An SSL certificate shows that the Internet resource can be trusted and that the company that issued the certificate guarantees it.
There are several main types of certificates that indicate the level of validation of a certain company: domain validated (DV), organization validated (OV), and with extended validation (EV). You can choose the most appropriate SSL certificate for each type of website (informational, commercial, service, blog). So, let’s review the main types of SSL you are able to choose from.
Free SSL certificates
- They are free. This is a significant advantage for those site owners who cannot afford a paid certificate but they strive to provide their visitors with a secure connection. Let’s Encrypt does not require the installation or renewal of the certificate. If you want to, you can make a donation on the project website.
- Certificates are issued automatically. You can allow the Let’s Encrypt client to independently download, install, and renew certificates. However, if you are worried about them setting up your server, you can do it manually.
- Reliability and safety. Although Let’s Encrypt SSL certificates are free, it does not mean that their encryption level is lower than that of paid certificates. Let’s Encrypt adheres to the highest encryption standards and offers certificates of high reliability.
- No extended validation. When issuing a certificate, only the client’s ownership of the domain is verified. Thus, anyone on the Internet can create a certificate with the name of any organization and pretend that the site is related to it.
- Certificates are issued for a total of 90 days. This is rather an inconvenience for users, rather than a significant disadvantage of a certificate. The fact is that by issuing a certificate for just 90 days and not for 1 year, Let’s Encrypt tries to reduce the damage caused by those keys and certificates that were issued by mistake. Having a shorter validity period, such certificates will cause less damage than the ones issued for a year.
- Compatibility issues. Let’s Encrypt certificates are not compatible with earlier versions of operating systems. In addition, compatibility issues may also happen with older versions of mobile software. To make sure that there will be no problems with your operating system or mobile firmware, check whether they are on the list of compatible devices and programs on the Let’s Encrypt official website.
- No customer support. You will not find chat or telephone support on their website, only technical documentation in English. Some questions about these certificates are discussed in the thematic forums and it is there that you can find answers to your questions.
- No warranty or monetary compensation. Unlike commercial certificate centers, Let’s Encrypt provides no guarantees. If the certificate is cracked or someone loses money due to a certificate issued to the fraudulent site, the losses will not be reimbursed.
Most users know Cloudflare as a CDN provider, although it also provides a free SSL certificate service. If you use free Flexible SSL from CloudFlare, traffic will be encrypted from the visitor to the CloudFlare server, but not from the CloudFlare server to your one! This makes it not as reliable as a high-grade SSL certificate. CloudFlare still provides full SSL support, but in order to use it, you need an SSL certificate installed on your source server. As long as you do not collect and process confidential information on your website, the SSL from CloudFlare is fine and will provide enough security. This is also one of the most recommended free SSL providers on Reddit and Quora.
- A huge set of basic features — for free;
- Free SSL;
- The “Site under attack” function protects against small DDoS attacks;
- Convenient DNS control panel;
- Moving to another hosting site with a zero timeout, instantly;
- Caching effectively saves resources and increases speed.
- The free SSL does not apply to subdomains of the *.hello.world.com subdomain;
- The free SSL will not work on Windows XP and older versions.
- The traffic from CloudFlare to your server is not encrypted, that is, wholesale providers, trunk providers, and the NSA can still read all requests in text format.
- Traffic is subject to man-in-the-middle attacks (MITM), where another server can impersonate another server and receive its traffic (although this problem also applies to the “Full” SSL setting, you will need to change to “Strict” in order to avoid this).
FreeSSL from Symantec is a special offer from a world famous brand, a free SSL certificate for the site.
- High reliability.
- Convenient control panel.
- Limited access: it can be used by non-profit companies and start-ups. For everyone who does not fall into this list, there is a waiting list.
Paid SSL Certificates
Comodo is one of the most popular certification centers at the moment and offers different types of certificates with different types of validation: it verifies ownership of the domain, documents of the organization, and its financial condition.
Comodo offers 2048-bit encryption for DV, wildcard and EV certificates. The UC certificates have 128-bit or 256-bit encryptions. With the SSL-certificate, you will receive a compensation guarantee in case someone intercepts your personal information. The certificate is 99,9% compatible with all known browsers and offers a certain degree of protection for domains, subdomains, and multi-domains, depending on the type of certificate. With the certificate, you can also receive the Comodo logo, which is placed on the website. This greatly increases user confidence but is only available for the wildcard and EV certificate types.
Five of the twelve Comodo certificates for sites can be tested for 10 days. You will receive and install a certificate for free and after 10 days, you can decide whether you want to buy a Comodo SSL certificate or not. If you decide to buy a Comodo SSL, you will not need to reinstall it. Comodo guarantees the security of the personal data people leave on sites. If the certificate was issued incorrectly or the attackers crack the certificate’s cipher, Comodo compensates the loss of the site visitors. The amount of the guarantee depends on the type of certificate. The minimum guarantee is $10,000 paid for PositiveSSL and Comodo Wildcard PositiveSSL, and the maximum guarantee is $1,750,000 for Comodo EV SSL. Along with the SSL certificate, Comodo issues a seal of trust. This is a logo that can be published on the site. It displays information about the company that received the certificate and the certificate’s authority and validity period.
- There is an option to test the certificates within 30 days.
- Free certificate upgrade.
- There is an option to protect unlimited subdomains with one certificate.
- No paperwork. The entire procedure of validation is exclusively done online.
- Most certificates are issued very fast in up to one hour.
- A wide range of pricing points.
- Some certificates require additional payment to protect multiple domains.
Symantec provides quite expensive certificates, which have many additional functions along the basic ones.
Each certificate has 256-bit encryption, provides the Symantec logo to be posted on the site, and offers a daily scan for vulnerabilities. There are five different types of certificates that have been developed: Secure Site (DV), Secure Site Pro (DV), Secure Site Wildcard, Secure Site with EV, and Secure Site Pro with EV.
The vulnerability scan feature is included only in the Secure Site Pro, Secure Site with EV, and Secure Site Pro with EV certificates. Symantec Certificate Authority provides the largest money compensation guarantee, and this is due to the cost of certificates. SSL from Symantec is suitable for sites with high traffic, for Internet portals of national importance and large commercial sites for which the guarantee of the security of visitor data is vital.
Symantec SSL certificates are supported by 99.9% of browsers. This means that the site where the certificate is installed will work using the https protocol and the browser will display a green lock next to the site name. In addition, Symantec issues a Norton Secured Seal. This is a logo with information about the site and the terms of its protection which can be displayed on the page. By having a Symantec SSL certificate, you can install such a seal on your site. An installed certificate ensures that personal data is not stolen. The center compensates losses to site visitors if the certificate was issued incorrectly or attackers hacked the certificate cipher. Symantec pays a minimum guarantee of $10,000 for Rapid SSL and a maximum of $1,750,000 for Secure Site EV.
- Easy process to get the certificate.
- 256-bit digital certificates.
- Money-back guarantee within 30 days.
- Ability through the license of several servers.
- User-friendly control panel.
- Free daily website scanning for malware.
- Great customer support.
- All the plans are very expensive — there are no cheap options.
This provider belongs in the middle price segment. Among its features, there are an unlimited number of servers, free reissuing of certificates, as well as a limit of 24 names for certificates.
GeoTrust company produces 5 types of certificates: EV, wildcard, OV, wildcard with OV, and DV. Each of them supports 2048-bit encryption for root domains and 256-bit encryption for all other names. GeoTrust certificates are compatible with 99% of all browsers, although not all mobile devices are supported. The company issues certificates with a high level of encryption. This is undoubtedly an advantage for this company. If a site visitor suffers losses due to the breaking of a cipher or an incorrectly issued certificate, the center will pay compensation. GeoTrust pays a minimum guarantee of $500,000 for QuickSSL and a maximum of $1,500,000 for GeoTrust EV SSL. GeoTrust certificates can be returned within 30 days from the date of issue for a full refund for any reason: the certificate does not fit your needs, you decided to go with another provider, or you decided not to use a certificate at all.
- A free 30-day trial.
- Flexible refund policy.
- Attractive prices.
- Up to 25 domains with one certificate.
- Convenient control panel for large enterprises.
- All the certificates are issued very fast compared to other providers.
- No forum support.
- The pricing structure is not so flexible compared to the one of other providers.
If you are looking for a low-cost solution for your site, consider certificates from RapidSSL (part of GeoTrust, an international trusted certificate authority). The cheapest Rapid certificate starts from $59 per year.
- The highest level of encryption.
- Really cheap entry level SSL certificates.
- Additional bonuses for those users who switch to RapidSSL from other companies.
- 30-day money back guarantee.
- Compensation guarantee.
- No paperwork.
- All the certificates are issued very fast.
- Limited SSL certificate options.
The entry-level certificate from Thawte costs only $32.07 per year. This type of certificate (SSL123) confirms that the certificate was received by the domain name owner and is suitable for a small Internet resource or for internal networks.
The certificate provides a basic set of protection for sites with low and medium traffic. Getting a certificate does not take much time since the validation itself is carried out fairly quickly. Thawte also offers business-level certificates. This is a type of SSL Web Server. To obtain it, it is necessary to pass the validation of the domain name and the affiliation of the organization’s website, which is indicated in the certificate.
Thawte also offers certificates with extended company verification — SSL Web Server with EV. Thawte is truly a world-class company. The ThawteTrusted Site seal, which is available in 18 languages, helps visitors verify the authenticity of the Internet resource in their native language. There are also certificates which support the IDN domains. IDN domains use the national alphabet instead of the Latin alphabet. For these domains, you need to select special certificates, not all are compatible with them. So, Thawte is a great solution if you live in a country where the alphabet is different from the Latin one.
Thawte guarantees the security of personal data that users leave on the site. The center compensates losses to visitors if the certificate is incorrectly issued or its cipher was hacked. The amount of the guarantee depends on the type of certificate. The minimum guarantee is $500,000 paid for SSL123, and the maximum guarantee is $1,500,000 for the SSL Web Server with EV Multi-Domain.
- The certificates are supported by almost any browsers.
- 256-bit encryption.
- Test drive for 21 days.
- Wide range of issued certificates.
- Supports internationalized domain names.
- All the certificates are issued exclusively online.
- If you want to protect several domains, you will need to make additional payments.
Domain Validated SSL Certificates
Good for: individuals, entrepreneurs, and companies.
What it looks like: green lock in the browser bar.
How to get it: DV-certificate is easy and quick to get because you do not need to provide any documents. The certification center will send a letter to the e-mail in the site domain, for example — email@example.com. To confirm the ownership of the domain, you need to click on the link in the letter.
- Fast receiving: it takes between 5 minutes to 2 hours to validate the DV certificate
- Validation with E-mail or DNS
- Low cost
- There is no need to provide a large number of documents
- Lack of trust in the site
- Avoid using it for commercial purposes
- It is impossible to determine information about the organization
Organization Validated SSL Certificates
Good for: organizations only.
What it looks like: green lock in the browser bar + dynamic trust printing + company information in the certificate.
How to get it: It takes between 3-10 business days. A certification center must ensure that you are a real company. In order to verify this, it checks the information in the register of organizations. You need to provide statutory documents and answer the test call from the certification center. The certification center will send a letter to the e-mail in the site domain, for example — firstname.lastname@example.org. To confirm the ownership of the domain, you need to click on the link in the letter.
- High level of trust from visitors
- Quite a low price
- Long validation process
SSL Certificate with Extended Validation
Good for: organizations.
This type of certificate is very reliable, providing the highest level of security, and disclosing the organization behind the domain name. SSL with extended validation establishes that the organization owns the domain, the legal status of the company, and detailed information about it. At the same time, in the address bar of the certified site, there will be the name of the company, notifying all visitors that they work with a reliable organization on a secure channel.
- An increase in conversion-rate
- Fewer denials (that normally happen when buyers, having filled out a purchase form, suddenly change their mind)
- Very strict validation
- The issuance of a certificate can take from several days to two weeks
SSL with a Green Bar
Good for: organizations only.
Looks like: green bar + company name in the browser line
How to get: It takes between 10 to 14 days. A certification center must ensure that you are a genuine, reliable company. In order to do this, it checks the information in the database and register. You also need to provide documents (depending on the type of organization and certification center) and answer the test call from the certification center. It will also send a letter to the e-mail on the site domain, for example — email@example.com. To confirm the ownership of the domain, you need to click on the link in the email. The green line is a visual indicator of a site’s reliability. Only reliably protected resources are denoted with an EV-certificate. Such certificates are most often used by banks since clients should be as secure as possible and be able to enter secret codes and information without fear.
- a green bar increases the conversion-rate
- reduction of interrupted operations
- increase in repeat orders in large volumes
- High cost
If a certificate protects several subdomains, it is called wildcard. It is issued by most SSL providers and is usually more expensive.