Unsure which SSL certificate type you need for your site? You’re not alone! Securing your WordPress site is easier than ever, yet confusing terminology abounds. You don’t have to become an expert on encryption just to protect your visitors and customers though. I’ll break down the different SSL certificates on offer, and what they can do for your business.
What are SSL Certificates? What’s a CA?
Secure Socket Layer (SSL) certificates allow the encryption of all of your website traffic by verifying your identity. They are issued by Certifying Authorities (CA), companies trusted to verify that you are who you say you are. Generally speaking, the more strenuously the Certifying Authority verifies your identity, the better the certificate, but the higher the cost.
There are three levels of validation available. Domain Validation, Organisation Validation and Extended Validation.
Domain Validated (DV) Certificate
Validates your domain name. Padlock on browser
Process
Your Certifying Authority verifies that you own the domain being validated.
You will need to verify your control of the domain by responding to an email, setting a code in your DNS records or other quick technical steps.
Cost
Because validation is automated, costs are very low.
Starting at around $30 per year (Australian Dollars)
Outcome
The green padlock will appear on a visitor’s address bar, but not the name of your company. If they inspect the certificate itself, your domain name will be certified, but not your company.
Organisation Validated (OV) Certificate
Validates your company. Padlock on browser
Process
Your Certifying Authority verifies the identity of your company, from sources such as business registration databases, articles of incorporation and other identifying documents. They will also phone you to verify your identity.
You will need to gather sufficient recent documents identifying your business and submit it to the CA.
Cost
Because there is more effort needed to perform the validation, costs will be higher.
Starting at around $100 per year (Australian Dollars)
Outcome
The green padlock will appear on a visitor’s address bar, but not the name of your company. If they inspect the certificate itself, they will see your company name there.
Extended Validation (EV) Certificate
Validates your company. Company name, green address bar and padlock on browser
Process
Your certifying authority validates multiple aspects of your business and the applying staff member, to validate:
- Business Registration (via ASIC in Australia)
- Trading Names (ASIC again)
- Bank Accounts (via proof from your bank)
- Physical Address (checking your address and phone number)
- Domain Ownership (All steps required for Domain Validation certificates, as above)
- Authorised Officer (verifying the ID and employment status of the person submitting the forms)
This requires several signed forms and accompanying documents, followed by a series of manual checks.
Cost
Because a large amount of administrative effort is involved, the cost from the Certifying Authority, as well as internally, is quite high.
Starting at around $300 per year (Australian Dollars)
Outcome
The green address bar, with green padlock and your business name, will appear on your visitor’s browser.
Which Validation Type Do I Need?
Domain Validation is fine for most business in Australia. Although it doesn’t verify that your domain belongs to your business, if you have a *.au domain, you have already been verified at a basic level by auDA, the .au Domain Administrator.
Organisation Validation offers extra consumer confidence, especially when your domain name is very different to your company name.
Extended Validation is typically used by large companies and government organisations, or where sensitive or financial data is being shared. There are significant costs involved in Extended Validation, mostly in the form of your admin time to fulfil validation requirements, which need to be justified by high risk of impersonation.
Certificate Types
If you have multiple domains, or multiple subdomains, you’ll want a single certificate that covers all of your needs.
Single Domain (DV/OV/EV)
www.example.com
Wildcard (DV/OV)
www.example.com
store.example.com
secure.example.com
Multi Domain (DV/OV/EV)
www.example.com
www.example-foods.com
www.example-foundation.org
Note – due to the way Extended Validation tracks server names, EV wildcard certificates do not exist.
Choosing a Certifying Authority (CA)
There is little to differentiate the major CA’s, except for minor price differences.
The four major players are:
- Comodo
- Identrust
- Digicert
- GoDaddy
If you choose a CA from any of these major companies, you’ll have comparable validation and encryption quality.\
How Do I Get Started?
From Your Hosting Company
The technical steps behind setting up a new SSL certificate are best done in cooperation with your hosting company. They will re-sell you the certificate and a good host will simplify the gnarlier technical settings to get your site running.
Head to your web host’s admin panel and look for an option to add SSL to your domain or buy a new certificate. From there, you can browse their available CA’s, certificate types and validation levels.
From a Certifying Authority
You can order SSL certificates directly from the certifying authority, but you’ll need to log into your hosting account to generate a Certificate Signing Request before starting.
Let Us Help You
If you’d like us to advise on the type of certificate that suits your needs, and handle all the technical details, get in touch and we’ll get started right away.