SSL Certificate Types
There are several types of SSL Certificates. This article quickly explains the differences between the various types you may want to use to secure your Joomla website.
All SSL certificates do one basic job, which is allowing you to use the HTTPS protocol on your website and encrypt data and traffic between your Joomla Website and your client's browser.
The process is reasonably simple... despite there being a huge number of different SSL certificate configurations available from hundreds of vendors.
The primary differences that will influence the SSL you chose, comes down to 3 things:
- The level of validation your website requires.
- The number of domains that you wish to have covered by the SSL.
- The reputation, installation and ongoing support offered by your certificate provider.
1. Level of Validation
One of the jobs that your SSL certificate does for you is to reassure your website visitors that you are who you say you are and that you are a legitimate organisation. Not a small concern in a world of phishing and ecommerce scams. The cost of your certificate is directly related to how much work the certificate issuer has to do to verify who you are. There are 3 major levels of validation:
- Domain Validated: Your organisation is validated by validating the details of the domain owner. i.e. that the owner of the certificate is the owner of the domain. A single domain name validated certificate can be usually issued quickly and is the lowest cost to you. It also has the lowest credibility of all the certificate types.
- Organisation Validated (OV): Same as domain validated but with additional online processes that validate your organisation's identity. Single name OV certificates can take a few hours to a few days to be issued. However they offer a good balance between cost and credibility.
- Extended Validation (EV): Same as an OV however there are additional real world validation processes to confirm that you are who you say you are. Single Name EV certificates can take several days to be issued due to the necessity of real world communications. They are more expensive and give your customers full satisfaction that you a current operational organisation.
You should match up your need for credibility and security based on your real world credentials. The nature of your online presence and what you do will help determine the importance placed on validation. A online fishing shop selling lure might be happy to go with a domain validated certificate however an online financial consultant might get more value out of the reputation offered by an EV certificate.
2. Number of Domains
All the certificates discussed so far are only able to provide SSL security for a single domain name. However another aspect for consideration is whether you need to secure a number of domains or a number of sub domains.
For example: if you have a number of sub domains under the one primary domain such as sub.mydomain.com or sub1.mydomain.com, as well as your primary website domain, mydomain.com, then you will need Wild Card Certificate.
If you wish to secure multiple different primary domain names on one server using a single certificate, for example mydomain.com, myotherdomain.com and mythirddomain.com, then you will a multidomain certificate.
3. Reputation and support
Finally, your certificate provider is part of your consideration when choosing the right type of SSL certificate. There are many highly reputable providers out there Comodo, GeoTrust, Thawte and RapidSSL to name just a few. The price of your certificate may vary significantly between providers often for very little difference in the end product. Your choice will come down to your acceptance that your certificate provider offers you a good reputation and level of confidence that will translate to your customer's perception. Additionally it will be important to you what level of support your provider offers in terms of installation, speed of issuance and any tools required to assist with renewals.
Most hosting companies offer a large array of SSL products so talk to them first about what you might need in respect to your business. Often purchasing an SSL form your hosting company will also include installation and testing of your certificate as well, either as part of the SSL cost or as a separate fee.
Summary
In short: Choose the level of validation based on your budget and desired level of reputation and then decide if you need a single name, wildcard or multidomain certificates. Use you hosting company to support your install and purchase it from a reputable certificate issuing company.
