Learn about SSL certificates

243

SSL certificate is one of the indispensable standards in today’s websites to help secure user data and increase credibility. And in this article, AZDIGI will explain in detail what an SSL certificate is, how many types of SSL certificates there are, and what certificate validators are.

What is an SSL certificate?

An SSL certificate is a small encrypted file containing information about a website or an organization/company. When a certificate is installed on the website server (webserver), it will allow the website to use a secure connection (also known as the HTTPS Protocol) when communicating between the web server and the user’s browser. When data is transmitted via HTTPS protocol, the data will be encrypted and only the web server containing the private key can decrypt this data.

When using the HTTPS protocol, the browser will display the website address in the form of https:// and have a padlock, as shown below (depending on the browser, the display will be different).

And to get an SSL certificate, customers need to authenticate to prove that they own a valid domain name. With business certifications, it’s more complicated to validate because the certifying body will need to know for sure your business is up and running. Therefore, websites with SSL certificates will have a better reputation depending on the type of certificate used.

How many types of SSL certificates are there?

SSL certificates are divided into 3 main types, which will differ in how they are authenticated and the information contained in the certificate, but the security is the same.

Domain Validated SSL (DV SSL)

This is the most basic type of SSL certificate and the authentication is based on the domain name, which means that the certification authority will check if you are the domain name’s owner by verifying via DNS and uploading files to the webserver or email on that domain name registration information.

Validating this type of certificate will take 5 to 10 minutes depending on the authentication method, suitable for personal websites or your need to have a website with HTTPS protocol.

At AZDIGI, you will be supported to certify DV SSL certificates for free.

Information contained in the DV SSL certificate:

• Domain Name (Common Name)

SSL DV certificate is suitable for all websites, individuals and companies/organizations.

Organization Validation SSL (OV SSL)

This is a business/organization-specific SSL certificate and verifies the existence of the organization/domain that needs to be authenticated. The certifying organization will check the existence of the business/organization by confirming business registration information, office address based on government portals or yellow pages. In addition, they will also call the business to confirm that the phone number on the business information is correct.

To use this certificate, you must be a representative or authorized representative of a duly registered organization/business. The time to certify this type of certificate will take about 3-7 working days based on the completeness of the business information.

At AZDIGI, customers can buy more OV SSL authentication service and install it on the website for 1,200,000 VND/time/website.

Information contained in the OV SSL certificate:

• Name of organization/business
• Nation
• Address
• Domain

OV SSL certificate is suitable for websites that are companies/organizations.

Extended Validation SSL (EV)

This is the most advanced type of certificate and is considered the most prestigious certificate because it will support some more information in the certificate, especially will display the name of the organization/business when pressing the padlock in the browser, as shown below:

The EV SSL certificate will also certify the same type of OV SSL, the price is not much more expensive than OV SSL, so often users will choose this type of certificate more.

At AZDIGI, customers can buy more EV SSL authentication service and install it on the website for 1,200,000 VND/time/website.

Information contained in the EV SSL certificate:

• Name of organization/business
• Nation
• Address
• Domain
• Business registration number or organization license number
• Type of business/organization
• Line of business/industry

The EV SSL certificate is ideal for e-commerce sites, sales websites that need high reliability.

How to view certificate information

To view the SSL certificate information of a certain website, click the padlock icon on the browser => click Certificate.

Next, you click the Detail button to view the certificate details as below:

Site Seal

When using a paid SSL certificate, each certificate will be issued with a logo certifying that it is using the organization’s SSL certificate, also known as a Site Seal or Trust Seal.

Site Seal includes 2 types: Dynamic and Static.

• Dynamic: A dynamic site seal, which can support the effect of displaying information about the website or business when hovering the mouse. This will help users trust the website they are visiting more.
• Static: With some cheap SSL certificates, only static site seals are supported, it’s just an image and can be placed anywhere on the website, but there will be no hover effect or you can’t click to view information.

Certificates for multiple domains

Normally, each SSL certificate will only be used for a single website domain name. However, there are still some other solutions to be able to use multiple domains for one certificate, which are Wildcard and Multi-domain (also known as SAN/UCC SSL).

Usually, each validator (also a certificate provider) will have the option to purchase a certificate of this type, for example, AZDIGI offers Sectigo Multi-domain SSL.

Wildcard SSL

If you want to use one certificate for all subdomains (subdomain, like sub.domain.ltd) then this is the type of certificate you need. For example, AZDIGI has subdomains of azdigi.com, such as my.azdigi.com, blog.azdigi.com, huongdan.azdigi.com,… then AZDIGI will use the Wildcard certificate for these subdomains.

However, the Wildcard certificate only applies to the sub-domain, so it cannot be used for the main domain, for example, azdigi.com uses a separate certificate.

SAN SSL

Some certificate types, usually OV or higher, have a SAN option. You can simply understand that the SAN is considered an additional domain to use the same certificate.

For example, if your business has 3 domains, domainA.com, domainB.com, and domainC.com, you should use SSL certificates that support SAN, which will save costs and be easier to manage.

Some certificate types will support 2 SAN domains for free (excluding the main domain) and some certificates will require additional SAN purchase. AZDIGI allows up to 10 SANs to be purchased per SSL certificate.

Free SSL Certificate

SSL certificates play an increasingly important role for websites, so now there is an organization that allows issuing free SSL certificates, which is Let’s Encrypt. Free certificates generally have the same security capabilities as paid certificates.

However, the biggest difference is that the free SSL certificate only allows you to use 3 months, when it expires, you have to register from the beginning and only support DV authentication and support one domain name.

As for the paid SSL certificate, in addition to the fact that you are allowed to register for up to 12 months (after 12 months, you have to re-authenticate), there are many convenient options for using multiple domains, allowing users of your website are insured for a certain amount.

Generally, a paid SSL certificate is more reputable in users’ eyes than a free SSL certificate.

See also: Difference between Paid SSL and Free SSL.

Insurance in SSL certificate

Paid SSL certificates come with a sum called insurance (aka warranty). This is compensation for website users who have problems with losing money when making transactions on the website, but the error is caused by the authentication organization. Depending on the certifying organization and the type of SSL certificate, the compensation amount will vary, ranging from $10,000 to $1,750,000 and the compensation will depend on each organization’s policy.

Certificate Authority

The Certificate Authority (CA) is also an SSL certificate issuer, a reputable business or organization in the world that specializes in verifying SSL certificate issues.

For example, AZDIGI provides SSL certificates of type Sectigo PositiveSSL, which means that the certificate’s name is PositiveSSL provided and certified by Sectigo organization.

The certifying organization is also the unit that will receive, appraise and make compensation in the insurance policy. AZDIGI’s role is to redistribute SSL certificate services and assist its customers using SSL certificates from various organizations.

Some famous certification organizations, such as Sectigo, DigiCert, GoGetSSL, Thawte, GlobalSign, etc.

SSL Certificate Service at AZDIGI

AZDIGI offers many different types of certificates from reputable organizations worldwide, such as Sectigo (formerly Comodo), GeoTrust, Thawte to help customers choose a certificate suitable for their business.

When you register for SSL Certificate service at AZDIGI, you will get:

• Full free authentication support with DV SSL certificates.
• Support and advice on installing certificates on the web server.
• Provide SSL Certificate service in the fastest time.
• Refund in 7 days if not satisfied or authentication failed.
• Technical support 24/7/365.

Quick Q&A