What you should keep in mind to choose an SSL certificate for your website

Today one of the activities we do the most is surfing the Internet. One of the things that we should not give up is that those web pages that we visit have SSL certificates. This goes a long way to encrypt communications, strengthen user security and privacy, and improve search rankings. However, if we have to buy an SSL digital certificate, we have to consider its characteristics and evaluate its strengths and weaknesses. If we do not do so, it can be negative for our website or blog. In this article we are going to talk about what you should take into account when choosing an SSL certificate.

choose an SSL certificate for your website

Characteristics of an SSL certificate

SSL certificates are a type of certificate issued by certification authorities or CA , which guarantees that the digital certificate is valid and has not been revoked or expired. When we enter a website with a digital certificate that is not valid, the web browser will inform us that it is possible that they are carrying out an attack on us, and that it is not recommended to continue to the web page. You may be interested in learning more about what SSL TLS certificates are and what they are for.

When choosing an SSL certificate for our website or blog we must take into account some points in your choice and that we mention below.

validation

SSL offers domain validation , which is the lowest level of guarantee that certificate authorities offer for SSL certificates. Certification authorities only verify whether the domain is actually owned by the entity requesting the certificate and request that the web page administrator approve that request. This verification process is often automated and takes anywhere from 10 minutes to a few hours.

The web administrator to carry out this validation process can choose between two options:

  1. Use an email-based verification that consists of sending a verification link via email to the official email listed in the WHOIS record.
  2. Employ file-based authentication where certificate authorities submit a file to be downloaded to a specific folder on our server. The file is then uploaded, the verification process is complete, and the CA approves that SSL certificate.

In the case of the popular Let’s Encrypt CA, we have several additional validation methods, such as HTTP validation, TLS validation, and also DNS-level validation to issue a domain-wide wildcard certificate. This process is automatic for HTTP and TLS validation, it is only necessary that our website is accessible through ports 80 and 443, in the case of DNS validation it is necessary to give access to the Let’s Encrypt software with a token from the domain, to create a TXT record and verify that we are really the owners of said domain.

Protection icons and indicators

SSL certificates, to improve the trust and privacy of the user when browsing the web page or blog, have visible protection indicators, such as dynamic trust seals and padlocks. On the one hand, we have SSL certificates such as EV (Extended Validation) and OV (Organizational Validation) that provide us with one or more of these visible signs of trust and protection. On the other hand, we have the standard SSL certificates that give us very basic indications.

If a web page uses a standard certificate we will see the HTTPS and the gray padlock in the address bar. Also, if we click on that padlock we will see that we only have the domain ownership details available. These DV certificates do not verify if the entity is legitimate, unlike the EV and OV certificates. For that reason, a user cannot verify 100% whether they are on a legitimate website or on a phishing page created by a cyber criminal.

Technology, warranty and prices

The Certificate Authorities (CAs) in a standard SSL certificate use similar technologies as other advanced certificates. Thus they include the latest SHA2-256 algorithm and 2048-bit RSA signature key. In addition, it should be noted that they are usually compatible with all modern devices and browsers.

Regarding the price of SSL certificates, the price will depend on the expiration time of this SSL certificate and also on the type of SSL certificate that we are going to buy. In the case of Comodo, one of the largest Certification Authorities worldwide, the price of a DV (Domain Validation) certificate is from 78 dollars per year, if we want it OV (Organization Validation) the price is from 165 dollars per year, finally if we want it EV (Extended Validation) the price is from 204 dollars per year. In this case of Comodo, if we also want multiple domains, the price starts at $295. Finally, if we want a wildcard certificate that is the most expensive, the price is from 366 dollars per year. All these prices are taking into account that we are going to be with them for 6 years (annual renewal of the certificates), because if we contract only one year the price is clearly higher.

You may be interested in knowing what the differences are between SSL, TLS and HTTPS.

In the case of the Let’s Encrypt Certification Authority, we also have the possibility of obtaining a certificate for each domain or subdomain, and even a wildcard certificate, and always totally free, with a mandatory renewal every 90 days.

What type of SSL should I choose?

We must choose the type of SSL certificate taking into account our needs. If we want a basic SSL certificate to protect a website, blog, a personal website or a test domain, it is more than enough to provide security and privacy to communications, while being able to verify that they are on the correct website and not is having a seizure. One of the best Certification Authorities in this case is Let’s Encrypt, a CA recognized by all browsers that works really well, although in this case, you must renew the digital certificates every 90 days, however, Let’s Encrypt itself provides tools to automate the obtaining of new certificates, so you should not be aware of when they are going to be renewed, it is not necessary to do so because it is a transparent process.

If our website is going to collect sensitive information, we have many domains and subdomains, and we want an EV or wildcard type certificate, then maybe you should choose this type of SSL certificate instead of a normal certificate. Important entities such as banks, governments and other organizations often use this type of SSL certificates to show that we are within the correct organization, it is still an additional feature to provide peace of mind to the user, indicating that they are on the official website of the organization .

However, for the web browser, both certificates will be perfectly valid and we will not have any security warning.