SSL, or Secure Sockets Layer, is a cybersecurity tool created to secure internet communication. Information transmitted through an SSL connection is safeguarded by encryption, a process that jumbles the data during transit to prevent theft and tampering. Although all SSL certificates provide the same encryption, the methods of obtaining a certificate vary based on the validation type.
Differences between types:
Domain Validation SSL (DV):
DV SSL certificates are considered low assurance and are the easiest to obtain. The only requirement is confirming ownership of the domain for which the SSL is requested. While this method is secure, if someone gains control over a domain they don't own (e.g., through email, FTP, or DNS access), an SSL could be issued to the wrong person. DV SSLs are suitable for personal users, Facebook apps, or login pages.
Extended Validation SSL (EV):
EV SSL certificates are the most secure in the industry and are highly trusted. To obtain an EV SSL, a company's legal existence, operational history, and physical existence must be verified. The verified details are displayed in the certificate details in the browser's address bar, indicating the business name and legitimacy of existence. EV SSLs are challenging to fake, earning them a "very high assurance" grade.
Organization Validation SSL (OV):
OV SSL certificates also require confirmation of the organization's legal existence. However, the OV validation process involves fewer steps. The person applying for OV on behalf of a company isn't verified, and the legal address isn't confirmed via public sources. The details of a verified company are shown in the certificate details.
Choosing the right SSL:
For businesses, OV and EV SSL certificates are recommended, while DV SSLs are suitable for individuals. EV and OV SSL certificates are especially recommended for ecommerce sites, as instilling confidence in customers and building a trustworthy reputation is crucial for this type of business.
Embracing HTTPS:
It's worth noting that Google rewards all-HTTPS sites by enhancing their search engine ranking. In August 2014, Google announced that using an SSL certificate can positively impact a website's ranking. Additionally, an encrypted connection enhances privacy on the internet.
