As you probably already know, going from https to https with an SSL certificate today, it is very important for any type of site, whether it is a small blog or a large E-Commerce. However, few people really know what an SSL certificate is, what information it contains, and above all, what the difference between free certificates like DV, DVW, OV, and EV.
In this small guide, we will finally clarify the ideas on SSL certificates, helping you to correctly choose the one that best suits your needs, so as to guarantee your visitors an optimal level of privacy protection and considerably improve your digital reputation.
- What is an SSL certificate?
- What information does an SSL Certificate contain?
- How can I get an SSL certificate?
- Types of SSL Certificates
- Don't forget the redirect
An SSL certificate is a file that contains all the information necessary to establish a secure connection through the HTTPS protocol between a client and a server. This file must be installed on the source server to which you want to connect.
By installing an SSL certificate on your domain, dedicated server, or VPS, you will be able to accept secure connections using the HTTPS protocol and guaranteeing your visitors and customers the maximum security available when browsing and purchasing on your website or your e-commerce store.
The SSL certificates contain a lot of information in order to ensure greater reliability for visitors to your site or your e-commerce website.
Let's analyze what this information is to understand how to make the most of it to increase the security of your website or e-commerce.
- The domain name
In the "Common Name" field, you will find the domain name for which the SSL Certificate was requested. In the event that the domain in this field and the domain you are viewing do not match, you may encounter an error of this type:
- To which person/organization was he released
Information regarding the company owning the domain is displayed here, so as to be sure that the operations that are being carried out on that specific site actually refer to the company that owns the domain and the certificate.
In order to view those data within the certificate and in the "green bar" of the browser, documentary checks by the Certificate Authority are required. This information can be viewed in some types of SSL certificates called EV and OV.
- The Certification Authority that issued the certificate
The Certification Authority (CA) is a third party that deals with issuing SSL certificates and verifies that the applicant is a truly existing activity.
Furthermore, checks are carried out on the domain name that is being certified so that it does not contain terms present in common Phishing lists or has not been reported on Google Safe Browsing. Due to these numerous checks, the CAs ensure that whoever has an EV or OV certificate is really a company and not a site that pursues malicious purposes.
HOW CAN I GET AN SSL CERTIFICATE?
You can get an SSL certificate in two ways: the first is by generating a self-signed certificate. This type of certificate does not guarantee any safety standards for the user, and visitors to your site will see the “red padlock” and various error messages relating to the site's danger.
The second way to obtain a certificate is through a CA that guarantees the validity of the certificate in our place. There are several CAs that issue certificates, the most famous being Global Sign.
Another famous CA is Let's Encrypt, an open-source community that issues free DV and DWV certificates ensuring basic security for the sites that adopt them. In this case, however, no documentary checks are carried out on the person/company requesting them.
As anticipated in the previous paragraphs, there are different types of SSL certificates: depending on the type, they increase security and reliability for the site or for the e-commerce where they will be applied.
- Domain Validation (DV) and Domain Wildcard Validation (DVW) SSL certificate
This type of certificate guarantees basic security. It can be requested by any person or company, as only the domain name checks are carried out by the CA, precisely by virtue of the fact that it is a low-end certificate. The request is immediate; in fact, to request an SSL certificate, it takes just a few minutes, and there is no need to provide any documentation, but only a validation of the domain at DNS level or through a verification email sent to pre-established addresses.
The intended use of this certificate can, therefore, be a blog, a company showcase site, or a personal site.
- SSL Organization Validation (OV) certificate
SSL OV certificates add the first level of security compared to DV and DWV certificates. This typology guarantees that the domain belongs to the company that is requesting the certificate. Therefore validation days are necessary, and the company will have to provide appropriate documents to send the request.
This process takes longer than validation via domain only. Users of your site will then be able to see company information in the certificate details.
The destination of use of this certificate can, therefore, be small e-commerce.
- Extended Validation SSL Certificate (EV)
The EV certificates provide greater reliability than any other type of certificate. The verification procedure by the CA is more complex as more extensive checks are carried out for the company requesting them. The ownership of the domain, the identity of the applicant company, and the actual existence of the registered office are verified.
Users who navigate on a site will view all the verified information (Company name, VAT number, and registered office) and will see the green padlock associated with the name of your company (this functionality varies depending on the browser). Not surprisingly, you can choose this type of EV certificate to ensure maximum safety for customers. The intended use of this certificate is ideal for large e-commerce and large-sized companies.
Jan 30, 2020