity and ownership of the domain names. The verification process is more extensive than for other types of SSL Certificates, but it helps to ensure that your website is protected against phishing attacks and other online threats.
OV SSL vs DV SSL certificates
OV SSL offers more validation than DV SSL. OV SSL is short for Organization Validation SSL and it activated the green bar in browsers. To get an OV certificate, the Certificate Authority (CA) will perform additional vetting of your organization. This usually includes verifying your business registration and checking that your business is in good standing with the Better Business Bureau (BBB). The CA may also contact you directly to verify your identity and organization.
DV SSL is short for Domain Validation SSL. DV certificates only verify that you own the domain name, not that you are a legitimate business. To get a DV certificate, the CA will send an email to one of the registered email addresses for your domain. You must click on a link in the email to confirm that you own the domain.
Both OV and DV SSL offer strong encryption and are trusted by all major browsers. However, OV SSL provides an extra level of assurance to visitors that they are dealing with a legitimate business. This can help increase conversion rates and build trust and credibility for your organization.
If you're not sure which type of SSL certificate is right for you, your provider should be able to help but you can also get in touch with me.
Now you know the differences between the different types of SSL certificates. If you are wondering if an SSL certificate is working properly, you can find an article here that explains how to check this or directly my video here if you prefer: