Global cyber crime costs could reach $ 2 trillion by 2019. That’s up 3X from 2015 (which was only a paltry $ 500 billion by comparison). Then President Obama even urged citizens to use safeguards like two-factor authentication.
Unfortunately, there’s no one-size-fits-all when it comes to SSL certificates. So which should you choose? And why?
Here’s a complete breakdown of the different types of SSL certificates. (With the least amount of technical jargon possible.)
How Do SSL Certificates Work? (And Why Should We Care?)
“In 2014, 47% of American adults had their personal information stolen by hackers — primarily through data breaches at large companies,” according to CBS. Household names like Home Depot, Yahoo, and Chase — the same ones we rely on daily — are among the most targeted.
So it only makes sense that Google’s leading the charge from the front lines. Their new warning for site visitors is the final nail in the HTTP coffin. Because they’re the biggest browser on the market at 57.94%.
For example, SSL certificates have two ‘keys’: one private and one public. The public one encrypts (or locks) a connection, while the private one decrypts (or unlocks) it. Think of it like an extra layer of privacy between your data and the rest of the world. Your messages are safe because a hacker would need both randomly-generated keys.
Take coffee shops. Airports or hotels even. Public WiFi networks like these, as a general rule, aren’t very secure. They’re the perfect target for man-in-the-middle attacks. Someone slides between your device and their server. You might see one number on the screen while your bank receives another.
SSL certificates are one of the best ways to keep data secure. Here’s why you should care, even if you may not take personal information, like credit cards.
Instead of your visitors now seeing this nice, happy little strip of green…
… they’re met with this ominous warning signal:
In other words, they’re warned not to do business with you. Not to enter their email in your Quote Request form. And definitely not to enter their credit card on your product cart page. All those lead gen tips, tricks, and tactics are in vain when Google is telling someone not to enter your site.
Visitors can also dive deep and get details on what your site is requesting as well. For example, here’s what you see when visiting XMind’s homepage:
That ain’t good.
The last thing you need is a spooked prospect. That’s what happens when their browser tells them not to give you their email. Or enter their credit card.
That’s it. You’re convinced. Adding an SSL is the only obvious choice. You visit the local domain registrar. Pull up their SSL certificate page, and met by… multiple SSL certificate types?
So… what are your options? Which should you choose and why?
How the Different Types of SSL Certificates Stack Up
All SSL types use the same standard encryption methods. So one isn’t ‘more secure’ than the other. Each option has their own requirements and distinct characteristics.
Here’s a breakdown of the five major options you can choose from.
Option #1. Single Domain
Single domain (or single-name) SSL certificates protect a single domain. (Exactly what they sound like.)
That means it’ll work well if you’re setting it up on “www.whypugsrock.com”. But not for any subdomains on that site. (So “wrinkles.whypugsrock.com” and any other variation isn’t covered).
Single domain SSL certificates are perfect for simple and straightforward content-based sites. That includes most B2B sites. Or e-commerce ones where all transactions occur on a single domain.
“Domain-validated” certificates mean that someone has authenticated domain ownership. (Usually through clicking a link on an email or updating a DNS record.)
Option #2. Multi-Domain (SAN)
Multi-domain SSL certificates are also what they sound like.
Multi-domain SSL certificates are also referred to as “SAN” (for Subject Alternative Names). That means they’ll cover similar domains like “pugQ&A.com” (so you can read and respond to the mountain of pug fan mail). It will also cover “puglovers.com” (for my yet-to-be-created internet dating site for pug owners. UGC SEO FTW!).
One multi-domain SSL certificate is all it takes to cover a suite of sites. So they provide flexibility for covering sites that might go away or not yet exist. Your registrar (and their certificate of authority) will provide a limit on the number of sites included (which can be anywhere from 100 – 200+).
Options #3. Wildcard
Wildcard SSL certificates cover all subdomains on a single root domain or host name.
Think: “mail.whypugsrock.com”, “login.whypugsrock.com”, or “shop.whypugsrock.com”.
This scenario would be useful for sites like XMind (pictured above). It uses an unsecure, content-driven ‘marketing’ site on the primary domain (shame). But then thankfully runs all purchase-related stuff through a secure subdomain (phew).
A single wildcard SSL certificate would simplify that mess. It will protect the main site. And unlimited-ish (check with your registrar) subdomains under it through a single payment and setup.
Option #4. Organization
Organization SSL certificates authenticate a company’s identity and information, like the company’s primary address, etc. It’s similar to the first option discussed (single domain) but meant for more content-based sites that don’t need to secure an e-commerce or payments component.
Beyond validating domain ownership, you’d also need to confirm and authenticate the other organization-related details as well (so there’s a little more red tape required for the lengthy process).
Okay. Enough marketing speak. What’s the difference between this one and the first option? Eh, very little. So it may or may not be worth the extra headache.
Option #5. Extended
Extended SSL certificates are touted as the “most secure” option on planet Earth (OK, I added that last part for dramatic effect).
They do the extra organization validation bit. Verify the domain. Even double check the legal corporation (so expect days to weeks for setup). You’ll also get a green address bar on most modern browsers (the less said about Internet Explorer, the better) for your troubles. In Chrome, you’ll also get the company name like this Twitter example below:
In reality, what you’re paying for here is credibility. Sure, there’s a little extra due diligence. But the secure connection used on your site are that different than any other reputable SSL connection.
How to Setup an SSL Certificate for Free
You can typically buy an SSL certificate from whatever domain registrar or hosting provider you’re using. (Most have affiliations with specific ones… so they can sell it to you).
For example, Let’s Encrypt already works with several hosting providers including:
So if these providers won’t set it up for you automatically, you should be able to do it yourself through cPanel.
Then you should be good to go with a friendly WordPress plugin like Really Simple SSL. (They’ll take care of the heavy lifting thankfully.)
Cyber crime is growing exponentially. Google’s gentle nudging of webmasters (OK – more like a shove) to use HTTPS, despite the initial headache — is ultimately a net positive for all.
Selecting the right SSL certificate type, when you cut through all of the marketing speak, is also pretty easy at the end of the day. In most cases, a simple single-domain one is fine if most of your activity is happening on a single domain.
The multi-domain (SAN) option does just that. It gives you a single certificate to purchase and set up to protect multiple different sites. The Wildcard option is basically a fancy term for saying all subdomains under your main site. Conversely, an Organization type confirms the company as a whole. And the Extended option is like the Rolls Royce of SSL certificates.
Each one differs just a little bit. But at the end of the day, they all assure the (buying) public you are who you say you are. And that their information will be safe and secure while on your website.
In-post Photo: Google.com
Screenshots by Brad Smith. February 2017