Knowledgebase

Portal Home > Knowledgebase > Getting Started > What are the types of SSL certificates?


What are the types of SSL certificates?


SSL certificates come in three major categories: Domain Validated, Organizational Validated, and Extended Validation. This article will describe the differences.

First, it's important to note that the security level between these certificates is the same. The major difference between these certificates is the features, such as a site seal, or a "green bar" in the browser. 

It is worth noting that as you go down the list, in general certificates are more expensive due to additional verification and features. If you're just starting out with a small budget, getting the top of the line EV SSL certificate for several hundred dollars is likely not needed, and you may not even have the business verification documents to complete the setup anyway.

1. Domain Validated
Domain validation certificates require that you only verify your ownership of your domain name. This verification is required to ensure that the SSL issuer is insuring the legitimate owners of the website, and not a fraudulent website. When you order your SSL, you'll normally have to select an administrative approval email address - which means this is restricted to things like admin@yourdomain.com - webmaster@yourdomain.com, or your whois contact email address. You will be sent an email with a link that you must click on to approve this certificate, and then it is generally issued immediately. 

If you have purchased an SSL certificate through InclusiveHost that is domain validated, you can use our Auto SSL installer to have this automatically completed for you!

2. Organization Validated

 
This type of certificate has the same requirements as the domain validated certificate, meaning you have to still verify domain ownership by recieving and following instructions on an email sent to admin@yourdomain.com, webmaster@yourdomain.com, or your whois email address.

In addition to this domain validation, the SSL issuer has to ensure that your business is legitimate and you are who you say you are. This means you may have to provide recent (within 6 months) bank statements, utility statements, or other official documentation showing your business name and your address. They will also likely use online databases (such as d&b, the yellow pages) to check the authenticity of your provided information. An automated phone verification is also likely to be required. If any of this information is incorrect, the SSL certificate may not be issued. 

Organization Validated certificates typically take much longer (sometimes several days) to issue and verify than domain validated certificates. 

3. Extended Validation (EV) SSL certificates

Extended Validation certificates require all of the above verification methods, in addition to strict business document validation and also phone verification. Several forms need to be manually filled out and submitted to the SSL issuer, and the validation time can take over 1 week typically. These are one of the most expensive certificates, and typically very high profile websites use these certificates to increase customer confidence. For an example of what an EV SSL looks like, you can visit https://paypal.com to see the "green bar" in the browser, or see these example images:

Firefox Browser:
Firefox EV SSL

Chrome Browser:
Chrome EV SSL



Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read

Powered by WHMCompleteSolution