SSL Certificate: What It Is and Why Your Site Needs One
February 27, 2021
- Extended Validation Certificates (EV SSL)
- Organisation Validation Certificates (OV SSL)
- Domain Validation Certificates (DV SSL)
- Wildcard SSL Certificates
- Multiple domain SSL Certificates
Let us now look at each of them.
1. Extended Validation Certificate (EV SSL)
This type of SSL certificate is the most expensive. The vetting process that comes with it is also the most extensive. To get an EV SSL, you would need to provide the following:
- Verification of the ownership of your domain name.
- Verification of the physical address of your organisation.
- Verification of the legal existence of your business.
This is how it looks on Firefox browsers.
The name of the business and country of operation are both visible (marked by the red box).
In Chrome, this is how it looks.
When you click on the padlock, it shows you additional information.
If you are not sure if you need one, then send us an email. We love helping business owners make informed decisions.
Next, we would cover
2. Organisation Validation Certificate (OV SSL)
This type of SSL certificate requires the website owner to provide identity proof. It lets the website visitors know that it’s a verified website.
The verification process of this type of SSL is not as extensive as that of EV SSL. Thus, it costs less than the one above.
On Firefox, this is how an OV SSL looks like.
As you can see above, the name of the business, as well as the country it’s based in, are shown. If your website takes payment or requires visitors to input sensitive information, then we strongly recommend you get an OV SSL for your site.
3. Domain Validation Certificate (DV SSL)
Compared to EV and OV SSLs, this is way easier and cheaper to get. All you provide is proof that you are the rightful owner of your website.
With this SSL, the browser would just show a padlock and HTTPS. It offers less secure encryption.
Thus, it is best for blog sites or websites that do not handle sensitive information. The downside is, your visitors would not know who or what organization owns the website.
Number four is
4. Wildcard SSL Certificates
This type of SSL certificate is for base domains and an unlimited number of subdomains.
For example, www.hubspot.com is a base domain. Subdomains associated with this domain are support.hubspot.com, marketing.hubspot.com, sales.hubspot.com, etc.
A wildcard SSL certificate would secure all of the domains mentioned above and its subdomains.
5. Multiple Domain SSL Certificates
As the name suggests, this type of SSL certificate would be able to secure up to one-hundred base domains.
For example:
www.cmi.com
www.sej.com
www.ahrefs.com
www.semrush.com
www.semrush.in
www.semrush.org
One multiple domain SSL certificate would be able to secure all of the above and more. Now, this type of SSL is not exclusive in itself.
These come with EV or OV features.
How exactly does an SSL certificate work?
We would now discuss how an SSL certificate uses the HTTPS protocol to keep your data safe.
Let us say a visitor, named Amanda, is trying to access your website medimelbourne.com (an example site).
Here is what happens:
- Amanda’s browser asks the webserver of medimelbourne.com for its secured pages.
- In response, the webserver of medimelbourne.com sends its public key (a digital ID for servers and websites) along with its SSL certificate to Amanda’s browser.
- Amanda’s browser, at this point, needs to verify that the SSL certificate is valid. It does so by matching the public key from medimelbourne.com’s server against those in its database. If the key matches one in the database, then the authenticity and validity of the SSL certificate are verified.
- After the verification, a padlock appears beside the URL on Amanda’s browser. It indicates that the webserver is really the one containing the medimelbourne.com website.
- It’s not over. Amanda’s browser now takes another precautionary step. It creates a pair of identical private keys. It keeps one to itself. The other one is sent to the webserver in a data pack encrypted by the public key that the server initially sent to the browser (refer to step 2 if necessary).
- The web server of medimelbourne.com uses its own private key to decrypt the data pack. It now has the private key Amanda’s browser created for it. A secure connection is now established between the server and the browser. From now on, this connection would be used by Amanda’s browser to fetch the pages of medimelbourne.com from the server.
