In the previous article "Detailed explanation of SSL (2): the benefits of SSL certificates to websites" , we know that after deploying an SSL certificate on a website, it can bring many benefits to the website itself and to the users of the website. With the popularity of HTTPS, various SSL certificates have appeared on the market. And due to the diversity of SSL certificates, many people are very confused about how to choose an SSL certificate. Therefore, this article will provide reasonable suggestions from three aspects: certificate security level, number of domain names, and user types. First, let's understand the types of SSL certificates.
There are various types of SSL certificates on the market at present. SSL certificates can be classified according to the following three ways:
- Certificate brand
- Security Level
- Number of domain names
Certificate brand
The SSL certificate is issued by a CA authority trusted by the browser after verifying the website information, so the brands of SSL certificates vary according to the CA authority. At present, the more mainstream SSL certificate brands abroad are GeoTrust, DigiCert, Globalsign, Let's Encrypt, etc., and the more well-known ones in China are CFCA certificates.
DigiCert
As the world's leading digital certificate provider, DigiCert provides high-quality certificate services to customers around the world. A trusted partner of many of the world's top companies, providing trusted SSL certificates for emerging IoT markets.
GeoTrust
GeoTrust is the world's second largest digital certificate provider and a leader in the field of identity authentication and trust authentication. The company's various advanced technologies enable organizations and companies of any size to deploy SSL digital certificates securely and at low cost. identity authentication.
Globalsign
GlobalSign is a reputable and trusted CA center and SSL digital certificate provider. It has issued more than 20 million digital certificates worldwide; its professional strength is favored by many servers, domain name registrars, and system service providers in the Chinese market. Become a partner of its digital certificate service.
Security Level
The types of SSL certificates also vary by the level of verification, the degree to which the CA checks the legitimacy of the person or company that owns the website. The security level of the SSL certificate is mainly affected by the verification level of the SSL certificate. The higher the verification level, the higher the security level.
According to the security level of the certificate, it can be divided into three types: domain name type, enterprise type and enhanced type , which we usually call DV, OV and EV certificates.
Domain Name (DV) SSL Certificate
DV is the simplest form of SSL certificate verification and is only suitable for domain ownership verification. It is usually done via email verification and does not require any further investigation by the CA. It's also the cheapest and fastest way to get an SSL certificate. That is, the certificate issuing authority only checks the owner of the domain name online, usually to verify the content of a specified file under the domain name, or to verify a certain TXT record related to the domain name.
The certificate only contains domain name information, in the form of a security lock + https displayed in the address bar; generally, the domain name verification and certificate issuance are completed in about 10 minutes.
Enterprise (OV) SSL Certificate
OV is the official registration certificate for the buyer to submit organizational information and unit authorization letter. To obtain the OV certificate, the registrant usually needs to provide the CA with documents proving its company name, physical address, telephone number and legal status. Before issuing an SSL certificate, the certificate authority must not only verify the ownership of the domain name, but also verify the authenticity and legality of these materials. Only those who pass the verification can issue the SSL certificate.
The certificate contains enterprise details in the form of a security lock + https in the address bar; it is generally issued within 1 to 3 working days.
Enhanced (EV) SSL Certificate
Like other SSL certificates, EV certificates are based on the SSL/TLS security protocol, but the verification process is more specific and detailed. It focuses on deploying websites with website security and brand credible image, involving transaction payment, transmission of customer privacy information and account passwords. The difference between EV certificates and ordinary SSL certificates is also obvious. The address bar of the secure browser turns green. If it is an untrusted SSL certificate, it will refuse to display it. If it is a phishing website, the address bar will turn red to warn the user.
The certificate not only contains company details, but also shows the company name + security lock + https in the green address bar; it is generally issued within 2 to 5 working days.
In addition to the above types, Paiyun also supports the professional version of OV and EV SSL certificates. The algorithm and security strength have been further upgraded to be more professional and secure.
After understanding the security level of SSL certificates, let's see how to choose a certificate based on the number of domain names.
Number of domain names
SSL certificates are distinguished by the number of domain names, and there are three different types:
- Single Domain SSL Certificate
- Multi-domain SSL certificate
- PAN Domain SSL Certificate
SSL certificates support different functions according to different types. As the name implies, a single domain name certificate refers to the protection of a single domain name, while a multi-domain name certificate and a pan-domain name certificate refer to the protection of multiple domain names; however, there are differences between them, as shown in the following figure:
After understanding the types of SSL certificates, we can choose the appropriate certificate for the website according to different types.
Choose according to user type
personal user
For individual users, if there is no strong encryption requirement, you can choose a paid/free DV certificate, which is easy to verify and cheap; and a free DV certificate can save a lot of money for services such as personal blogs, small and micro enterprises, and API services. , sufficient for basic encryption requirements.
Business users
For enterprise users, you can choose OV SSL certificate and EV SSL certificate, both of which can verify the real identity of the enterprise, making the enterprise more trustworthy. EV SSL certificate is currently the type with the highest level of verification, which can be used to highlight the brand image and create a more reliable image for consumers.
Before a website chooses to buy an SSL certificate, it is also necessary to determine the number of SSL certificate domain names, and select the one that is applicable to the website. For example, a website with subdomains should choose a pan-domain certificate, and a website with multiple domain names should choose a multi-domain certificate. And it is also very important to choose a suitable SSL brand for the website. Only an authoritative and reliable SSL certificate can provide effective encryption protection for the website.
Paiyun and TrustAsia have reached strategic cooperation with well-known brands such as DigiCert, GeoTrust, and GlobalSign, and launched various domain-based DV SSL, enterprise-based OV SSL, and enhanced EV SSL certificates to meet the needs of any HTTPS application scenario.
It is currently the summer limited event of the cloud SSL certificate. During the event period from August 9th to September 30th, 2022, the SSL certificate will be discounted by 50%! At the same time, Paiyun also supports the quick purchase of SSL certificates, and the certificate issuance only takes 3 to 5 working days! Participate in the purchase of AirPods three generations, Xiaomi mobile phones, MacBooks and other gifts.
Among them, Paiyun provides free application for two DV SSL certificates issued by Let's Encrypt and TrustAsia. Users can make multiple choices according to their own situation. If you encounter problems when deploying the certificate, please feel free to contact us~
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。