Choosing Certificate Authority for SSL
SSL is the backbone of our secure Internet and it protects your sensitive information as it travels across the world’s computer networks. SSL is essential for protecting your website, even if it doesn’t handle sensitive information like credit cards. It provides privacy, critical security and data integrity for both your websites and your users’ personal information.
In a nutshell, Secure Sockets Layer is used to secure the data transmitted over the internet between your computer and the destination servers. With an SSL certificate, any information that is transmitted becomes encrypted by inserting random characters into the original message making it unreadable to everyone except the intended server. This makes it nearly impossible for hackers to steal your information.
Free SSL/TLS certificate services, like Let’s Encrypt, have done of a great job of preaching the need for encryption. Let’s Encrypt has made it extremely easy to get a Domain Validated (DV) Certificate, a basic SSL/TLS Certificate for enabling encryption. DV Certificates, whether they are free or paid for, benefit millions of websites today that now have encrypted sites. Let’s Encrypt is probably the most well-known certificate authority right now since it’s issuing certificates for free for the public’s benefit. But there are plenty more certificate authorities out there providing similar services. First things first, you need to register your domain before you can obtain a publicly trusted SSL Certificate (meaning the kind you need for public websites, more on this below). This is because Certificate Authorities (CAs), the organizations that issue certificates, need to verify domain ownership. The thing with SSL certificate providers is that it is usually a matter of who’s popular. For example, if you have a customer who does not know what Verisign or Comodo is then chances are he would not care about this. However, to a cautious customer, having his pages authenticated and verified by these companies will go a long way in assuring him that his site is safe. So which one is the best?
To help you decide, here are the main types of SSL certificates to choose from:
– Domain Validation (DV) : Certificates that are no-frills, encryption-only certificates. In order to get a Domain Validated SSL Certificate you just have to prove that you own the domain by responding to an email or phone call using the information in the WHOIS record of the domain. It’s easy. Your company doesn’t have to be validated and no organization name is entered in the certificate.
- Wildcard: A Wildcard SSL Certificate saves you money and time by securing your domain and unlimited sub-domains on a single certificate. Wildcard certificates work the same way as a regular SSL Certificate, allowing you to secure the connection between your website and your customer’s Internet browser.
- Extended Validation (EV): Distinguishable by the browser’s address bar being colored green as opposed to only the https text. Both the legal identity of the business or organization and domain needs to be verified for legitimacy.
- Unified Communications (UC): – Used for encrypting the connection for use with email and other communication software. Multiple domains can be included in one certificate, and it’s also a type of Subject Alternative Name certificate.
- Subject Alternative Name (SAN) – In practice, when using the term SAN certificates, we are referring to an SSL certificate that has the ability to cover multiple host names (domains), also called multi-domain SSL certificate.
- Organization Validation (OV) – Similar to extended validation certificates where both the legal identity of the business or organization and the domain is verified for authenticity, except it doesn’t include a green address bar.
There are also different kinds of encryption that you may come across when searching through different Certificate Authorities. For example, Rivest-Shamir-Adleman (RSA) – named for the surnames of its creators, it’s the most common form of encryption and comes in 128-bit, 256-bit, and 2048-bit encryption. Digital Signature Algorithm (DSA) – government standard of encryption necessary for sites which are required to meet this criterion. And lastly, Elliptical Curve Cryptography (ECC) – the most powerful form of encryption of the ones that are most commonly used. The difference between RSA and DSA is that the former is faster at validating signatures, which are encrypted keys that are used in the process of issuing an SSL certificate. RSA is also slower at creating signatures. DSA encryption is the opposite since it’s faster at creating signatures, but it’s slower when validating them.
Which Certificate Do I Need?
As a general rule of thumb, here are the types of sites that commonly need each kind of certificate mentioned above:
- Domain Validation – Any WordPress site, any site that has a form or basic sites
- Extended Validation – eCommerce, business or organization sites or any site that wants to present themselves as extremely trustworthy
- Unified Communications – For email servers and it’s also a requirement for Microsoft Exchange
- Subject Alternative Name – You have multiple domains that are all related but aren’t necessarily sub-domains and can include email or IP addresses, DNS name or URL
- Wildcard – For WordPress Multisite networks set up with sub-domains
- Organization Validation – Business or organization sites which need to appear as trustworthy
Top 5 Certificate Authorities Reviewed
1. Let’s Encrypt
Let’s Encrypt is a security service supported by several major IT services companies such as Google, Facebook, Cisco and Hewlett Packard Enterprise. It offers RSA 2048-bit encryption with ECDSA encryption currently in development. It offers improved security and the connection between the user and the server is encrypted. There is also no “Unsafe!” warning. Some browsers may mark a website unsafe if they are not SSL protected. It also offers better SEO rankings and is HTTP/2 compatible. With an SSL protected website you can use the HTTP/2 protocol and have your pages load faster and more efficient. Also, you can have as many certificates as you want for free, all renewals are free and can be automated
and certificates are issued instantly.
Comodo offers an RSA 2048-bit encryption for DV, wildcard and EV certificates. UC certificates have 128-bit or 256-bit encryption. It’s also offers premium SSL certificates with a free trial, though, the trial is only for a DV certificate. Other than the free trial, there are four different types of certificates: DV, wildcard, EV and UC. With no monthly or annual commitment, Comodo’s Webhost resellers have the flexibility to adopt as many or as few products into their portfolio as they need. You can sell Comodo products at your own pace and benefit from your own branded signup areas for customers, discounts on the market prices, and full online management facilities. One of the best features of Comodo is that you can choose to upgrade your certificate’s warranty if the largest amount isn’t already included. You can also get a Comodo logo to place on your site to build your visitors’ trust, but it’s only available for wildcard and EV certificates.
Symantec SSL uses advanced encryption algorithms to protect between your users and the outside world. The Symantec SSL certificates do this well through domain validation procedures which add a layer of security to communication between browsers and your web server. Also, Symantec Extended Validation Certificates ensures the highest level of data encryption between the web server and browser; It also ensures the existence of the business entity that builds a strong trust between the user and the company through a strict verification process of its details. Once an organization accomplishes the authentication process, the registered business name displayed in the browser green padlock bar. All certificates come with a Symantec logo to place on your site and it’s nearly 100% compatibility with all browsers and mobile devices.
Digicert has mid-range pricing since it offers features for every certificate including a warranty, free re-issues and a logo you can add to your site to built visitor confidence. It also supports RSA 2048-bit, 128-bit and 256-bit encryption. While Digicert’s certificates are compatible with all major browsers and mobile devices, there may be some versions or devices that aren’t supported but are also not widely used. If you require a warranty rate that’s higher than the base amount that’s offered by some other Certificate Authorities and you also need a logo to place on your site for the type of certificate you need and it’s not supported elsewhere that’s within your price range, then it’s worth taking a closer look at Digicert.
GeoTrust SSL certificates can secure your online businesses and also empower trust to customers and encourage them to deal with your business in a secure and positive manner. You will get additional advantages and features such a NetSure warranty, site seal or high-security standards with GeoTrust SSL products that can help to secure your business sturdily and win customers loyalty. While most Certificate Authorities issue their own certificate for their site, the GeoTrust site has a Symantec certificate installed, despite selling certificates for businesses. GeoTrust is a suitable certificate authority for businesses, but at the same time, they don’t seem to trust their own certificates on their own site so it raises a few questions and eyebrows. Still, they offer certificates suitable for small to medium-sized businesses and you can’t exactly fault them for knowing what they are and wanting a higher level of encryption than what they offer.
Overall, you need to decide which kind of certificate fits your specific needs and which features you require. Then, you can choose a Certificate Authority that includes everything you need at a price that fits into your budget.