Early this year Google announced that it would start warning users when a site they visited was not using an SSL Certificate, and we helped you understand the reasons behind SSL Certificates. Today, let’s talk about picking the right one!
No matter what sort of website you may host, protecting and encrypting the data transmitted over the internet has never been more important. From consumer apprehension due to browser warnings to identity theft due to insecure sharing of sensitive data, consumers across the world are learning about the need for security. One easy way to increase the security for your sites is SSL (Secure Socket Layer) Certificates!
What is an SSL certificate, and Why Do I Need One?
SSL certificates are used to allow secure communications between two computers. Whether visiting a website, sending an email, or making a purchase on a site, SSL certificates encrypt the data and those end users that are connecting to it. An SSL certificate validates the identity of the operator of the domain name and encrypts all of the information between the web site’s server and its visitors. This ensures all of the data transmitted over the SSL or TLS handshake has been secured. Think of encryption as a combination lock on a safe- to open the vault; the correct combination sequence is needed.
SSL certificates have two different sets of “combinations,” called keys; a “public key,” which is used to encrypt data, and a “private key,” which is used to decrypt data back to a useable format. Basic SSL encryption breaks down like this:
- The user accesses a site with an SSL certificate installed
- A secure SSL connection is requested from the website host
- The host responds with the valid SSL certificate
- A secure connection is established between the browser and host enabling the transfer of encrypted data
Where are SSL Certificates Used?
SSL certificates should be used anywhere where information needs to be transmitted securely. Most commonly, an SSL certificate would ensure secure communication between an e-commerce site and its customers, business’ internal communications, information passed between internal and external servers and mobile devices. SSL certificates are required to secure websites that conduct financial transactions, banking, and financial institutions, or any site dealing with personal, confidential information. Not having an SSL certificate (or the correct SSL certificate) can lower the rate of completed transactions on your site, degrading the trust of your users and potentially impacting your business negatively.
What Types of SSL Certificates Exist?
A very common question, with a bit of a complicated answer, that we are hoping to help you answer below. The three primary types of SSL certificates available are explained below.
Domain Validated SSL Certificates (DV SSL certificate) – these SSL certificates best serve SMBs (small-to-medium businesses) looking for a cost-effective encryption solution. Receiving a DV certificate only requires proof of ownership of the domain the certificate is for, which is provided through a simple email or DNS validation process. Due to the ease of issuing these certificates, DV certificates should only be used for encryption, and cannot be used to indicate the trust level of a domain or the organization that owns the domain. Therefore, it is still on the user to ensure that the site can be trusted, and these SSL Certificates should not be used for an e-commerce solution. They serve best for testing sites, servers, and internal business sites.
Organization Validated SSL Certificates (OV SSL) – OV SSL certificates are essentially the same as DV SSL certificates, however, the domain owners take an additional step by requiring proof of domain ownership and legitimacy. The issuing Certificate Authority (e.g. Comodo, Let’s Encrypt) ensures that the business associated with the domain is in fact registered and legitimate by checking such information as the name of the business, its location, address, and any other legal information (i.e., incorporation).
Extended Validated SSL Certificates (EV SSL)- EV SSL certificates are the highest level of trust that an SSL certificate can receive and are the industry standard for e-commerce websites. When viewing a website secured with an EV SSL certificate, rather than a green padlock and “secure” message next to the domain, you’ll see the entire organization name (the domain’s owner) highlighted in green next to the domain name. These certificates are essential for e-commerce and large business sites where financial and important data transactions occur.
Historically, purchasing an SSL certificate and installing it were quite difficult and time-consuming. cPanel offers a few different tools that make it easy to install and manage SSL certificates.
Introduced in cPanel & WHM version 58, AutoSSL is a tool that vastly improves the SSL certificate renewal and installation experiences for its users. You are no longer required to manually copy certificates to the correct place or fill out any forms. After enabling AutoSSL, your websites are secured automatically with a free DV SSL certificate. Instead of the hassle of renewing that certificate, it is renewed automatically and installed at the time of expiration.
The Market Provider Manager, available beginning in v56, is an interface provides the ability to purchase and install Comodo and cPanel-signed SSL certificates. Once a certificate is purchased, the system will automatically download and install the SSL certificate without ever having to leave the cPanel interface.
So Which SSL certificate is Right For Me?
Which SSL certificate you should use is entirely dependent on what your site is for!
Are you curating a Fantasy Football Blog? An episode-by-episode review of Mr. Robot? Then a DV SSL certificate is probably the best SSL certificate for you. If you aren’t selling any items via Shopping Cart or PayPal, a DV SSL certificate is perfect.
Are you a band selling t-shirt, tickets, and vinyl? A real-estate website scheduling appointments for potential clients? OV SSL certificates are what you are looking for, and the extra layer of validation will lend a level of trust to your potential users.
Are you a bank or financial institution? A government entity? Then an EV SSL certificate is the level of validation that is best for you.*
Take the Next Step!
Want to discuss SSL certificates, AutoSSL or Market Provider Manager in person? Come join us at the 2018 cPanel Conference! You can also reach us via Discord or Slack, or join our Reddit community on /r/cPanel!
*A previous version of this article erroneously stated that the different types of validation also indicated an increased amount of encryption.