The ultimate guide to different types of SSL

It was in the summer of 2018, when Chrome made clear that encryption is the only way forward. The 68th edition brought red “not secure” for HTTP sites, while from the 70th edition onwards, this indication became more intense. As for now, when someone tries to enter data in a form hosted on an HTTP site, the “not secure” turns red.

This Google’s decision to make HTTPS and encrypted connections a norm has triggered a lot of comments and discussions. Several users are not happy with the change and seem determined to migrate to another browser. Many other users though, do understand that this new marking of HTTP websites, is a good initiative that helps the internet become a safer place.

But why SSL?

If you are amongst the people who are upset or confused with Google’s decision concerning HTTP sites, we just want you to keep in mind that:

• Google doesn’t financially benefit from this change. It doesn’t sell SSL certificates.
• Even if you migrate to another browser, your HTTP website will be still seen as “not secure” by the majority of the internet users. Don’t forget that Chrome browser has a market share of approximately 66%.
• Just a few years ago, encryption was the exception. At this time, things are totally opposite. The HTTPS protocol has dominated the web, as you can see in the following picture:

• Chrome is not the only browser that takes action in favor of the HTTPS. Other well-known browsers do also mark positively HTTPS sites. There is a possibility that soon they will treat HTTP just like Chrome did, too. And if this won’t happen, they may find other ways to persuade users to move to HTTPS. Mozilla, for example, in the begging of 2018 has restricted all new Firefox features to HTTPS only.

SSL types

Given the above but mainly the fact that the HTTPS protocol ensures the secure exchange of information, you may search an SSL for your website. So, we are here to help you. Below you can read about all SSL types available and identify the one that suits you best.

This SSL certificate type offers a basic protection to small websites and guarantees that the exchange of information is encrypted and secure.

If you have a shared hosting plan at Top.Host you will realize that you can choose to get a free Let’s Encrypt SSL for your website or a paid one signed by well-known and trusted companies. Therefore you may wonder why to buy something that you can have for free? Let us clear that up and present to you the differences between these two choices.

• To begin with, Let’s Encrypt SSL certificates last 90 days. If you have a hosting plan at Top.host, that is not a problem; we have taken care so as everything to be done automatically. But if you don’t have a hosting plan at us, you should set up some reminder alerts. Otherwise, you may forget the expiration date and lose the benefits of encryption.
• Something else you should have in mind is that paid SSLs are more prominent and recognizable in comparison with Let’s Encrypt SSLs. Paid ones are issued by companies that have years of experience in the field of web security and computers in general. Besides, visitors will understand that you care a lot about their safety if they do notice that you have paid for an SSL.
• Moreover, you should know that as for Let’s Encrypt SSLs there are compatibility issues; they are of minor importance, though we should let you know that some users, few but somewhere out here, may not be covered when browsing a website with a Let’s Encrypt SSL. Check here the Let’s Encrypt compatibility list and here the one of  Sectigo (formerly Comodo CA).
• Last but not least, paid SSLs come with a warranty in case the issuing authority has done something wrong with a certificate and caused loss to the end user. If you want to learn more, you can check the relevant page at the website of  Sectigo (formerly Comodo CA).

The Organization Validation SSL is a certificate type that you cannot get for free and is suitable for companies that, apart from the encryption of information, wish to provide their customers with certification of their corporate data and identity.

In order to issue an OV SSL, you should certify the domain name ownership, as well as additional information about the organization or the company.

An OV SSL is usually activated within 1-2 days from the ordering day after the issuing authority conducts bank or local government searches so as to certify the company name and the zip code.

The Extended Validation SSL is recommended to large companies with online and e-commerce services that wish to maintain their level of competition and inform the customer that they are in a secure location, where their personal data and transactions are protected! Many browsers used to show visitors that a website had EV SSL, by displaying on the address bar a green padlock next to the owner company name. That indication drew the attention and gained the trust of the customer. Today though, browsers take for grand that users do know a lot about encryption. Therefore, the green indications are losing ground.

The issuing of an Extended Validated SSL cannot be done for free and requires a strict process of audits so that the identity of the organization is validated. In particular, the Certification Authority Browser Forum requires that the organization passes a 7-level audit so as to get an EV SSL. The necessary documents should prove the sole ownership of the domain name, the organization’s headquarters, its natural and legal entity, its operation, the validation that the organization has indeed applied for the SSL, as well as the natural and legal entity of its representative.

SSL subcategories

After presenting all the basic types of SSL certificates, it’s time to talk a little about the subcategorization of them. So, there are:

• Single-domain SSLs that are issued for one and only domain.
• Wildcard SSLs that are issued for a unique root name (e.g. *mydomain.com) and can be used for unlimited subdomains, based on the root name. Thus, they can be used for the protection of subdomains like ftp.mydomain.com, blog.mydomain.com, mail.mydomain.com etc.
• Μulti-domain SSLs that protect multiple unique Fully Qualified Domain Names (FQDN) with different root names. With the same certificate, you can protect domains like mydomain.com, mydomain.gr, newdomain.net etc. If you want to have a certificate in which you could gradually add domains when needed, then Multi-domain SAN SSL is the best choice for you.

We hope that we helped you find which SSL certificate suits you best! If you still have questions, we have a dedicated Support Hero that can help you. His name is Vironas and you can call him on weekdays, between 8 a.m. and 5 p.m. (Greek local time)!