An SSL certificate is a set of algorithms which create a secure tunnel between your web server and browser. This provides a secure path for data transfer between your servers to the browser.
Still confused on the working of an SSL?
Let us understand with reference to the below image.
As seen above, when the user enters a query in their browser, there are 2 processes which take place.
Now if you do not have an SSL Certificate then when this data gets transferred there are chances that it can be compromised by intruders/ hackers.
But this is not the case when you have an SSL secured connection. The SSL Certificate secures this path, to understand it better, have a look at below video.
As explained above, you have understood what is the role of an SSL Certificate. Now out of the many reasons, the most obvious reason for having an SSL certificate is to provide security to customer’s data.
Well, imagine you having an e-commerce website, obviously having a payment gateway in it. A visitor goes on to buy the product on your website and when he enters the online payment credentials, and the website doesn’t have an SSL. Then all the confidential data put in by the visitor is vulnerable to the intruders for a hack.
See! why it is important to have an SSL…
Let me give you one more reason to install an SSL Certificate. Heard about Chrome 68 update? Umm… well many might have! But let me explain you in brief. Basically as per this update if your website does not have an SSL Certificate then when a visitor visits your website he will see something like in the below image.
Also as per recent spat between Google and Symantec, World’s Largest Browser distrusted SSL Certificates from World’s Leading CA.
Horrible sight though!! Which website owner would like to see a “Not Secure” tag on their website?
Well, I won’t!
Now I obviously don’t need to explain to you how this will affect the traffic coming on your website.
There are many risks if you don’t install an SSL Certificate on your server. So by now you must have understood why it is important to have an SSL Certificate. Let us learn further that on what basis you should choose an SSL Certificate for your website.
The simplest way to choose an SSL certificate is to use an SSL wizard. It is an automated way of choosing an SSL certificate; it is a simple process in which you are asked 2-3 questions and then the tool displays you recommended products from which you can choose any one of them. But you can use this tool only if you have at least some knowledge about types of SSLs.
If you are totally new to SSL then I would recommend you reading this article further where I will be explaining checks and steps for choosing an SSL certificate.
The checks which I would be mention here can’t be done by any automated tool or wizard. Hence follow these checks carefully or you might end up choosing a wrong type of SSL and shelling out more money.
The budget for an SSL depends on the requirement of one’s website. It is very important to know your actual requirement.
So here is our first step; know your requirement thoroughly.
When we talk about the requirement, the first thing to know is how many domains you want to secure. One or more than one. Now keep in mind; domains and subdomains are two different things.
A domain is like abc.com or xyz.com
And subdomains are like *.abc.com or *.xyz.com
Once understood that you need to list down the number of domains you want to secure. Like if your organization has 5 different domains and you want all the domains secured, then you can use Multi-domain SSL Certificates.
Let us understand the role of a multi-domain SSL Certificate.
These certificates are a solution to shared web hosting which relies on a single IP address to host different domains. In short, you have 1 single server and have all hosted more than one website on it then you need to apply a multi-domain SSL on that web server.
Using a Multi-domain SSL you can secure up to 100 to 250 additional domains as a SAN feature of an SSL Certificate. For these SANs you need to pay extra money, but some CAs (Certifying authorities) also offer some free SAN (like Geotrust offers 4 extra free SANs)
Hence once you have figured out whether you have 1 domain or more you can choose SSL Type accordingly.
Now let us take the scenario for subdomains; considering you have 1 domain but different subdomains.
Domain – google.com
Sub-domain – abc.google.com
xyz.google.com and so on…
Well, in this case, you need a Wildcard SSL Certificate. A wildcard SSL Certificate helps you secure multiple level one sub-domains. Buying a Wildcard SSL Certificate will save you a lot of money, as it secures your main domain as well as unlimited sub-domains.
By now you have understood when and where you should be choosing a Wildcard and Multi-domain SSL Certificate.
Let’s move ahead and understand our next check.
You might be wondering why this is a check.
Well, it is an important one…
Whether you are running a simple blog or an e-commerce website or a company website, you need an SSL Certificate. But in all the cases the type of certificate which is used is different.
Let us now understand the types of certificates as per the website needs.
There are basically 3 types of SSL certificates
Below is a short difference between all the types of certs.
Consider you are running an e-commerce website and your company is a registered one. It is recommended to have an EV or else an OV SSL certificate.
So here is the deal, any CA issues an EV or an OV SSL cert. only if the organization is registered. Most of the e-commerce companies opt for the highest security SSL Certificate i.e is an EV SSL Certificate. Opting for an EV SSL Certificate gives you a Green Address bar just like in the below image.
You have a Company website (not an e-commerce website) you can opt for an OV SSL Certificate. As explained above even for an OV SSL cert. you need to have a registered organization. The issuance time of an EV SSL is approx. 7-10 Days and OV SSL cert are approx. 1-2 days.
If you have a blogging website or a non-registered company website, DV SSL certificate is what you need.
Domain Validated SSL Certificate gets issued in few minutes and does not need much verification like in EV an OV SSL certs.
Choosing a DV SSL cert. will not give you a green address bar, rather it will only give you a secure sign in green color.
So now you might have got my point of asking whether your company is registered or not. So as per the above information you can make a decision about which type of SSL Cert you need for your website.
Our next check is…
Shared Hosting implies one or more website hosted on a single public IP (all websites can be yours or can be of other people also) and if single IP is used to host only a single website is called as dedicated hosting.
Now you might have understood the meaning of shared hosting and dedicated hosting.
Confused whether how is this a check?
Let’s say you have your website hosted on shared IP (shared hosting), there is a feature called SNI (subject name indication). Now on that shared IP, there is your website and some other people’s website as well. A single SSL certificate is for a single IP, now how will this work for a shared IP?
This is where the SNI feature comes for your rescue. This new feature is now a day supported in almost all the servers. It allows you to install your SSL certificate on your website even if it is a shared IP.
So before buying an SSL certificate, the first thing you should ask your hosting provider is that is the server SNI supported? If yes ask them will they give the SSL installation access on your C-panel or not. Some hosting providers give you the access and some say that you need to give them the certificate and they will install it for you, which is also fine.
But this is not the case in Dedicated hosting, here you have full access to your server and no other websites are hosted other than yours. This lets you install SSL certificate seamlessly. However, both will let you install the certificate with ease but you will need to ask few things in case of shared IP as discussed above.
Now this one is a little bit technical!
But don’t worry we will get this cleared in the simplest way. Basically, there’s a key size in an SSL used to encrypt the data. ECC cert. has a key size of 256 Bit and RSA cert. has a key size of 2048 Bit. By reading this sentence you might end up concluding that RSA’s key size is more hence will provide more security! But no… That is not the case here.
Though ECC’s Key size is less, it provides more security than RSA.
Now let’s learn which one you should select.
It totally depends on one’s requirement. If it’s an E-commerce website and needs more security you should go for an ECC cert. or else even RSA cert. would work if you want to use that. There is no price difference in either of them; both come at the same cost. You just need to inform your SSL Provider that you need an ECC cert or an RSA cert.
So with this last check, our guide for choosing an SSL Certificate is complete.
The above checks are the most basic ones which you need to perform before purchasing an SSL Certificate. There are other technicalities as well but if you are a new buyer and not a technical person, then these simple ones will be of more help.
In case if you think that we have missed some other basic check, kindly share them in the comment section so that we can add them and it will be useful for other readers as well.