An SSL certificate is a kind of website ID obtained through an official certification authority or CA. The CA’s responsibilities include confirming the certificate’s identity as well as vouching for its authenticity. SSL certificates are deposited on the server and accessed whenever a website with HTTPS is visited. There are different kinds of server certificates that vary in their identification:
- Certificates verified by domain validation (DV) – free and paid
These certificates have the lowest authentication level. For this measure, CA only checks whether the applicant owns the domain for which the certificate is to be issued. Company information is not checked during this process, which is why some residual risk remains with domain validations. Because there is only one factor that needs to be verified, certificates are normally set up quickly by the CA, making it the least expensive of the three SSL certificate types. Often, these are entirely free (Let’s Encrypt).
Certificates with domain validations are best suited to websites that rely less on their security reputations and are known for being free of fraudsters or phishing schemers.
- Certificates verified by organization validation (OV) – paid
This kind of validation provides more comprehensive authentication. In addition to domain ownership, the CA examines relevant information, such as company filings. Information that has been vetted by the CA is accessible to website visitors, which boosts the site’s transparency. The somewhat demanding nature of this certificate means that it can take longer and be more expensive to issue this kind of SSL certificate. What users gain, however, is a higher level of security.
This certificate is best suited to websites where low-level security transactions take place.
- Certificate verified by extended validation (EV) – paid
This certificate has the highest and most extensive authentication level. In contrast to certificates verified by organization validation, this process requires company information to be even more thoroughly scrutinized. What’s more, this certificate is only issued by CAs authorized to do so. This exhaustive review of the company achieves the highest security level of any certificate and additionally increases the website’s credibility. Following this, this certificate is also the most cost-intensive of the three.
This certificate is ideal for websites that deal with credit card information or other sensitive data.
The following infographic may help you to assess which SSL/TLS certificate you need: