Primary differences between SSL Certificate vendors and types
There are two primary variations between all SSL Certificates: The Certification Authority
Certification Authority (CA) A third party organization which is used to confirm the relationship between a party to the https transaction and that party's public key. Certification authorities may be widely known and trusted institutions for internet based transactions, though where https is used on companies internal networks, an internal department within the company may fulfill this role. (CA) who issues the certificate, and the depth in which the application for the Certificate by the customer is reviewed and validated.
Brand
The Brand of SSL Certificate directly affects who the CA of the certificate will be. This can have some technical implications, but primarily can affect your site visitor’s behaviors based on their perceptions of each CA’s reputation in the industry.
Type
The Type of SSL Certificate purchased will dictate the thoroughness in which the application details are verified. The more expensive Certificates undergo a stringent manually verification process prior to issuance. Each Type of Certificate includes a different Site Seal for inclusion on the applicable website. This Site Seal will reflect the validation process that was employed, thus providing site visitors additional assurance of the validity and security of the website itself.
For more information on the different validation processes which are employed, please click the certificate in question below
SAN Certificates
Multi-domain or SAN (Secure Alternate Name) SSL certificates can cover multiple domain names on just one certificate. For example, Symantec multi-domain certificates can cover up to 25 domains, whereas GeoTrust and Sectigo multi-domain certificates can cover anywhere from 5 to 100 domains, depending on the type of certificate you order.
Wildcard Certificates
A Wildcard SSL It is possible for a web hosting company to share a single SSL certificate - this allows the same SSL certificate to be used by many websites without the need to issue individual SSL certificates to each hosting customer. This allows the unlimited use of different sub domains on the same domain name. The Wildcard certificate allows the webhosting company to give each customer a secure sub domain, such as customer1.mydomain.ca, customer2.mydomain.ca, etc. The same can be applied for organizations wanting to secure multiple sub domains within the enterprise network. certificate may be used for situations where several same-domain web sites need to be secured but the sub-domains vary. You can secure as many sub-domains on one physical sever as you would like with the wildcard product as long as they share the same second level domain name. In order for you to do this, the domain/common name in the CSR would need to be "*.mydomain.com". The asterisk is a place holder and enables you to secure different sub-domains that share the same base/second level domain name such as "mydomain.com" in our example. If you need to install the certificate on multiple servers, then the private key must be exported from the original server and imported onto the additional servers you wish to secure. Next, install the certificate onto each of the new servers.
| NOTE: If your server or device does not allow for either the exporting or importing of the private key, you will need to purchase separate wildcard certificates for each server. |
Here is an example of sub-domains with the same second level domain:
- www.mydomain.com
- w1.mydomain.com
- secure.mydomain.com
- test.mydomain.com
- trash.mydomain.com
All of these have the same second level domain "mydomain.com" but different hostnames. One wildcard certificate of the form " *.mydomain.com " could serve all these web sites.
The wildcard is useful in situations like the above or when the web hosting service puts customer branding as the host name but all of them will have the same domain. For example: A Web Hosting Service offers its Fortune 500 clients a convenient shopping mydomain cart with their own brand name –
- www.mydomain.com
- mail.mydomain.com
- webmail.mydomain.com
- intranet.mydomain.com
- extranet.mydomain.com
All of these individualized web sites can be secured with the one and same wildcard of the form:
*. mydomain.com
Wildcards can also have more than three fields, such as:
* . * . domain . com
* . * . * . * . *. domain . com
etc.
If you are running IIS, you cannot get a multi-asterisk wildcard but you can get a single asterisk wildcard.
Extended Validation (EV) Certificates
Extended Validation EV SSL Certificates provide all the benefits of the Advantage SSL Certificates while also includeing prominent new trust indicators like a green address bar. or "EV" is the new standard developed and agreed upon by each major Certification Authority Certification Authority (CA) A third party organization which is used to confirm the relationship between a party to the https transaction and that party's public key. Certification authorities may be widely known and trusted institutions for internet based transactions, though where https is used on companies internal networks, an internal department within the company may fulfill this role. and the major browser vendors to authenticate and issue next-generation SSL Certificates.
EV SSL Certificates help protect your site from phishing scams and assure your customers that they are dealing with a business or organization that has been thoroughly checked out using the New EV standard.
An EV SSL certificate triggers high-security web browsers to display your organization's name in a green address bar, and to show the name of the Certificate Authority that issued it.
The Certificate Authority authenticates websites with an audited, rigorous methodology.
Online shoppers recognize the green address bar as an easy and reliable way to verify site identity and security. It provides an instant visual queue that your site is a trusted site and has met rigorous EV authentication standards. Higher trust leads to increased conversions and more business for you.