An SSL certificate shows that the Internet resource can be trusted and that the company that issued the certificate guarantees it.
There are several main types of certificates that indicate the level of validation of a certain company: domain validated (DV), organization validated (OV), and with extended validation (EV).
You can choose the most appropriate SSL certificate for each type of website (informational, commercial, service, blog). So, let’s review the main types of SSL you are able to choose from.
They are free. This is a significant advantage for those site owners who cannot afford a paid certificate but they strive to provide their visitors with a secure connection. Let’s Encrypt does not require the installation or renewal of the certificate. If you want to, you can make a donation on the project website.
Certificates are issued automatically. You can allow the Let’s Encrypt client to independently download, install, and renew certificates. However, if you are worried about them setting up your server, you can do it manually.
Reliability and safety. Although Let’s Encrypt SSL certificates are free, it does not mean that their encryption level is lower than that of paid certificates. Let’s Encrypt adheres to the highest encryption standards and offers certificates of high reliability.
Cons
No extended validation. When issuing a certificate, only the client’s ownership of the domain is verified. Thus, anyone on the Internet can create a certificate with the name of any organization and pretend that the site is related to it.
Certificates are issued for a total of 90 days. This is rather an inconvenience for users, rather than a significant disadvantage of a certificate. The fact is that by issuing a certificate for just 90 days and not for 1 year, Let’s Encrypt tries to reduce the damage caused by those keys and certificates that were issued by mistake. Having a shorter validity period, such certificates will cause less damage than the ones issued for a year.
Compatibility issues. Let’s Encrypt certificates are not compatible with earlier versions of operating systems. In addition, compatibility issues may also happen with older versions of mobile software. To make sure that there will be no problems with your operating system or mobile firmware, check whether they are on the list of compatible devices and programs on the Let’s Encrypt official website.
No customer support. You will not find chat or telephone support on their website, only technical documentation in English. Some questions about these certificates are discussed in the thematic forums and it is there that you can find answers to your questions.
No warranty or monetary compensation. Unlike commercial certificate centers, Let’s Encrypt provides no guarantees. If the certificate is cracked or someone loses money due to a certificate issued to the fraudulent site, the losses will not be reimbursed.
Most users know Cloudflare as a CDN provider, although it also provides a free SSL certificate service. If you use free Flexible SSL from Cloudflare, traffic will be encrypted from the visitor to the Cloudflare server, but not from the CloudFlare server to your one! This makes it not as reliable as a high-grade SSL certificate. Cloudflare still provides full SSL support, but in order to use it, you need an SSL certificate installed on your source server. As long as you do not collect and process confidential information on your website, the SSL from Cloudflare is fine and will provide enough security. This is also one of the most recommended free SSL providers on Reddit and Quora.
Pros
A huge set of basic features — for free;
Free SSL;
The “Site under attack” function protects against small DDoS attacks;
Convenient DNS control panel;
Moving to another hosting site with a zero timeout, instantly;
Caching effectively saves resources and increases speed.
Cons
The free SSL does not apply to subdomains of the *.hello.world.com subdomain;
The free SSL will not work on Windows XP and older versions.
The traffic from Cloudflare to your server is not encrypted, that is, wholesale providers, trunk providers, and the NSA can still read all requests in text format.
Traffic is subject to man-in-the-middle attacks (MITM), where another server can impersonate another server and receive its traffic (although this problem also applies to the “Full” SSL setting, you will need to change to “Strict” in order to avoid this).
If you’re looking for an SSL certificate provider that won’t break the bank, SSL.com might be a good solution. SSL.com is an affordable, yet, feature-rich solution that offers a lot to look out for even in the cheapest plans.
All plans come with 2048-bit RSA encryption and you get unlimited server licenses. Moreover, depending on the plan you go for, SSL.com can validate your domain or organization. We like that SSL.com is great for both small and large businesses, making it a lot more versatile.
Moreover, SSL.com offers bonus features like code signing or EV code signing. While they’re not the cheapest, they’re here to provide the highest level of authentication.
People looking for the cheapest plan will be happy to know that it costs from $36.75 to $49 a year. This isn’t much and equates to just a couple of dollars a month. While the most expensive plan will cost $399 a year, it’s much more suitable for enterprises and individual entrepreneurs won’t need to buy it.
Overall, this is a great certificate provider. It packs all the features you need, along with reliable customer support and reasonably-priced subscription plans. Although, there aren’t many verified reviews of this provider online, which might deter potential customers from subscribing.
Pros
Affordable prices for almost all subscription plans
Responsive customer support team
2048-bit RSA encryption (the highest possible level)
Very quick 5-minute issuance
30-day quibble-free money-back guarantee
Cons
More expensive subscription plans for multiple domains
Comodo is one of the most popular certification centers at the moment and offers different types of certificates with different types of validation: it verifies ownership of the domain, documents of the organization, and its financial condition.
Comodo offers 2048-bit encryption for DV, wildcard and EV certificates. The UC certificates have 128-bit or 256-bit encryptions. With the SSL-certificate, you will receive a compensation guarantee in case someone intercepts your personal information. The certificate is 99,9% compatible with all known browsers and offers a certain degree of protection for domains, subdomains, and multi-domains, depending on the type of certificate. With the certificate, you can also receive the Comodo logo, which is placed on the website. This greatly increases user confidence but is only available for the wildcard and EV certificate types.
Five of the twelve Comodo certificates for sites can be tested for 10 days. You will receive and install a certificate for free and after 10 days, you can decide whether you want to buy a Comodo SSL certificate or not. If you decide to buy a Comodo SSL, you will not need to reinstall it. Comodo guarantees the security of the personal data people leaves on sites. If the certificate was issued incorrectly or the attackers crack the certificate’s cipher, Comodo compensates the loss of the site visitors. The amount of the guarantee depends on the type of certificate. The minimum guarantee is $10,000 paid for PositiveSSL and Comodo Wildcard PositiveSSL, and the maximum guarantee is $1,750,000 for Comodo EV SSL. Along with the SSL certificate, Comodo issues a seal of trust. This is a logo that can be published on the site. It displays information about the company that received the certificate and the certificate’s authority and validity period.
Pros
There is an option to test the certificates within 30 days.
Free certificate upgrade.
There is an option to protect unlimited subdomains with one certificate.
No paperwork. The entire procedure of validation is exclusively done online.
Most certificates are issued very fast in up to one hour.
A wide range of pricing points.
Cons
Some certificates require additional payment to protect multiple domains.
Symantec provides quite expensive certificates, which have many additional functions along with the basic ones.
Each certificate has 256-bit encryption, provides the Symantec logo to be posted on the site, and offers a daily scan for vulnerabilities. There are five different types of certificates that have been developed: Secure Site (DV), Secure Site Pro (DV), Secure Site Wildcard, Secure Site with EV, and Secure Site Pro with EV.
The vulnerability scan feature is included only in the Secure Site Pro, Secure Site with EV, and Secure Site Pro with EV certificates. Symantec Certificate Authority provides the largest money compensation guarantee, and this is due to the cost of certificates. SSL from Symantec is suitable for sites with high traffic, for Internet portals of national importance and large commercial sites for which the guarantee of the security of visitor data is vital.
Symantec SSL certificates are supported by 99.9% of browsers. This means that the site where the certificate is installed will work using the https protocol and the browser will display a green lock next to the site name. In addition, Symantec issues a Norton Secured Seal. This is a logo with information about the site and the terms of its protection which can be displayed on the page. By having a Symantec SSL certificate, you can install such a seal on your site. An installed certificate ensures that personal data is not stolen. The center compensates losses to site visitors if the certificate was issued incorrectly or attackers hacked the certificate cipher. Symantec pays a minimum guarantee of $10,000 for Rapid SSL and a maximum of $1,750,000 for Secure Site EV.
Pros
Easy process to get the certificate.
256-bit digital certificates.
Money-back guarantee within 30 days.
Ability through the license of several servers.
User-friendly control panel.
Free daily website scanning for malware.
Great customer support.
Cons
All the plans are very expensive — there are no cheap options.
This provider belongs in the middle price segment. Among its features, there are an unlimited number of servers, free reissuing of certificates, as well as a limit of 24 names for certificates.
GeoTrust company produces 5 types of certificates: EV, wildcard, OV, wildcard with OV, and DV. Each of them supports 2048-bit encryption for root domains and 256-bit encryption for all other names. GeoTrust certificates are compatible with 99% of all browsers, although not all mobile devices are supported. The company issues certificates with a high level of encryption. This is undoubtedly an advantage for this company. If a site visitor suffers losses due to the breaking of a cipher or an incorrectly issued certificate, the center will pay compensation. GeoTrust pays a minimum guarantee of $500,000 for QuickSSL and a maximum of $1,500,000 for GeoTrust EV SSL. GeoTrust certificates can be returned within 30 days from the date of issue for a full refund for any reason: the certificate does not fit your needs, you decided to go with another provider, or you decided not to use a certificate at all.
Pros
A free 30-day trial.
Flexible refund policy.
Attractive prices.
Up to 25 domains with one certificate.
Convenient control panel for large enterprises.
All the certificates are issued very fast compared to other providers.
Cons
No forum support.
The pricing structure is not so flexible compared to the one of other providers.
If you are looking for a low-cost solution for your site, consider certificates from RapidSSL (part of GeoTrust, an international trusted certificate authority). The cheapest Rapid certificate starts from $59 per year.
Pros
The highest level of encryption.
Really cheap entry-level SSL certificates.
Additional bonuses for those users who switch to RapidSSL from other companies.
The entry-level certificate from Thawte costs only $32.07 per year. This type of certificate (SSL123) confirms that the certificate was received by the domain name owner and is suitable for a small Internet resource or for internal networks.
The certificate provides a basic set of protections for sites with low and medium traffic. Getting a certificate does not take much time since the validation itself is carried out fairly quickly. Thawte also offers business-level certificates. This is a type of SSL Web Server. To obtain it, it is necessary to pass the validation of the domain name and the affiliation of the organization’s website, which is indicated in the certificate.
Thawte also offers certificates with extended company verification — SSL Web Server with EV. Thawte is truly a world-class company. The ThawteTrusted Site seal, which is available in 18 languages, helps visitors verify the authenticity of the Internet resource in their native language. There are also certificates that support the IDN domains. IDN domains use the national alphabet instead of the Latin alphabet. For these domains, you need to select special certificates, not all are compatible with them. So, Thawte is a great solution if you live in a country where the alphabet is different from the Latin one.
Thawte guarantees the security of personal data that users leave on the site. The center compensates for losses to visitors if the certificate is incorrectly issued or its cipher was hacked. The amount of the guarantee depends on the type of certificate. The minimum guarantee is $500,000 paid for SSL123, and the maximum guarantee is $1,500,000 for the SSL Web Server with EV Multi-Domain.
Good for: individuals, entrepreneurs, and companies.
What it looks like: green lock in the browser bar.
How to get it: DV certificate is easy and quick to get because you do not need to provide any documents. The certification center will send a letter to the e-mail in the site domain, for example — admin@domain.com. To confirm the ownership of the domain, you need to click on the link in the letter.
Pros
Fast receiving: it takes between 5 minutes to 2 hours to validate the DV certificate
Validation with E-mail or DNS
Low cost
There is no need to provide a large number of documents
Cons
Lack of trust in the site
Avoid using it for commercial purposes
It is impossible to determine information about the organization
3.2 Organization validated SSL certificates
Good for: organizations only.
What it looks like: green lock in the browser bar + dynamic trust printing + company information in the certificate.
How to get it: It takes between 3-10 business days. A certification center must ensure that you are a real company. In order to verify this, it checks the information in the register of organizations. You need to provide statutory documents and answer the test call from the certification center. The certification center will send a letter to the e-mail in the site domain, for example — admin@domain.com. To confirm the ownership of the domain, you need to click on the link in the letter.
Pros
High level of trust from visitors
Quite a low price
Cons
Long validation process
3.3 SSL certificate with extended validation
Good for: organizations.
This type of certificate is very reliable, providing the highest level of security, and disclosing the organization behind the domain name. SSL with extended validation establishes that the organization owns the domain, the legal status of the company, and detailed information about it. At the same time, in the address bar of the certified site, there will be the name of the company, notifying all visitors that they work with a reliable organization on a secure channel.
Pros
An increase in conversion rate
Fewer denials (that normally happen when buyers, having filled out a purchase form, suddenly change their mind)
Cons
Very strict validation
The issuance of a certificate can take from several days to two weeks
3.4 SSL with a green bar
Good for: organizations only.
Looks like: green bar + company name in the browser line
How to get: It takes between 10 to 14 days. A certification center must ensure that you are a genuine, reliable company. In order to do this, it checks the information in the database and register. You also need to provide documents (depending on the type of organization and certification center) and answer the test call from the certification center. It will also send a letter to the e-mail on the site domain, for example — admin@domain.com. To confirm the ownership of the domain, you need to click on the link in the email. The green line is a visual indicator of a site’s reliability. Only reliably protected resources are denoted with an EV certificate. Such certificates are most often used by banks since clients should be as secure as possible and be able to enter secret codes and information without fear.
Pros
a green bar increases the conversion-rate
reduction of interrupted operations
increase in repeat orders in large volumes
Cons
High cost
3.5 Wildcard SSL
If a certificate protects several subdomains, it is called wildcard. It is issued by most SSL providers and is usually more expensive.
Learn how to stay safe online in this free 34-page eBook.
Marcus Eriksson is the founder of Private Proxy Guide and he has a strong passion for everything related to privacy on the Internet. In his spare time he prefers going to the gym, play computer games, watching anime from the 90s and just relaxing in silence.
