- What is an SSL Certificate?
- Importance of SSL Certificate
- Type of SSL Certificates
- Which Type of SSL Certificate is Good for You?
- Validation Types of SSL Certificates:
- Important Factors in Considering the Best SSL Certificate Provider
- What is the best Free SSL Provider?
- Things to do after installing an SSL Certificate
- Conclusion
Imagine, you are driving on the highway at 100 km/hr – do you need to fasten your seatbelt?
You are observing the solar eclipse – do you need to put on protective eyewear?
Your website is up and running – do you need SSL certification?
The answer to all these questions is YES – and I’ll tell you exactly why!
Today’s era is all about technology; every single business is going online – and owing to the COVID-19 pandemic situation, the digital aspect of individuals has become much more critical. In this situation, Digital security and users’ privacy are integral aspects of the online ecosystem.
In this time of high technology and globalization, websites are not just there for information or entertainment, but also play a vital role in many areas of our daily lives; whether online shopping or online banking.
This whole scenario has motivated technology companies and communities to make a great effort to support, deal with the user’s privacy concern and mitigate the security risk over the internet and make it a more reliable and secure online ecosystem. One such server-client communication protection provider is the SSL Certificate.
In this article, we will discuss SSL certificates and their various types with different validation mechanisms. So without further ado, let’s start!
- What is an SSL Certificate?
- Importance of SSL Certificate
- Type of SSL Certificates
- Which Type of SSL Certificate is Good for You?
- Validation Types of SSL Certificates:
- Important Factors in Considering the Best SSL Certificate Provider
- What is the best Free SSL Provider?
- Things to do after installing an SSL Certificate
- Conclusion
What is an SSL Certificate?
SSL stands for “Secure Sockets Layer” protocol. It was first introduced by Netscape in 1994 for secure communication over the internet using various TCP protocols. It’s a security protocol that works on 443 port via TCP connection method while a website without an SSL certificate runs on port 80. The main objective of installing an SSL certificate on a website is the secure and encrypted transfer of information from the user computers to the website server over the internet.
It is not just about securing the website but also guaranteeing the user data via data encryption between server machine and user browser. It is a security protocol that builds encrypted links between browser and server. Thus server-client communication is fully protected. The SSL certificate does not just make your website secure, but it also helps to gain customer trust and high ranking on search engines.
The protection takes authentication for each participant and encrypts the messages sent back and forth, so any outsiders cannot listen to the communication.
Let’s consider a scenario: You visit a website to purchase some product using a credit card. When you type the domain name in the URL bar and hit the Enter button, suddenly a browser security notification page opens.
Now the question is; Will you still visit this website and make an online payment using your credit card against the product you purchased?
The majority of users just close the website, and maybe you are one of them too. This is totally understandable because data security is of utmost importance. If an SSL certificate is installed on the website, the browser shows a lock security icon in the URL bar instead of the security notification. Thus users’ trust is restored and businesses don’t end up losing valuable website traffic and potential revenues.
Importance of SSL Certificate
SSL certificate’s importance is not limited to security, privacy, and user trust, it also affects your website ranking on search engines. Since 2017, Google marked all those websites “Not Secure” that do not have an SSL certificate. The globally-used search engine will not rank your website and top web browsers like Google Chrome and Firefox also display a security warning message in the URL bar if an SSL certificate is not installed on your website. That’s bad news for your business.
Type of SSL Certificates
To protect the website with easy management and in a cost-efficient manner, there are three types of SSL certificates available.
1. Single-Domain SSL Certificate(s):
The name of this certificate is self-explanatory. It tells us that this certificate is valid and only used for one fully qualified domain name (FQDN). This way, a certificate contains only one Subject Alternative Name (SAN) field and references for a single domain name like devrims.com or www.devrims.com. The single-domain SSL supports both www and non-www URLs, for example, https://mywebsite.com and https://www.mywebsite.com.
However, some SSL certificate issuers don’t support single-domain SSL on both URLs (www and non-www). So, make sure when you purchase the single-domain SSL whether it will support www and non-www URLs. Devrims provide a free unlimited SSL certificate with an auto-renewal option with a single click.
Note: Any domain with www and without www is not considered two different domains but one domain name.
2. Multi-Domain SSL Certificate(s):
The objective of this certificate is to provide easy management solutions for managing SSL certificates of multiple domain names in the form of one certificate file. Multi-Domain SSL is commonly known as Subject Alternative Name (SAN) and Unified Communication Certificate (UCC).
A Multi-Domain SSL protects several different domain names which can be a top-level domain or a subdomain. Generally, the Multi-Domain SSL covers 250 domain names but the number of domain names also depends on certificate authority.
3. Wildcard SSL Certificate:
This certificate is used for securing all the subdomain names of one top-level domain name. It allows users to use one certificate for one primary domain name and all of its subdomain names. For example, a wildcard SSL certificate issued for *.domain.com would protect blog.domain.com, store.domain.com, www.domain.com, etc. Users can secure an endless number of subdomains, but only for one primary domain.
Now that we have understood what an SSL certificate is and what are some of its most important types, let’s understand how you can choose which type of SSL certificate is ideal for your website.
Which Type of SSL Certificate is Good for You?
The use of an SSL certificate depends on your requirements. If you have only one domain name and you don’t have a plan to add any subdomain and other domain names, then a single SSL certificate is cost-effective with full security coverage.
If you have many domain names and want cost-effective security coverage and easy management solutions, then Multi-Domain SSL is a good choice for you.
The wildcard SSL certificate usage is a little bit difficult if your organization or business wants EV validation because a wildcard certificate gives you full coverage of unlimited sub-domain names of one primary domain name without EV validation. If you don’t want EV validation and you have a different sub-domain related single primary domain name in use, then wildcard SSL is the best choice.
Single-Domain SSL | Multi-Domain SSL | Wildcard SSL |
Certificate for one domain name. | Single certificate for multiple domain names. | Single certificate for unlimited sub-domain names of one primary domain. |
mywebsite.com | mywebsite.com, mywebsite.net, mywebsite1845.com | Shop.mywebsite.com, blog.mywebsite.com, live.mywebsite.com |
DV, OV, and EV all levels of validation supported. | DV, OV, and EV all levels of validation supported. | Only DV and OV level of validation supported. Not EV validation supported. |
Only one domain name was supported. | The number of domain names supported depends on CA or generally 250 domain names. | Unlimited sub-domain covered. |
Only one domain name was covered which was defined during certificate issuance. | All domain names are secured, which were defined during certificate issuance. | Any sub-domain name can be added or removed at any time. |
Support www and non-www URLs. | Support www and non-www URLs. | Support www by the asterisk (“*”) and non-www also supported. |
Issued Immediately. | Issuance Time-Period is more than 3 days. | Issuance Time-Period is more than 10 days. |
So far so good. Now, some domain names contain company names and information when it is open in the browser. Do you know how it’s done? If not, the next section is for you!
Validation Types of SSL Certificates:
Many types of SSL certificate validations offer different value propositions and unique cases. Let’s discuss them one by one.
1. DV (Domain Verification):
SSL Certificates are issued when the certificate authority checks to make sure that the applicant actually has the right or ownership of the domain name. The company identification is not verified during certificate issuance and the DV certificate can be issued immediately.
2. OV (Organization Validation):
SSL Certificate which is a high assurance one is used to validate a company or business. An organization or business is verified by the certificate issuance authority and the applicant must provide an acceptable business proof document to the certificate authority during the certificate issuance process.
The additional verified company information is displayed to the customer when the Secure Seal or Secure Lock or browser URL bar is clicked by a user. It gives an enhanced trust to the user on the company or website. Normally, an OV SSL certificate takes three days to be issued.
3. EV (Extended Validation):
SSL Certificate is issued only when certificate authority verifies that the applicant has the right to the domain name plus CA conducts an organization investigation and verification check in detail as per the guidelines mentioned in the EV Guidelines. The EV Guidelines were created in 2007 at the CA/Browser Forum.
The summary of the main points of the EV Guidelines mentioned below:
- Applicants must provide the required documents to verify the legal, physical and operational existence of the business.
- Must provide the documents to identify the business matches official records.
- Complete the domain name authentication process and the domain name matches with the organization name, also registered with ICANN or an IANA registrar.
- Must verify that the domain name and that the business has properly authorized the issuance and use of the EV Certificate.
- Telephonic verification is also required.
The EV certificates are issued and used by all types of organizations and it takes more than 10 days to be issued.
So who is the Best SSL Certificate Provider? The answer can be determined based on some crucial factors.
Important Factors in Considering the Best SSL Certificate Provider
First, let’s cover all those factors that help us to choose the best SSL provider. There are 9 critical factors you must know before purchasing an SSL certificate.
1. Type of Certificate Required
The first thing is to analyze your SSL certificate requirement and decide which type of certificate you need, such as a single-domain SSL certificate, multi-domain SSL certificate, or wildcard SSL certificate. Once you have decided, then make sure the SSL provider is providing the certificate you need. It is good if the provider offers all types of SSL certificates because you never know when you have to buy another certificate for your new domain name. So, it is to purchase and manage all the certificates from one provider.
2. Required Validation Level
We already cover the types of validation in the SSL certificate in the above section of this blog. Now let’s decide which type of validation you need, i.e. Domain Verification (DV), Organization Validation (OV), and Extended Validation (EV) SSL Certificate.
Make sure that the SSL provider gives you the certificate with the validation level you need.
3. History of Company
Make sure the company is in business for at least 15 years because there are so many new SSL providers in the industry that are not trusted and sometimes run away in a night. So the company’s reputation is a significant factor because your website security is in the hand of your SSL provider.
4. Presence of EV for the SSL Provider Company
Ensure that an Extended Validation (EV) SSL Certificate is installed on the SSL provider website because so many providers cannot get the Extended Validation (EV) SSL Certificate for themselves.
5. Auto-Renewal Options
Everyone wants easy management of the SSL certificate, so make sure that the SSL provider gives you an Auto-Renewal Option for the SSL certificate.
6. Customer Support
You never know when you need help, and security vulnerability never knocks on your door. So, make sure that the SSL provider offers 24/7 live support over chat or phone, or both.
7. Issuance Time
Time is a valuable factor in your online success, so make sure that the certificate’s issuance time is not that long. A Single-Domain SSL certificate is issued immediately, Multi-Domain SSL certificate takes typically three days whereas a wildcard SSL certificate issuance takes about 10 days.
8. Pricing
Everyone wants to save the cost, especially when it’s a recurring one. Just list two or three providers based on the above selection parameter and select anyone according to your budget.
After detailed research, we find the top 5 SSL providers.
Name | Pricing | Pros | Cons | Website Link |
Comodo SSL | Starts at US$7.27/year | ● Affordable ● Great Customer Support |
Validation takes time | https://comodosslstore.com/ |
GeoTrust | Starts at $87/year | ● Offers customized enterprise solutions ● Great value for money |
Validation is time-consuming | https://www.thesslstore.com/geotrust.aspx |
Entrust Datacard | Starts at $208/year | ● Can manage multiple certificates ● Great reputation as a swift operator |
Expensive Service | https://www.entrust.com/ |
GoDaddy | Starts at $59.99/year | ● Great security ● Good pricing structure |
May include hidden prices | https://www.godaddy.com |
Thawte | Starts at $47/year | ● Great Pricing ● Good browser compatibility |
Validation is time-consuming | https://www.thesslstore.com/thawte.aspx |
DigiCert | Starts at US$188/year | ● Supports Norton ● Great Wildcard Option – |
Expensive Pricing Plans | https://www.digicert.com/ |
What is the best Free SSL Provider?
The most trusted and the best Free SSL provider is Let’s Encrypt. The reason is simple; they provide great customer service with excellent level encryption security – and it is all free!
This company was launched in 2016 with a mission to secure the world wide web by providing a free SSL certificate. Let’s Encrypt is a Certificate Authority (CA) that provides an easy and most straightforward way to install free TLS/SSL certificates, by allowing encrypted HTTPS on web servers to make website communication encrypted and secure. They have almost the same security features and reliability as any other existing certificate authority in the market.
Let’s Encrypt provides rate limits to ensure fair usage by as many people as possible. It is a free and open Certificate Authority (CA) with security and privacy-respecting to the web to people who want to secure their websites with HTTPS, but it also has some limitations.
The domain name must be live to install the Let’s Encrypt certificate, which means you add the domain name in your application and DNS propagation is completed globally before installing Let’s Encrypt SSL.
Let’s Encrypt only issues five certificates per FQDN in a week. For example, if you installed an SSL certificate on mywebsite.com and due to some reason you revoke it and reinstall the certificate. In this case, you can only install five certificates in a week on the mywebsite.com domain name.
Let’s Encrypt has a technical limitation of 100 domains per certificate. Also, DEVRIMS provides a free Let’s Encrypt SSL certificate in One-Click with an auto-renewal option for unlimited application or domain names.
Now that we have understood all about what to consider and how to find the best fit SSL certificate provider, let’s discuss post-installation details
Things to do after installing an SSL Certificate
In this section, we cover all of the critical tasks to do after installing an SSL certificate.
Redirect HTTP to HTTPS
Installing an SSL certificate is not enough to redirect your website from HTTP to HTTPS. After the installation, the website is globally available via HTTP by typing http://website.com. To block the HTTP access, you need to redirect the website from HTTP to HTTPS, so that all traffic coming from HTTP will redirect to HTTPS which is secure and encrypted.
The redirection rule depends on your website development technology. We cover the HTTP to HTTPS redirection rule of WordPress CMS, which is a widely used CMS as an example. Kindly add the below-mentioned rule in the .htaccess file present in the root directory of the WordPress application. Don’t forget to make a backup copy of the .htaccess file before any update for future reference.
RewriteEngine On RewriteCond %{HTTP:X-Forwarded-Proto} !https RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
Blocking the HTTP version of your site (optional)
Once the SSL certification is up and running, usually your hosting company overwrites the HTTPS version over HTTP. But sometimes it stays there. In such cases, you need to manually block the HTTP version of your website. Now the method for doing so is a bit unconventional. It can also result in some agitation for your site visitors. But by blocking the HTTP version, you actually remove ambiguity from the base of the server.
The only issue that stays is customers who are still accessing your site via cache as they will keep accessing the older version. However, the security purpose is served in the longer run.
Using HSTS Protocol
HSTS or HTTP Strict Transport Security Protocol is essential here. It helps in preventing man-in-the-middle attacks that use SSL stripping as the base. For generating this protocol, you have to send a request from the HTTPS version of a site to its HTTP version. By enabling the HSTS protocol, you can ensure that for the next whole year, anyone trying to load the HTTP version of your domain will be automatically redirected to the HTTPS version. This obviously saves you from all sorts of cyberattacks and phishing threats.
Disabling Vulnerable TLS Versions
Transport Layer Security (TLS) is another cryptographic protocol providing data encryption very much like the SSL. You need to disable TLS 1.0 and 1.1 immediately because browsers are officially removing support from these two versions. The best practice is to, of course, configure your server to support the latest protocol version.
Now Devrims supports all TLS versions but it is time to get rid of 1.0 as it has proven to be vulnerable to attacks like Beast, Drown, and Poodle.
Remember, ensuring that your website’s visitors have a secure connection with your website is your duty. So, you can choose from any of the steps above whichever is most applicable and most convenient for you to make your website more secure.
Want to check the TLS version supporting SSL on your application? Try here: https://www.cdn77.com/
Verifying SSL Certificate after Installation
After installing an SSL certificate, kindly make sure that the certificate is properly installed with chain files, also confirm the certificate expiry date for on-time renewal purposes. There are so many online tools available to verify the SSL certificate like https://www.sslshopper.com.
Conclusion
Over the last few years, SSL certificate usage has increased dramatically. If your business hasn’t installed it on your website – you need to get it ASAP. But before you dive right into installation, it is important to understand the foundations of SSL certificates – like what it is and how it works. For this purpose, we have compiled this comprehensive article for you. Got any further queries? Just comment below!