by Paul Rudo on 16/06/12 at 1:58 pm
It’s no secret that the internet is an increasingly dangerous and malicious place, with hackers looking to compromise both a website’s own integrity and the integrity of its private information. The best way to stave off these malicious attempts to undermine a website’s security is by implementing an SSL certificate. Short for Secure Socket Layer, this technology creates an encrypted and secure connection directly between a user’s web browser and the website’s server as they browse that website’s content. This is most commonly used to secure financial information or other private data, although SSL certificates are becoming increasingly common on social networking websites as users place more private information into their account profiles.
SSL certificates come in a number of varieties which are designed to cater to specific kinds of sites and web applications. The key to successfully securing a website with this technology is to pick the right kind of certificate for the job. The main differences between each type of certificate are relatively basic and easy to understand, and brushing up on these terms will help website owners implement the best solution for their needs.
This is perhaps the most thorough type of SSL certificate that a business can secure for themselves. It can only be issued after the governing body has conducted a thorough vetting process of the applicant organisation itself, as well as their rights to use the domain name where they currently serve their customers. The industry body which determines SSL certificate standards has issued the following guidelines and requirements for those businesses looking to secure an EV certificate:
- The identity of the applicant entity must match public record accounts of that entity
- The applicant must have the exclusive right to operate at the domain name for which the SSL certificate is necessary
- The legal existence of the applicant entity, as well as the physical and operational existence of the applicant, must be verified
- The applicant entity must have properly authorised the issuing of an Extended Validation SSL certificate
It’s easy to see how this sort of verification and vetting process should be saved for only the most serious organizations. The process is tough, thorough, and can result in a number of disqualifications for smaller businesses and less official online entities.
This certificate is a bit less thorough when it comes to vetting a company’s information. When an organization applies for this SSL certificate type, the granting body verifies that they have the legal and exclusive rights to operate at their current domain. It also conducts light verification of the organization’s actual business information, but this process is far less in-depth than what is required for an Extended Validation application. Any validated information is displayed to users when they click the “padlock” SSL certificate indicator in their browser’s address or status bar area. While EV certificates are great for big businesses, OV certificates are perfect for smaller businesses and independent organizations.
This is the easiest type of SSL certificate to get, as the granting authority merely verifies the right of the organization to operate at the domain where they currently conduct their business and interact with consumers. No verification or validation of company information is required during this time, as the process focuses solely on the domain registration and the rights to that domain name. This SSL certificate is best suited to sole proprietors, independent users, and very small businesses, who are looking to operate securely online.
Less-Common SSL Certificate Types
While the three types of certificates described above are easily the most common ways to secure a website’s operations and customer interactions, there are a few miscellaneous types of SSL certificates which perform more specialised functions. From online collaboration to email, these certificates each have a relevant niche online.
- Email Certificates, also known as MIME Certificates, are used to securely sign email and verify that it was sent from the email address it claims to be from. This is good for corporate communications and official records.
- Unified Communications Certificates are perfect for multi-domain implementations where a collaboration server, such as Exchange Server, is used to connect various official groups.
- Wildcard Certificates can secure first-level sub-domains within a single top-level domain, such as “subdirectory.domain.com.”
- A Code Signing Certificate is a way to ensure that any code written by a developer is being transmitted securely, in its original form, and has not been modified or corrupted.
Plenty of Options for Web Developers and Businesses
SSL certificates continue to gain in popularity as malicious external threats make it necessary to encrypt information, verify its authenticity and integrity, and reassure users that they won’t put themselves at risk by browsing an e-commerce or social media website. With the wide variety of certificate types available, it’s really possible for developers and organizations or any size to gain the protection and peace of mind that SSL verification has to offer.
About The Author: Oliver Macpherson has worked for an ssl certificate provider for the past 10 years and believes in the importance of protecting confidential data where possible.