All SSL Certificate Types Explained – Domain SSL, OV SSL, EV SSL, Multi/Single Domain SSL, Wildcard, Code Signing Certificates

SSL certificates use a public/private key pair system to enable secured connections between two points, such as a web server and a client. When a signed SSL certificate secures a website, it proves that the organization has verified and authenticated its identity with the trusted third party and since the browser trusts the CA, it follows that the browser now trusts that organization’s identity too. Although the term Secure Socket Layer certificates refer to encryption protocol Secure Socket Layer (SSL), the SSL protocol has been replaced by its successor Transport Layer Security (TLS) since the late 1990s. This is why SSL certificates are sometimes referred to as SSL/TLS certificates.

SSL/TLS CERTIFICATES – THE DIFFERENCES

The main use case for SSL/TLS is securing communications between a client and a server, but it can also secure email, VoIP, and other communications over unsecured networks. Most SSL certificates issued today offer 256-bit encryption. The real differences between SSL certificates on sale have to do with levels of validation. There are 3 main types of validation levels for SSL certificates. Domain SSLs, OV SSLs and EV SSLs are all domain-validated certificates using 256-bit encryption, but OV SSls and EV SSLs offer additional levels of validation executed by the Certificate Authority who sells and issues the certificate. Code Signing Certificates are not SSL certificates at all and are used to secure and authenticate software downloads.

Domain SSLs, OV SSLs and EV SSLs can also be issued as single domain SSls, multi-domain SSLs or wildcard SSLs. A single domain SSL is valid only for one domain name. A multi-domain SSL lists multiple distinct domains on one certificate. With an MDC, domains that are not subdomains of each other can share a certificate. A wildcard certificate is one that covers unlimited number of domains on the same server that the certificate is installed on.

Domain Validation SSL (Domain SSL)

Domain Validation is the least-stringent level of validation, making domain SSLs the fastest certificates to procure from the Certificate Authority. To obtain a domain SSL the applicant has to prove they control the domain. They can do this by following one of 3 standardized validation steps after the application is submitted. These are: altering the DNS record associated with the domain, responding to a verification email that is sent to fixed list of generic email posts at the domain name (such as hostmaster@), or placing a unique text file in the web server. Verification is usually automatic, as is the certificate issuance, making domain SSLs without additional validation the fastest issued certificate of all three kinds.

This level of validation is also the most inexpensive and is a good option for blogs, portfolio sites, or for small businesses that are just looking to quickly launch HTTPS, especially if a business doesn’t sell products via its website (e.g. a restaurant or coffee shop).

Organization Validation SSL Certificates (OV SSL)

OV SSLs are domain validated certificates with an added layer of verification conducted by the CA. This usually involves conducting third party checks of the organisation against trusted or established business databases, phonecall and locality validation, and more.

Extended Validation SSL Certificates

Extended Validation SSL Certificates are domain SSLs with fuller background checks than OV SSLs. The CA organization. In addition to the same checks as for OV SSLs, the CA also focuses on validating the operational and physical existence of the entity, in other words that they actually are present at the address they list. This validation is considered to be the highest level of trust for all certificates at this time, and is generally chosen by large enterprises, financial institutions, and eCommerce stores in order to communicate a strong sense of authentication with the intention to build a high level of brand trust. EV SSLs are usually one of the most expensive SSL certificates available, and may also take several days to be issued. Some CAs bundle additional features with their OV and EV certificates, such as malware scanning or additional insurance, but these are value-added add-ons.

Code Signing Certificates

A Code Signing Certificate is not an SSL certificate at all. Code signing certificates use public key encryption to authenticate the identity of a software developer or publisher, effectively assuring the user that the signed piece of software has not been tampered with. This is done by applying a digital signature of the software publisher and hashing it along with the software itself. This identity authentication of the software developer or publisher, and signing (validating) software intends to to guarantee an absence of unauthorized modification (for example through the addition of malicious code).

Code Signing and SSL certificates are both X.509 digital certificates, in other words they se the exact same standard. However, they cannot be used interchangeably. Unlike SSL/TLS, which is a protocol for securing communication in real-time, code signing is a time-stamped signature that can be used to verify publisher identity and software integrity. This identity authentication of the software developer or publisher, and signing (validating) software intends to to guarantee it hasn’t been tampered with.Outside of the fact that both make use of public key encryption, there’s not much other overlap.

What are self-signed certificates?
Any web site administrator can create and sign their own SSL certificate, and the security would be just as strong as the encryption protocol used. Since 2019, however, Chrome browsers began showing error messages when calling up non-https web sites and web sites using self-signed certificate, and other major browsers soon followed suit. In the current climate, public-facing web sites without SSL certificates or with self-signed certificates are generally considered to not be as trustworthy as those with SSL certificates issued by a certificate authority. Self-signed certificates are still used for internal web sites or applications that are not public facing.

For more information about SSL certificates, vist these sites
CIO.GOV: Frequently asked questions and answers about HTTPS certificates and certificate authorities.
Techtarget: Certificate Authority

SimplerCloud SSL Certificates
To purchase SSL certificates, use our Order forms: RapidSSL GlobalSign, Sectigo & Code Signing Certificates. More about RapidSSL certificates and installation from SimplerCloud.