What are the three types of SSL certificates?
There are three levels of SSL certification that encompass various ‘depths’ of security.
An SSL certificate of any level grants essential security to a website, but those of a greater validation level give that little bit more, and may be more attractive for larger companies or those who take a lot of data as part of their business operation.
These levels are:
Domain Validation (DV) SSL certificates
Of the three levels, this is the most basic and obtainable. The only hard requirement for a DV certificate is proof of ownership pertaining to the web domain.
This type of certificate doesn’t necessarily stand as proof of a legitimate business, so DV SSL certificates are often insufficient for companies but serves individuals well.
Even a DV certificate provides compliant encryption that meets industry standards, so this doesn’t necessary place independent websites at a disadvantage compared to those of businesses.
DV SSL certificates also provide the ‘https’ string in a domain’s URL, giving an at-a-glance sign of competent security.
Organisation Validation (OV) SSL certificates
This is an intermediate level of verification.
Like domain validation, OV certificates require proof of ownership for the domain, as well as proof of the legitimacy of the business itself in that it’s legally registered. As its name and requirements suggest, this type of certificate isn’t available to individuals (except those representing businesses, such as sole traders).
As well as providing encryption, OV certificates hold an extra level of trust and authority since they can only be granted to valid businesses, which will be vetted by the chosen Certificate Authority to ensure that everything is above board.
Accordingly, OV certificates take up to a few days, whereas DV certificates can be provided within a few hours.
Extended Validation (EV) SSL certificates
EV certificates are the best SSL certificates available in terms of prestige and trustworthiness. As with the preceding two types, the increased security and positive image associated with EV certification requires a more stringent verification process than anything demanded by DV or OV certificates.
When applied for, the Certificate Authority will conduct a thorough human-led investigation into the business.
This includes:
- Verifying that the business has full, exclusive rights to use of its domain name and that it isn’t taking something to which another business arguably has greater claim
- Confirming the location and operations of the business to see that it’s an official, established enterprise
- Verifying the legal status of the business to make sure there are no hidden issues with solvency or official registration
Having an EV certificate issued takes several days and, unsurprisingly, costs the most to requisition.
However, it’s the very best level of verification that a business can seek in terms of its SSL status, and the most up-to-date security enhanced browsers show a green bar to give site visitors a strong indication of the site’s—and therefore the business’s—data security.
The presence of this bar is a minor thing but it could easily be the deciding factor for customers who are torn between two online retail businesses, particularly if the customer is spending a lot of money or handing over sensitive information, which may well be the case with customised products.
How much is an SSL certificate in the UK?
The price you pay for an SSL certificate will be at its lowest for a DV certificate, given the lax verification and fast process for acquiring one.
OV and EV certificates cost more due to the work incurred by the Certificate Authority and the benefits granted by their more secure status.
The cost of a certificate is usually structured as a yearly fee.
These range from around £5 a year for a DV certificate to around £120 a year for EV certificates. Prices can vary widely depending on the Certificate Authority issuing the SSL certificate and any extra services they offer as part of the vetting and admin processes.
Given the affordability of even an EV certificate in the context of business profits, paying the annual fee for one really is a no-brainer.
How do I install an SSL certificate?
Adding a certificate to your website is straightforward for anybody competent with IT and web design, but the specifics can vary depending on where you host your domain.
Installing your certificate can be as simple as logging into a control panel and filling in details, or it may involve creating files using a text editor.
This can also include ensuring your private key is accessible, so the task is best left up to somebody who really understands the process.
If you use a web host or dedicated third-party for IT services, get in touch to see if they can sort it out properly.
Which is the best SSL certificate?
If you want your business website to have the greatest level of trustworthiness and verification, then it’s hard to argue against an EV certificate.
It shows site visitors that you take the security of their data seriously, and goes a long way towards proving due diligence regarding GDPR.
However, bear in mind that a DV certificate still provides just as much material protection as an EV certificate.
Therefore, if you run a startup or SME and need to spare as much overhead as possible, then it’s better to at least secure the lowest level of certificate than getting nothing at all.
Can I make my own SSL certificate?
No.
There is too much verification and security tied into SLL certificates for people to independently create their own, both as an achievable feat and as something that can be trusted.
After all, if your certificate doesn’t stem from a verified authority, then how is it worth anything in terms of trust? It would be like printing your own money and still expecting it to have value.
If you want an SSL certificate for your website, there is no way around it: you need to apply through a valid Certificate Authority.
Does an SSL certificate help my marketing?
Absolutely.
If you’re looking to capture customer data, your customers need to know that data is safe and secure. Even if you only ask for an email addresses in exchange for a whitepaper download, or a name and business address for a quote, you need to take your role as a data processor seriously.
Customers who see that green address bar and padlock symbol are given subtle but effective cues that your business is trustworthy and authoritative.
That trickles down to your content, and the trustworthiness of your position as a market expert and/or thought leader.
To learn more about honest, ethical marketing and how we can give you more expert insights like these, contact Aqueous Digital today.