So the time has come to purchase an SSL certificate. You find there are many different types to choose from from various companies.. Sow what is the difference between SSL certificates?
First, it’s important to realise what the function and purpose of an SSL certificate from an issuer is.
1. To encrypt communication between the browser of the visitor and the web server
2. To verify the authenticity of the website you are on
Those are the two main functions, both as important as each other.
Now let’s look at the different types of SSL’s:
Self Signed SSL’s
These are free and can be generated by yourself. They will only satisfy the role of encrypting the information They won’t verify the authenticity because anyone can generate these SSL’s and there is no independent source that will verify the information in the SSL.
These type of SSL’s would be suitable for personal use and not for commercial use or handling data of significant importance. As anyone could still hijack your site and generate a self signed SSL for their own dummy site.
These are provided to you by an certificate issuer. GeoTrust and Thawte are two which come to mind. The information which they will verify to be true will depend on the SSL you purchase. The difference between GeoTrust and Thawte is negligible. They offer similar products, under different brands which ultimately satisfy the same goal.
Typically, an SSL certificate is 128 bits. This does suffice for the likes of securely transmitting time limited sensitive information such as credit card information. Unless the information must remain secure for centuries to come, a 128bit certificate will suffice. For the likes of a credit card, they expire within a few years. Someone which intercepts data that is SSL secured can take hundreds of years before the data is deciphered. By which time, the credit card would have expired and even the owner would be long gone.
Encryption strength can be increased to 256bits or 1024bits or more. Personally, I go with 128bits.
The main difference
The main difference is the level of authentication done. Let’s take a GeoTrust RapidSSL for example. They will only go as far as verifying the domain name. So if you request an SSL certificate for say innohosting.com, GeoTrust will send an email to the WHOIS contact for innohosting.com. Thus only the domain owner will receive it and be able to confirm s/he owns the domain name.
Then you can opt of a QuickSSL which is more expensive, but still only verifies the domain name. The difference (apart from price) is that you receive a site seal. The purpose of the site seal is to increase trust between you and your visitors. The site seal is dynamic and will thus display your domain name in the site seal. The same level of verification is done as the RapidSSL which is considerably cheaper.
Moving up in the GeoTrust chain, we have the True BusinessID certificate. This takes validation a step further by validating your business. This may involve them calling the company number or sending a letter to the official company address. Once you receive the letter you will then confirm with GeoTrust that you have and provide any necessary information. You may have to provide identification information to them. This all depends on how thorough the company you are purchasing the certificate from decides to be.
This method further boosts consumer confidence. The encryption still remains the same (it may support higher encryption strength) but the validation process is the main thing that has changed. It will still function the same as their cheapest certificate, except that the level of authentication is more in depth. Your visitors can see that not only is the domain verified but your address is also correct and accurate.
Typically e-commerce sites with high volume will go for this option.
Extended Validation (EV) certificates
You may have noticed that on some sites you visit, your address bar turns green. That is because the company is utilising an extended validation certificate. This doesn’t mean they are any more or less secure, but the validation & authentication process is even more thorough. Wikipedia explains the process pretty well, see the quote below:
Only CAs who pass an independent audit as part of their WebTrustsm (or equivalent) review may offer EV, and all CAs globally must follow the same detailed issuance requirements which aim to:
- Establish the legal identity as well as the operational and physical presence of website owner;
- Establish that the applicant is the domain name owner or has exclusive control over the domain name; and
- Confirm the identity and authority of the individuals acting for the website owner, and that documents pertaining to legal obligations are signed by an authorised officer.
The above definition from Wikipedia sums the extent of validation required for EV certificates.
Wild Card Certificates
Wild card certificates enable the SSL to work on multiple subdomains. The amount is limited depending on which CA (Certificate Authority) is issuing the certificate.
For example, a standard SSL issued to innohosting.com will only work with innohosting.com. Whereas a wild card SSL will work on subdomains too such as client.innohosting.com, forum.innohosting.com, support.innohosting.com and so on. You have 1 certificate which will cover a range of subdomains and the main domain (only 1 single domain).
Do the different types of SSL’s really matter?
They can most certainly do. Imagine a website you are wanting to buy from. They have their address listed, but you have no sure way of knowing if that is a real address or a fake one posted to make the company look professional. As a result, you have your doubts and don’t purchase.
If that site had an EV certificate, then an independent authority would have already verified the company address to be true and accurate. You don’t need to go and visit them to make sure which isn’t always feasible. As a result, you would have continued on with the sale.
Where can I buy a certificate?
InnoHosting has issued thousands of SSL certificates already and includes them for free on most web hosting plans. If you have a web hosting account with InnoHosting, then we will install the SSL and make sure it’s working free of charge.
You can purchase highly discounted GeoTrust certificates from InnoHosting that will be issued to you directly from GeoTrust. The only difference is the price, everything else is the same as advertised on the GeoTrust website. Due to the volume of SSL’s we supply we are able to offer SSL certificates at a low price.
Visit http://InnoHosting.com/ssl.htm to purchase your SSL certificate.