Ports Group – English / Blog / SSL/HTTPS School 2 out of 3 – “What types of SSL-certificates are there, and which should we use?”

22, May 2020

SSL/HTTPS School 2 out of 3 – “What types of SSL-certificates are there, and which should we use?”

Websecurity
English
pll_6181523d3fec4
2-en

This is the second out of three posts in our campaign to raise awareness and knowledge about SSL-certificates and HTTPS.

In the first post, we discussed the basics of SSL/HTTPS. Our conclusion was that a using SSL-certificates has gone from being an exception to becoming a rule. Read the first one here.

In this post, we will be giving you the basics of which kinds of certificates there are, and why those differences actually are important.

Different types of SSL-certificates

You usually speak about the three levels of SSL-certificates – DV, OV and EV. However, not having an SSL-certificate is also a state that has to be included in the discussion in order to fully understand the value of using SSL-certificates altogether.

It is important to note that the three different levels of SSL-certificates does not mean that the encryption of the traffic it is intended to protect is any different, what it means is that the validation process of setting up the certificate is different from each level. The higher the level, the more rigorous the validation process has been. At the same time, the higher the level, the more confidence the visitor/user of the certificate gets from the brand.

  1. Having no certificate
    Having no certificate on for example a website, means that the flow of information between the visitor of the site and the web server on which the site is hosted, is totally transparent. A good analogy of not using an SSL-certificate is that it is like putting a letter in the mail using a transparent envelope, enabling everyone to see its content.
  2. Domain Validation (DV)
    This is the lowest of all validations, meaning it is the easiest to obtain. The validation consists of the issuing certificate authority verifying that a contact at the domain in question approves the certificate request. Usually by email, but can also be done via alternate methods. The sole benefits are a speedy validation and a relatively low cost. The drawbacks are a higher risk of phishing and “man in the middle” attacks. Some issuers have gone as far as not issuing DV-certificates, due to a belief that the drawbacks of issuing domain validated certificates far outweigh the benefits.
  3. Organization Validation (OV)
    OV-certificates is the level above DV-certificates. As the name implies, the validation process for an OV-certificate is more rigorous than a DV-certificate and includes verifying the organisation behind the request. This is usually done by first carrying out the steps of DV-validation process, and then adding a vetting of the requesting organisation, beyond the domain in question. This information is then displayed on the certificate, making the ownership of the certificate more transparent and the site more trustworthy.
  4. Extended Validation (EV)
    As the name implies, the validation process for an EV-certificate is the most rigorous of the three. They take a bit longer to issue, but for organisations that want to achieve the highest level of trust possible for their visitors, using an EV-certificate is a must. Most EV certificates also come with bundled additional services such as mal-ware scanning and trust badges. These add-ons can be highly valuable when launching a new brand, site or expanding into a new market, as they add trust from already established and trusted players in the online space. Nowadays you see an icon of a padlock. If a visitor clicks on the padlock, the organisations name and country will be shown as a validation of the EV-certificate in use.

When it comes to which certificate that is most appropriate for your particular needs. One size does NOT fit all (unfortunately). The choice of certificate is dependent on a number of factors. On an external web for example, it might be a good idea to use an SSL-certificate of the highest level, an EV-certificate (Extended Validation), in order to gain the most trustworthiness possible for your site – and your brand. For other purposes, where the encryption itself is the only thing of importance, a lower level of validation might suit your needs. At Ports Group, we have the experience and expertise to guide you in your choice of certificates, and the safe management of your certificate portfolio.

Want to check if you have an SSL-certificate?

We have implemented a free analysis tool named besafe.online. The tool primarily checks your site for an SSL-certificate, but also provides additional information related to the security of a site. For example, if the site has DNSSEC and DMARC implemented.

Click here to get to the tool:

besafe-online

In the next part of the SSL/HTTPS-school

In the next and final post, we will be talking about the perhaps least discussed aspect of SSL-certificates:

"How to safely manage them in order to avoid potentially business critical consequences"

Related reading

Ports Group BRANDIT Metaverse

What is the Future of Trademarks in the Metaverse?

Trademark
English
23, May 2023
Challenges of protecting trademarks within the Metaverse: Increasing wave of trademark requests for virtual goods...
Läs mer
Increased DDoS attacks - how to prevent

Increased DDoS attacks – what can you do to protect your company

Websecurity
English
16, May 2023
Compared to the previous year, the number of DDoS-attacks has grown by 150 % in 2022 on a global basis. And the tr...
Läs mer

SSL/HTTPS School 1 of 3 – “What is SSL/HTTPS anyway?”

SSL/HTTPS School 3 out of 3 – “Safe management of SSL-certificates minimises the risk of business critical consequences”

This website uses cookies

Cookies consist of small text files. They contain data that is stored on your device. To enable us to place certain types of cookies we need to obtain your consent. At Ports Group AB, corp. ID no. , we use the following kinds of cookies. To read more about which cookies we use and storage times, click here to access our cookies policy.

Manage your cookie-settings

Necessary cookies

Necessary cookies are cookies that must be placed for basic functions to work on the website. Basic functions are, for example, cookies which are needed so that you can use menus on the website and navigate on the site.

Functional cookies

Functional cookies need to be placed on the website in order for it to perform as you would expect. For example, so that it recognizes which language you prefer, whether or not you are logged in, to keep the website secure, remember login details or to be able to sort products on the website according to your preferences.

Cookies for statistics

For us to measure your interactions with the website, we place cookies in order to keep statistics. These cookies anonymize personal data.

Cookies for ad-tracking

To enable us to offer better service and experience, we place cookies so that we can provide relevant advertising. Another aim of this processing is to enable us to promote products or services, provide customized offers or provide recommendations based on what you have purchased in the past.
Confirm choices Accept all