TranslateProject/sources/talk/20220609 SSL Certificates- Make the Right Choice.md
Xingyu Wang 9f512574af 超期回收 & 过期新闻
@gpchn @KevinZonda @FelixYFZ @CoWave-Fall
2022-11-20 23:37:15 +08:00

13 KiB
Raw Permalink Blame History

SSL Certificates: Make the Right Choice

Increasingly sophisticated techniques are being used to hack into data today. So it has become extremely important to use even better ways to protect your customers data. SSL certification is one such way. This article looks at the different types of SSL certificates and how to choose one that suits your organisation.

SSL-certificate

Increasingly sophisticated techniques are being used to hack into data today. So it has become extremely important to use even better ways to protect your customers data. SSL certification is one such way. This article looks at the different types of SSL certificates and how to choose one that suits your organisation.

SSL certificates are an apt solution for securing data in transit. They create an automated mechanism to encrypt the transfer of data between the server and browser (or site and visitor). This encryption can only be decrypted by the intended system. So it discourages hackers from stealing data, and offers complete security against transit attacks on it.

Along with securing communication, SSL certificates also build trust with customers and help you emerge as a credible business by displaying virtual trust icons like a padlock, HTTPS prefix, and a green address bar. So lets learn about the major types of SSL certificates and how to choose the one that works best for you.

SSL certificate options: Similarities and differences

Lets first discuss the basic similarity all SSL certificates share. Regardless of their type, price and scope, every SSL certificate encrypts the to-and-fro communication between the sites server and the Internet browser of your visitor.

The difference lies in the terms and conditions of the validation process and the number of domains/subdomains it covers, etc. Proceeding to purchase an SSL certificate without first reviewing your present and future needs may result in costly mistakes, and you may end up paying a hefty amount for advanced features that are irrelevant to your business. Or you may get tempted to buy a cheap certificate that isnt a perfect fit for your business needs. Due to the crucial role it plays, an SSL certificate is issued by an official certificate authority after a thorough verification procedure to confirm the legitimacy of ownership. So, this certificate not only encrypts the communication between websites and audiences, but also ensures the legal position of a site. It plays a vital role in building trust.

As you have now understood why we need a SSL certificate, we can discuss the different types of popular SSL certificates, along with their benefits and issuance procedures.

Domain validation (DV) SSL certificate

The most basic of the three types of SSL certificates, the DV or domain validation certificate confirms the ownership of a domain through an automated online process. All you have to do is to complete a few basic steps to prove that you are the legitimate owner of the domain to get this certificate. Though easiest to get, this type of certificate helps in building only a basic level of trust.

After completing the DV certification procedure, you are allocated trust-building visual elements — a static seal, a padlock icon, and an HTTPS prefix in your URL.

Cheapest prices and quick, automated processes are the two major benefits of a DV certificate. On the flip side, you get only the basic trust signs that arent enough to satisfy the security concerns of more demanding customers or visitors.

Important to know: DV misses the most important trust sign — vetting the real, legal business that owns the domain name. For instance, suppose Mr X buys a domain abc.com to lure gullible people into investing money in a business that seems genuine. Being a legitimate domain owner, he can get a DV through an automated process. With HTTPS URLs and other trust signs, it is easy to gain peoples trust too. However, the company (or fraud mechanism) behind this domain isnt vetted/verified, which makes it easier for Mr X to continue duping investors of their hard-earned money.

Is DV SSL the right choice for you?: DV is best for a small and general website, which doesnt demand or require any sensitive information that can be misused like credit card numbers, social security information, or details of a financial portfolio. For websites that post childrens stories, general e-magazines, personal blogs, professional portfolios, and other static websites on general topics, a DV certificate is a perfect and cheap solution. Securing more mission-critical sites that collect sensitive data like credit card numbers and social security details is a different story though.

Organisation validation (OV) SSL certificate

As the name suggests, the OV certificate not only validates the domain ownership but also vets the real identity of the organisation to which the domain officially belongs. It builds an extra layer of trust for visitors who have stronger concerns, by displaying the key information about the business. Interested visitors just need to check the details of the certificate to ascertain the credibility of the company.

As compared to a DV certificate, an OV certification requires a more detailed process carried out by an authorised certificate authority that demands and vets key documents representing the legal status of the company. Hence, along with domain ownership, this certificate also assures that it is owned by a legitimate organisation.

Though the issuance process is more expensive and demanding, this type of certificate does empower you to position your company as a legal, real company doing legitimate business. It makes you stand out and even more concerned visitors are able to trust your organisation.

Is OV the right choice for you?: Sites that ask for sensitive data that can be misused by threat actors should obtain this certificate. E-commerce sites with online payment gateways, digital health practitioners, government websites that demand citizens information, defence-related websites, online trading platforms, or professional networking sites are all the right candidates for obtaining an OV certificate.

Extended validation (EV) SSL certificate

In the digital domain, visuals matter a lot. A company seal, security icons, or even assuring colours (like green) can go a long way in leaving a lasting impression, winning you a big deal or helping you forge business relations with dynamic brands.

The vetting procedure for issuing an EV SSL certificate is quite stringent and involves a manual process as well. It starts by verifying the ownership of the domain. After that, the certification authority asks for your identification number. Next, it gets your legal working contact number from relevant authentic sources. That contact number is manually verified by calling your office and talking with the real person. Only after satisfying all such verification parameters can you get the EV certificate.

Unlike an OV certificate, you dont just get a static site seal with a basic look, but get dynamic seals as well. Additionally, the full legal company name is displayed in the address bar along with a green-coloured padlock. Added to this, the entire address bar turns green as soon as your site loads. All these visible signs vouch for the legality of your firm, build a visual comfort zone and reaffirm the credibility of your organisation.

Such certificates satisfy the sophisticated digital security vetting parameters of global brands and corporate conglomerates. If highly expensive items like gold and diamond jewellery are being sold on a website, then such superior trust factors satisfy the higher trust demands of buyers. Though this certificate is the most expensive among all the SSL certificates, it is worth investing in the extra dollars as it has the potential to significantly boost your sales revenue.

Scope of different SSL certificates

Apart from the type of certificate, the other crucial question is: how many digital properties you want your certificate to cover? If you own a single domain property and do not want to expand in the foreseeable future, then a single DV would do for you. But what if you own, say, 20 different domains — most of which deal with e-commerce or collect sensitive client information? It wouldnt be practical to buy the more expensive EV certificate for each of these domains. Here is some guidance on that.

Wildcard SSL certificate

With a single wildcard SSL certificate you can protect the main domain and practically unlimited sub-domains related to it. For instance, yoursite.com (the main domain) may have three subdomains:

  • mail.yoursite.com
  • login.yoursite.com
  • ftp.yoursite.com

This certificate relieves you from the stress and expenses of purchasing a separate certificate for every domain after going through the complete validation process, followed by an installation process for each. It also saves you a lot of time on repetitive processes and almost eliminates potential errors.

-
Note: Both DV and OV offer wildcard certificate options.

Multi-domain (or SAN SSL) certificate

One level above the wildcard SSL certificate is the multi-domain certificate, which helps to secure primary domains and their related subdomains. It does everything that a wildcard certificate can do, and more. If you own multiple domains and want a uniform and standard SSL security for all, then a multi-domain certificate is the right choice for you.

Is SSL certification only about visual trust signs?

Obviously, when you spend significant money on an SSL certificate you would like to get more than security icons or trust signals. Well, your certification authority does offer a specific amount of warranty or a payback if your customers become victims of a fraud. The amount of this warranty depends upon the type of certificate and how much it costs.

How to choose the ideal certificate authority (CA) for SSL

The next question is: who can judge the judge? It is you. Carefully consider some of the prime factors while finding the right SSL certificate provider/CA for your site. Before buying any certificate, thoroughly vet the reputation, credentials and experience of the certificate authority.

Also, ask questions. Do they have a credible history? What type of customers do they have in their repertoire? Do they have an impressive portfolio of regular customers? Most importantly, is the company passively following old industry standards, or is it actively investing in research and development on how to prevent the latest cyber frauds? All such questions will help you to make informed decisions and get the best value for your money.

Also make another very important check: Has any major browser banned the CA? The very objective of the SSL certificate is defeated if the CA has been banned by a major browser.

How long does it take for an SSL certificate to be issued?

The time taken to issue a certificate varies and depends upon the validation procedure and its requirements. A DV certificate, for instance, is issued within minutes as it has the least verification requirements. An OV SSL, with more detailed vetting requirements, can take up to three days for issuance. Since it has the most demanding vetting process, the EV certificate can take up to four days for issuance.

The validation period of the certificate, along with its credibility and scope, plays an important role in influencing its price. It is always best to use your discretion, and find a fine balance between the price and value of the certificate.

A few reputed SSL certificates go the extra mile and also offer extra security measures to customers. You can never be secure enough on a digital platform. So it is always best to see if such additional security elements will be helpful. However, your prime focus should be the credibility and portfolio of the company. It isnt wise to compromise with that just to get some extra security elements.

SSL certificates encrypt the data and information that customers share with organisations. They help to save customers from data theft and misuse by threat actors. But its always advisable to check the credibility and reviews of a certificate authority carefully before buying a SSL certificate from it.


via: https://www.opensourceforu.com/2022/06/ssl-certificates-make-the-right-choice/

作者:Jitendra Bhojwani 选题:lkxed 译者:译者ID 校对:校对者ID

本文由 LCTT 原创编译,Linux中国 荣誉推出