In the first half of 2019 alone, data breaches exposed 4.1 billion records. Website owners know that SSL certificates for online security are critical to protecting business and customer data from attackers, but knowing what exactly you need can be confusing.
Let’s take a look at SSL certificates, why you need them, and an overview of the different types of certificates, including their features & pricing.
Why SSL/TLS?
SSL stands for Secure Socket Layer; it is the technology that establishes a secure connection between your website and your visitors’ web browsers. While the term is still commonly used, the actual technology has been replaced by TLS or Transport Layer Security, a more advanced technology that ultimately performs the same function of encrypting communications so that hackers can’t access the data. SSL/TLS is used to transmit secure emails and files, as well as private data on your website, such as login credentials, financial details, and personally identifiable information (PII).
Website visitors know your site is secure when they see “HTTPS” and the padlock (green or gray depending on the certificate type) in the address bar. Clicking the padlock verifies that their connection is secure and allows them to view the details of your certificate. Securing your website with an SSL certificate helps build trust with customers.
Without SSL, hackers—who attack on average 2,244 times a day, or every 39 seconds—could easily capture your business and customer data.
Types Of SSL Certificates
Not all SSL certificates are created equal. And not every website needs the same level of online security. A purely informational website with public information can get away with a basic DV SSL. If that same website collects customer names and email addresses or stores account information, they need more protection. And of course, banking information, credit cards, and social security numbers demand the highest level of security.
Here are the different types of certificates:
Domain Validated Certificates (DV SSL)
DV SSLs are the most affordable and basic certificates, and are usually issued within a matter of minutes. They only require an organization to verify that they own a domain; the issuing certificate authority (CA) does not validate that the organization is a legitimate business. Visitors will see “HTTPS” and a gray padlock in the address bar. DV certificates offer the lowest assurance, and should not be used on websites that collect or transmit personal data. Pricing starts at just $5 a year and goes up to around $100. Let’s Encrypt even offers free DV certificates.
Informational and content-based websites like blogs and personal websites that do not handle sensitive data can use a DV SSL.
Organization Validated Certificates (OV SSL)
OV SSLs also require an organization to verify its domain and identity before the certificate is issued. It has a high level of assurance and protects data similar to an EV SSL, but the padlock in the address bar is still gray. An OV SSL doesn’t “look” much different than a DV SSL unless a visitor clicks and views the certificate details, which makes it a less popular certificate type. Pricing starts around $20 a year and can go up to more than $1,000 depending on features.
Any business that collects and transmits personal or financial information needs at least an OV SSL to protect data; an EV SSL is recommended when credibility and consumer trust is a concern.
Extended Validation Certificates (EV SSL)
The highest level and most expensive certificate, EV SSLs require websites to undergo an extensive validation process to authenticate the organization’s ownership and information. With an EV SSL, the padlock is green and the business name and country are also displayed in the address bar to help visitors discern the website from imposters. EV SSL is primarily used to validate a business’s credibility and instill trust with consumers. The cost varies depending on the number of domains to secure and level of encryption needed. Prices start around $100 a year and go up to more than $2,000.
E-commerce websites, banking websites, and any other sites that collect and transmit personal or financial data need an EV SSL.
Wildcard & Multi-Domain SSL Certificates
Wildcard SSL certificates allow you to secure your primary domain as well as an unlimited number of sub-domains. Likewise, a multi-domain certificate allows you to secure multiple domains and sub-domains that you own under one certificate. Wildcard SSLs pricing starts around $50 and goes up to more than $3,000. Multi-domain pricing is similar, but the low end starts around $100.
Not Sure Which Is Right For You? Let Us Help!
When you start researching SSLs, it can feel overwhelming. There are many CAs to choose from, and countless levels of security and features within each type of SSL certificate. We get it—it can be confusing! At PixelPeople, we know how to help our clients choose the best SSL for their online security needs and budget. Need help? We’d love to hear from you!