Choosing an SSL certificate: paid or free — or whether you can do without one
SSL certificates can be either paid or free for both individuals and companies. They also have a few cryptic names. For example, OV, EV, and DV. It can be confusing figuring out which one to choose, whether you have to pay or not, and whether a free one will do the trick.
We’ll go over what will happen if you don't get an SSL certificate, what DV, OV, and EV mean, where to start, and ultimately which certificate to choose for your project.
- Whether you can get by without an SSL certificate
- How to choose an SSL Certificate
- DV — Domain Validation
- OV — Organization Verification
- EV — Extended Verification
- Self-Signed SSL Certificates
- How to save on SSL certificates that come with options
- The main point: which SSL certificate to choose
Whether you can get by without an SSL certificate
Every website has a specific purpose, usually profit. The reputation of the company and its financial well-being depend upon the stability and security of the site.
This is what project owners risk if they choose the wrong SSL certificate or don't install any at all.
Data leakage. Visitors to a site transmit confidential information that can be intercepted by fraudsters, including passport data, credit or debit card numbers, addresses, and e-mail addresses.
User distrust. When a person opens a site and sees a red lock and the message "Your connection is not secure," he or she will likely think it's a scam site and close the tab.
What the notification looks like on a site without an SSL certificate:
When such a window pops up on a site that sells goods or services, it reduces the visitor’s trust. The natural reaction is "this isn’t safe, I'll try somewhere else." So the visitor checks out a competitor and a potential client is lost.
Falling organic traffic. Search engines rank sites without SSL certificates lower. The algorithms automatically mark the resource as unreliable and tend to put it at the end of the queue.
That's why every site needs an SSL certificate, no matter whether it’s a business portfolio or accepts orders and payments.
How SSL certificate protects the site. When a user tries to access a website, the SSL certificate creates an encrypted tunnel between their computer and the website server, protecting personal data from leaks. So even if fraudsters manage to intercept the info, they won't be able to decrypt it.
Let's move from theory to practice. In order to choose a suitable SSL certificate, let's identify what the project at hand involves.
How to choose an SSL Certificate
Before choosing an SSL certificate, you need to understand how your project works and what its objectives are. For example, some certificates can only be issued to a legal entity for a fee, while others do not provide insurance and are only suitable for small blogs and business card sites.
Here are the project specs to focus on.
1. What's under the hood?
Multiple resources — for example, two domains, email, and IP addresses. Certificates with IP address protection or the SAN option may be suitable for such a project. To learn more about how the options work, see "How to save money on SSL certificates with options."
One domain — for such a project, a DV certificate would be great. To learn more about DV certificates and where to order them, see the "DV—Domain Validation" section.
A domain and several subdomains — certificates with the Wildcard option may be best. Read more in the section "How to save money on SSL certificates with options."
An internal project — for example, sites accessed through the local network or web applications at the testing stage. A self-signed certificate is ideal here. Only the server on which the certificate has been created trusts it. For more details, see the section "Self-Signed SSL Certificate."
2. To whom the domain is registered.
An individual — can only obtain free or commercial DV certificates. For more details, see the section "Types of Certificates."
A legal entity — commercial DV, OV, or EV certificates can all be good options. For more, see the section "Types of certificates."
Let's move on to SSL certificates — let's find out what the difference is between free and commercial, the different degrees of verification, those with or without insurance, and what DV, OV, and EV mean.
DV — Domain Validation
Domain Validation is the extent to which the owner of a website is verified for certificate issuance. In order for a certification center to issue a DV certificate, it is enough to confirm domain ownership. Such an SSL certificate can be issued to an individual or a legal entity. DV certificates are issued fast, sometimes it takes less than an hour.
A free DV certificate is issued by a non-commercial certification center. You will have no insurance if the SSL certificate causes problems for your site. A free DV certificate is great when the financial outcome of the project does not rely on site performance. Let's Encrypt and CloudFlare are examples of free DV certificates.
A commercial DV certificate differs from a free DV certificate in its longer validity period and by coming with insurance. A commercial DV certificate is suitable for larger sites where users register and leave their email and name but do not make purchases or transfers. For example, the Sectigo PositiveSSL SSL Certificate is great for sites that need guaranteed resource protection, with insurance coverage of $50,000.
OV — Organization Validation
OV certificates are commercial. To obtain one, you need to prove ownership of the domain and the existence of your company. They cannot be issued to an individual, only to a legal entity.
The advantage of OV certificates is high insurance protection. For example, the GeoTrust True BusinessID certificate has insurance coverage of $1.25 million.
An OV certificate also includes information about the company to which it was issued. Users will be able to check that the site is real and not just used for phishing. OV certificates are necessary for projects where it is important to maintain data security and the site affects the company's profit. For example, the GeoTrust True BusinessID and Sectigo Instant SSL certificates are great for such projects.
EV — Extended Validation
EV certificates are commercial. To obtain one, a company must undergo extended verification, confirming the ownership of the domain and the existence of the company.
The main difference between an EV certificate and an OV certificate is the amount of insurance. For example, the popular Sectigo EV SSL certificate has insurance coverage of $1,750,000.
An EV certificate is great for large businesses and corporations that need to keep their data as safe and secure as possible.
Self-Signed SSL Certificates
A self-signed SSL certificate can be issued by anyone on your server. To do so, you need to form a private key and generate the certificate in the console or in the ispmanager control panel.
Such an SSL certificate is suitable only for internal projects because it is only trusted on the server where it was issued. Other devices will not be able to determine who issued the certificate, so the "Your connection is not secure" warning will pop up or access to the site will be restricted.
Here’s a table to compare SSL certificates:
How and where to order an SSL certificate:
Let's Encrypt free certificates: in the ispmanager control panel →
Commercial DV, OV, and EV certificates: submit an application on the ispmanager website →
Self-Signed SSL certificates: in the ispmanager control panel →
How to save on SSL certificates that come with options
Usually, a single SSL certificate is enough for a given project but not always. For example, if a project uses an IP address and does not need any domain protection at all. Or, on the contrary, consists of several domains. Or is really large in scale, for example, a financial company needs to protect internal subdomains, websites, web applications, and other services. Then, dozens of certificates for different domains and subdomains will be required.
SSL certificates offer additional options that can help reduce costs and protect your project depending on its characteristics.
What certificate options are offered and why you might need them:
SAN — Subject Alternative Name. A single certificate protects several domains and subdomains at once. It can be installed and renewed for all projects at once: you don't have to waste any time or money buying and keeping track of expiration dates for each domain. It is issued for specific names which you need to specify for all domains covered by the certificate. Great for sites with a large number of domains and subdomains like SaaS platforms and Internet portals.
Examples of domains: www.example.com
, mail.example.com
, blog.example.org
.
Popular SSL certificates with the SAN option: Sectigo PositiveSSL Multi Domain, and Thawte SSL Web Server.
Wildcard: protects one domain and all its subdomains. Suitable for sites with a large number of subdomains of the same level.
For example: *.example.com
— the asterisk in the name implies any subdomain, even those not yet created.
Popular certificates with the Wildcard option are Sectigo PositiveSSL Wildcard, RapidSSL Wildcard, and Thawte SSL123 Wildcard.
IP Address SSL: An SSL certificate for IP address protection. IP Address SSL is great for network devices, servers, and services that use IP addresses instead of domains such as internal VPN networks.
A popular certificate for IP Address is Sectigo PositiveSSL.
The main point: which SSL certificate to choose
✓ All websites need an SSL certificate: users, search engines, and browsers don’t trust insecure resources. You can get by without a certificate if you are ready to bear responsibility for data leakage and the loss of organic traffic and potential customers.
✓ An SSL certificate makes data transfer between the browser and the server secure. It confirms the source of the information and encrypts the information to be sent.
✓ Before choosing an SSL certificate, you need to identify the characteristics and objectives of your project: whether you are an individual or a legal entity and how many domains and subdomains you need to protect.
For example:
- Free and commercial DVs are great for individuals.
- Commercial DV, OV, or EV certificates are great for legal entities.
- When you need to protect several domains or subdomains at once, Sectigo PositiveSSL Multi Domain or Thawte SSL Web Server certificates are great.
- For projects that use IP addresses instead of domains, Sectigo PositiveSSL is great.
- For sites with a large number of subdomains of the same level, Sectigo PositiveSSL Wildcard, RapidSSL Wildcard, or Thawte SSL123 Wildcard certificates are great.
✓ A paid SSL Certificate is necessary for sites that collect personal user data and accept payments.
✓ A free SSL certificate will do the trick when your site is not monetized, for example, a personal blog or a business card site.
Still have questions about SSL certificates? Write to us in the chat or email us at help@ispmanager.com We will help you choose, explain, or place an order =)
If you liked this article, please subscribe to our Facebook community so that you don't miss our other useful posts.