SSL offers a domain validation, this is the lowest level of guarantee that certificate authorities offer for SSL certificates. Certification authorities only verify whether the domain is actually owned by the entity requesting the certificate and request that the web page administrator approve that request. This verification process is often automated and takes anywhere from 10 minutes to a few hours.
The web administrator to carry out this validation process can choose between two options:
- Use a email-based verification which consists of sending a verification link via email to the official email listed in the WHOIS record.
- use a file based authentication in which the certification authorities send a file that must be downloaded to a specific folder on our server. The file is then uploaded, the verification process is complete, and the CA approves that SSL certificate.
In the case of the popular Let’s Encrypt CA, we have several additional validation methods, such as HTTP validation, TLS validation, and also DNS-level validation to issue a domain-wide wildcard certificate. This process is automatic for HTTP and TLS validation, it is only necessary that our website is accessible through ports 80 and 443, in the case of DNS validation it is necessary to give access to the Let’s Encrypt software with a token from the domain, to create a TXT record and verify that we are really the owners of said domain.
Protection icons and indicators
SSL certificates, to improve the trust and privacy of the user when browsing the web page or blog, have visible protection indicators, such as dynamic trust seals and padlocks. On the one hand, we have SSL certificates such as EV (Extended Validation) and OV (Organizational Validation) that provide us with one or more of these visible signs of trust and protection. On the other hand, we have the standard SSL certificates that give us very basic indications.
If a web page uses a standard certificate we will see the HTTPS and the gray padlock in the address bar. Also, if we click on that padlock we will see that we only have the domain ownership details available. These DV certificates do not verify if the entity is legitimate, unlike the EV and OV certificates. For that reason, a user cannot verify 100% whether they are on a legitimate website or on a phishing page created by a cyber criminal.
Technology, warranty and prices
The Certificate Authorities (CAs) in a standard SSL certificate use similar technologies as other advanced certificates. Thus they include the latest SHA2-256 algorithm and 2048-bit RSA signature key. In addition, it should be noted that they are usually compatible with all modern devices and browsers.
Regarding the price of SSL certificates, the price will depend on the expiration time of this SSL certificate and also on the type of SSL certificate that we are going to buy. In the case of Comodo, one of the largest Certification Authorities worldwide, the price of a DV (Domain Validation) certificate is from 78 dollars per year, if we want it OV (Organization Validation) the price is from 165 dollars per year, finally if we want it EV (Extended Validation) the price is from 204 dollars per year. In this case of Comodo, if we also want multiple domains, the price starts at $295. Finally, if we want a wildcard certificate that is the most expensive, the price is from 366 dollars per year. All these prices are taking into account that we are going to be with them for 6 years (annual renewal of the certificates), because if we contract only one year the price is clearly higher.
You may be interested in knowing what the differences are between SSL, TLS and HTTPS.
In the case of the Let’s Encrypt Certification Authority, we also have the possibility of obtaining a certificate for each domain or subdomain, and even a wildcard certificate, and always totally free, with a mandatory renewal every 90 days.
What type of SSL should I choose?
We must choose the type of SSL certificate taking into account our needs. If we want a basic SSL certificate to protect a website, blog, a personal website or a test domain, it is more than enough to provide security and privacy to communications, while being able to verify that they are on the correct website and not is having a seizure. One of the best Certification Authorities in this case is Let’s Encrypt, a CA recognized by all browsers that works really well, although in this case, you must renew the digital certificates every 90 days, however, Let’s Encrypt itself provides tools to automate the obtaining of new certificates, so you should not be aware of when they are going to be renewed, it is not necessary to do so because it is a transparent process.
If our website is going to collect sensitive information, we have many domains and subdomains, and we want an EV or wildcard type certificate, then maybe you should choose this type of SSL certificate instead of a normal certificate. Important entities such as banks, governments and other organizations often use this type of SSL certificates to show that we are within the correct organization, it is still an additional feature to provide peace of mind to the user, indicating that they are on the official website of the organization .
However, for the web browser, both certificates will be perfectly valid and we will not have any security warning.