10 Things You Should Know About SSL Certificates
1. SSL Certificates Can Be Signed or Self-Signed
An SSL certificate is only as trustworthy as the person or organization who signs it. Usually, a trusted third party called a “Certificate Authority” signs certificates used on public sites.
If the certificate is self-signed, and the user agrees to communicate with a server with a self-signed certificate, then that user is relying on the owner of the web site to vouch for them.
- A Certificate Authority Can Vouch for Anyone
To provide some level of trust to an SSL certificate, you need to have a third party vouch for you, or the owner of a website, or more specifically, the owner of the SSL certificate.
This is the job of a certificate authority or CA. provided you trust the CA; you can trust they’ll only vouch for legitimate companies. Thus, by association, you can trust certificates they sign.
- Browsers include a list of Trusted Root Certificates
When you install a browser on your machine, part of the installation is a set of trusted CA, or “root”, certificates. Then, when that browser sees a certificate for a new web site, it will check to see who signed the certificate.
If it is signed by someone in its list of trusted CA certificates, the browser will trust the new certificate, since it trusts the signer. If it is signed by anyone else, it will follow the chain of signers. If the root certificate is trusted, again the new certificate is, too.
- A Secure Site Seal Identifies a Business
When a site uses a certificate from a trusted CA, that site can show a Secure Site Seal, linked to that authority.
This allows the user of the site to click on the seal to see what the certification authority authenticated. There are different levels of certificates that CAs can distribute.
- A Domain Validated SSL Certificate Provides Little Authentication
The cheapest, and weakest, is what is known as a domain validated (DV) certificate. All the certification authority has to verify is that the requester has the right to use the domain, but they claim nothing about who the owner of the domain is.
- An Organization Validated Certificate Adds Company Authentication
When using an Organization Validated (OV) certificate, it means the CA has authenticated who the company is.
The company must provide paperwork to the CA showing not only that they have the right to a domain like a DV, but also that they are who they are claiming to be.
With a DV certificate, anybody can claim to be Coca Cola. With an OV one, you can’t. The general trend is away from OV certificates and towards DV and EV certificates.
- Extended Validation Certificates Provide the Most Trust
An Extended Validation (EV) certificate requires the CA to go beyond what you can think of as who is validation to provide a higher level of trust behind an SSL certificate.
Newer browsers will show not only a padlock showing secure communication but an actual green background for the URL in the toolbar.
- Wildcard Certificates Provide Sub domain Support
When you request a certificate, you specify for what domain it will protect.
If you want to protect all the subdomains of a site, you would get a wildcard certificate. Thus a certificate for example.com could also be used with mail.example.com, www.example.com, and just example.com, among many others.
- Multi-domain Certificates Offer a Company the Broadest Options
When a company requests a multi-domain certificate, it allows the company to only have to validate themselves once for the CA and protect up to 210 domains.
You would be able to protect example.com, example.net, example.org, foobar.com, my company. Me, etc., all with one certificate.
- Shared Certificates Might Be Available
If you are renting web space from a reseller, they may have what you can consider a shared certificate.
This would provide you with secure access to the dashboard for your site, but you would not be able to use it for e-commerce on your site.