home / articles / Classification of SSL certificates

Classification of SSL certificates

 

SSL certificates are electronic documents that provide a secure connection via the SSL protocol for communication between the client and the server, and also serve to build / maintain the trust to the web-site / domain.

As you can tell by the number of SSL certificates available on our site only, there are quite many different SSL certificates on the market. In this article we'll try to understand what types of SSL certificates exist.

SSL certificates can be classified by the following criteria: issuing authority; validation type, and certificate properties / functions.
 

SSL certificates by issuing authority:

self-signed SSL certificates

SSL certificates issued by a recognized certification authority

 

SSL certificates by validation type:

Domain validation SSL (DV) - basic SSL certificates with domain validation only

Organization validation SSL

Extended Validation SSL (EV) with green bar

 

SSL certificates by properties / functions

Regular SSL certificates / BV - EV certificates

Wildcard Certificates

SAN certificates

SGC certificates

Certificates with IDN support

 

Self-signed SSL certificates

 

In fact, you can generate an SSL certificate by yourself. You can even do it using control panels available for our hosting, VPS and dedicated server plans. Such SSL certificates are named self-signed SSL certificates. They even successfully perform the task of encrypting the data transmitted between the client's machine and the server.

However, self-signed SSL certificates have a significant disadvantage that prevents them from being used when working with clients - when the client connects to the website through https, secured by a self-signed SSL certificate, the browser will not be able to identify the issuer and will display a warning saying the connection is untrusted and the website is potentially fraudulent. For example, the message looks like this in the Google Chrome browser:

It seems, seeing a message like that, the customer will hardly continue his operation, not to mention completing operations involving providing personal information or making payments online.

Thus, self-signed certificates are suitable for indoor use at most.
 

SSL certificates issued by certification authorities

 

Such SSL certificates also perform the function of providing a secure connection. However, due to having been issued by a recognized and trusted certification authority (such as the companies VeriSign, Thawte, Comodo, for example), do not cause the browser to show an error / unsafe connection warning.

Secondly, such SSL certificates allow for a much greater degree of confidence towards the website by visitors since using an SSL certificate from a certification authority implies the fact the website and the owner have been identified and verified at least to some degree. At a minimum, the fact that the person requesting the certificate manages the website, is verified.

Depending on the type of the certificate, verification of the organization that manages the domain / website may be required as well, including verification of the organizations's registration / incorporation documents, public contact information, etc.
 

SSL certificates by validation type

 

Global certification authorities issue various SSL certificates that differ from one another in the degree of validation of the domain / website owner. You can view choice of SSL certificates from various vendors by following the links: Comodo SSL, VeriSign SSL, Geotrust SSL, Thawte SSL, RapidSSL.

So, there are the following types of certificates depending on the level of validation:

Basic or Domain Validation (DV) SSL certificates

Organization Validation (OV) SSL certificates

Extended verification SSL certificates (EV SSL) + green bar.

 

Basic SSL certificates (DV, domain validation)

 

DV SSL certificates only confirm the fact that the certificate is issued to a person who has control over the website and the domain name. Domain Validation SSL certs provide a secure connection, confirm the fact that information is exchanged with the website with which this exchange has been initiated, and not with a third party web-site.

Before such a certificate is issued, information about the person / organization who owns the site is requested, however the information is not verified by the certification authority. For example,a copy of an identity card or company incorporation documents are not required to receive a DV SSL certificate.

DV certificates are the most inexpensive SSL certificates. For example, it's possible to buy a Comodo Positive SSL for just $10 USD.

A basic DV SSL certificate provides a greater protection for the website than no SSL certificate at all anyway. Using basic SSL certificates does not provoke a warning in the browser regarding an unprotected and non-trusted connection, but if the certificate is viewed, it says no identification data on the domain is available.

VD SSL certificates are issued by the certificate authority within 1-48 hrs. For instance, Comodo Positive SSL is issued within 1 hour.

This type of SSL certificates is suitable for personal projects or for organization that only start their activity online.

List of DV SSL certificates, available on our website:

Comodo Positive SSL

Comodo Essential SSL

Rapid SSL

GeoTrust Quick SSL

GeoTrust Quick SSL Premium

Thawte SSL 123

 

Organization validation SSL certificates (OV)

 

This type of SSL certificate is issued only to legal entities, individuals can not use OV SSL certificates.

To obtain an Organization Validation SSL certificate, you must provide certain information to the certification center. The requested information may vary depending on the issuing CA (certification authority), but generally, the following information is requested:

The organization's name, address, contact information

Incorporation / registration documents

Documents confirming the current address of the organization (such as a utility bill)

Another requirement is that the contact information on the organization coincides with that available on public resources and directories. That is, what public yellow pages say is the company's phone number and address has to coincide with what the ordered SSL certificate says. If there is no information on the company / organization in public directories, it has to be added. This is a requirement by Comodo, for instance.

Organization validation SSL certificates are issued within 3-10 working days by the certification authority.

List of OV SSL certificates, available on our website:

RapidSSL

GeoTrust QuickSSL Premium

GeoTrust True BusinessID

VeriSign Secure Site

Comodo Instant SSL

Comodo Instant SSL Pro

Comodo PremiumSSL

Using SSL certificates with organization validation allows to create and maintain a positive image for the website not only a secure connection is used, but also due to the fact that the vistitors deal with an organization / company with open and verified information. It's always good to know that the payment or personal information sent by the user goes to a trustworthy entity.

 

SSL certificates with extended validation and green bar (EV).

 

This type of certificates is designed to provide maximum confidence in the entity that owns an Internet resource.

To obtain an SSL certificate with extended validation the owner must provide the same information as for OV (Organization validation) certificates.

However, in the case of EV certificates the issuing CA (certification authority) produces a more thorough check of the organization under strictly regulated and standardized procedure before issuing an EV SSL certificate.

Particularly, the CA:

Must check the legal, physical and operational activities of the entity requesting the certificate.

Must verify that the entity's official documents.

Must ensure that the entity / person has the exclusive right to use the domain specified in the EV certificate.

Must make sure that the entity / person is fully authorized to request an EV certificate issuance.

Extended validation certificates are issued within 10-14 working days.

These certificates are used by biggest and leading companies / organizations in the world, are part of their image.

List of EV SSL certificates available on our website:

Comodo EV SSL

Comodo EV SGC SSL

GeoTrust True BusinessID with EV

Thawte SSL Webserver EV

VeriSign Secure Site with EV

VeriSign Secure Site Pro with EV

 

SSL certificates by properties / functions

 

DV SSL certificates / OV - EV certificates

 

This is the most common type of certificates. They protect a single domain. Basic DV SSl certificates are issued automatically, organization / extended validation involve identifying the domain owner - see descriptions above (SSL certificates by validation type).

SSL ceritificates: VeriSign | Thawte | GeoTrust | RapidSSL | Comodo

 

Wildcard Certificates

 

Wildcard SSL Certificates allow you to use one certificate to confirm and protect multiple subdomains under one domain name. For example, if you are using such a subdomain as billing.yourcompany.com, a Wildcard SSL certificate is a good choice for your web project.

List of Wildcard SSL certificates available on our website:

Comodo Positive SSL Wildcard

Comodo Essential SSL Wildcard

Comodo PremiumSSL Wildcard

RapidSSL Wildcard

GeoTrust True BusinessID Wildcard

 

SAN SSL certificates

 

SAN SSL certificates allow you to use one SSL certificate for multiple domains hosted on one web-server. It is usually possible to use this type of certificate for 5 domains simultaneously. With a larger number of domains on one server, you can increase the number of domains covered by one certificate by 5. I.e. 5 +5 +5 ... as the number of domains grows.

List available on our website SAN SSL Certificates - at the moment such certificates are not offered due to the fact that the total cost of one SAN certificate exceeds the cost of individual certificates for each domain.

 

SGC SSL certificates

 

This type of certificates is designed to increase the encryption level of connections made by the browser. In fact, SGC SSL certificates are required only when very old browsers that do not support 128-bit encryption are used. In general, the usefulness of this type of SSL certificates, especially in regard to their cost, is questioned. Anyway, SGC SSL certificates also exist.

List SGC SSL certificates available on our website:

Comodo EV SGC SSL

Thawte SGC Super Certs

VeriSign Secure Site Pro SSL

 

SSL certificates with IDN (Internationalized Domain Names) support

 

Due to the fact that the use of internationalized domain names (domain names that contain non-Latin characters, or special characters, such as accented characters) is gaining popularity and spread, support for this kind of domain names by SSL certificates becomes essential.

The following types of SSL certificates available on the website support IDN:

Thawte SSL123 Certificate

Thawte SSL Web Server

Thawte SSL Web Server EV

Thawte SGC SuperCerts