How to choose the right SSL certificate?


The choice of your SSL certificate is important for your visitors: it is a guarantee of confidence, especially if they have to interact with your site by depositing sensitive data (banking data for example). Your brand image immediately gives an image of seriousness and reassures the visitor.
On the other hand, the absence of an SSL certificate has become a real deterrent to customers.
There are several types of certificates, with different levels of security. Here is how to choose the right SSL certificate.

What level of trust do you require?

All SSL certificates provide session security and encrypt all information submitted through the website, but they differ in the amount of information included in the certificate and how it is displayed in browsers.
There are three main trust levels for SSL certificates, from highest to lowest:

  • Extended Validation (EV)
  • Organization Validated (OV)
  • Domain Validated (DV)

When choosing between trust levels, the main question to ask is, “How much trust do you want to convey to your visitors?”

You should also consider the importance of your brand image on the web. Do you want your brand to be clearly presented in the browser address bar or simply included in the certificate itself? Or is linking your brand to your domain not so important to you?

1. Extended Validation (EV) Certificates

EV Certificates contain the largest amount of corporate data. These must meet the highest and most stringent requirements before they receive their certificate.

Historically, they also gave your website more credibility by highlighting your company’s verified identity clearly displaying your company’s name in the address bar with a green background. Now you have to click on the little padlock to see the name of the company running the site.

2. Validated Organization (VO) Certificates

OV certificates also include business authentication, which means that information about your company is included, but unlike EV certificates, this information is not clearly displayed. If a visitor wants to access the information, they must look at the certificate details.

3. Validated Domain (DV) Certificates

DV certificates are the most basic type of SSL certificate, including the least amount of identity information and proving only that the website owner can demonstrate administrative control over the domain. Although DV certificates offer session encryption (so it’s better than nothing), they contain no company information. This means that there is nothing in a DV certificate that proves that the site “company-xyz.com” is actually managed by the company Xyz in question.

For this reason, DV certificates are frankly not for business. Given the number of scam and phishing sites, it is recommended that owners of such sites use SSL certificates that include company identity information (i.e. OV or EV) so that site visitors can see the identity of the domain owner.

How many domains should you protect with this certificate?

One – Use a standard certificate

If you only need to secure one domain (for example, company-xyz.com), then you should purchase a standard certificate. You can choose the level of trust: OV or EV.

Multiple domains

If you want to secure multiple domains (compan-xyz.com, compan-xyz.net) with a single certificate, then you need to purchase a multi-domain certificate. Multi-domain certificates allow you to secure multiple domain names with a single certificate. The domains are listed as “Alternate Subject Names” in the certificate (SAN certificate)

Multiple subdomains

If you want to secure multiple subdomains (e.g. login.compan-xyz.com, payment.compan-xyz.com) with a single certificate, you can use either a wildcard or a multi-domain. The choice of the most suitable solution depends on the number of subdomains to secure and the desired level of trust.

If you have many subdomains, or plan to add more in the future, you should consider a wildcard certificate because you can secure an unlimited number of sites directly under the domain. Wildcard certificates are in the form of “*.company-xyz.com”, which allows you to secure the examples listed above with a single certificate. Wildcard certificates are supported by both DV and OV certificates, but the EV certificate requirements do not allow the use of wildcard.

If you only have a few subdomains, or if your site contains a different number of nodes (e.g. store.compan-xyz.com, store.us. compan-xyz.com, store.wholesale.compan-xyz.com), you should consider a multi-domain certificate that handles subdomains as they are often cheaper than Wildcards and are better at supporting different levels of subdomains.

Share On Social Media