Determining Which SSL Certificate is best for the Business

3 votes, average: 5.00 out of 53 votes, average: 5.00 out of 53 votes, average: 5.00 out of 53 votes, average: 5.00 out of 53 votes, average: 5.00 out of 5 (3 votes, average: 5.00 out of 5, rated)

You know you need SSL, but what product is the best for you?

It’s 2017 and that means that the browsers are mandating your website migrate to HTTPS. As of the release of Google Chrome version 56, the browsers have begun marking websites served over unsecure HTTP as “Not Secure.”

Running a website that Google has labeled “Not Secure” is like trying to run a restaurant while you have a notice from the city health inspector permanently taped to your front door—it’s not going to do well.

So you need SSL. It’s the smart move for your business web site’s security and you can’t afford to take a hit to your reputation by being given a negative visual indicator from Google or Mozilla. But how do you know what to pick?

Don’t worry, we’re here to help! This is a guide that will take you through all the different things you need to consider before making a purchase. We’re not going to try and sell you anyone certificate, this article is just informational. So relax, read through and by the end, you should have an idea of what to look for.

Which SSL Certificate is Best for Business: What Are You Securing?

The first question you need to ask yourself when you’re considering an SSL certificate is how many domains and sub-domains you need to secure. This is going to help guide everything you do moving forward. Do you just have a single website to secure or does your web presence extend beyond that into multiple domains? Do you have any sub-domains?

There’s an answer for every scenario, it all depends on what you need.

SSL Certificates

Which SSL Certificate is Best for Business: Single Domain SSL Certificates

Let’s say you’re a small company with just a single domain and no sub-domains. You’re going to need to purchase a single domain certificate—that’s most of them. Now you’re going to need to make a determination about what validation level you need.

Here’s something a lot of SSL retailers don’t want to tell you: encryption strength doesn’t vary by validation level. All SSL certificates offer the same level of digital encryption, there are industry-mandated standards. The reason for the different levels of validation is because of some companies what to be authenticated so they can leverage the power of SSL to help assure their customers of their identity.

Remember, the internet is a dangerous place. A lot of hackers and cybercriminals make a lot of money by tricking people online. And they target businesses of all size. According to Symantec, 90% of corporations and 71% of small and medium-sized businesses have been targeted.

SSL can help defend against that via its authentication process. It all depends on how much validation you want. There are three levels:

  • Domain Validation – This is the lowest level of validation, you must simply prove that you own the registered domain. DV SSL is becoming increasingly less trustworthy as free SSL services make it easier for cybercriminals to add DV certificates to their phishing websites. This, in turn, causes the browsers to label the site as “Secure.” It’s a dangerous trend that is becoming more and more common.
  • Organization Validation – This is the intermediate level of validation. The Certificate Authority that issues the SSL certificate will do a light business vetting and make the verified business details available in the SSL certificate details for all to see. The problem with OV SSL is that verified information is hard for users to find and the outward visual indicators are the same as DV.
  • Extended Validation – This is the highest level of validation. It requires a complete business vetting; it will display the company’s name next to the URL in the address bar. EV SSL offers instant assurance of identity. Depending on how important establishing your identity online is, you will need to pick the appropriate validation level.

Depending on how important establishing your identity online is, you will need to pick the appropriate validation level.

Which SSL Certificate is Best for Business: Multi-Domain SSL

Let’s say that you have multiple domains to secure. Never fear, there’s a simple solution: Multi-Domain SSL certificates. These are SSL certificates that make use of the Subject Alternative Name (SAN) field. When you select a Multi-Domain SSL certificate, you list the name of your main website as the Fully Qualified Domain Name in the CSR generation process and then you list each additional site as a SAN.

When the CA issues the certificate all of the listed domains will be covered by it. Multi-Domain SSL is available at all validation levels.

MDC SAN vs Wildcard SSL

Which SSL Certificate is Best for Business: Sub-Domains

Now, let’s say you have a website with sub-domains—don’t worry that’s covered too. In this case, you will need to use a Wildcard SSL certificate. Wildcards are ingenious, they can secure an unlimited number of sub-domains that accompany a domain. When you fill out the CSR, simply use an asterisk in place of the level that the sub-domain resides on (e.g. *

When the CA issues the certificate, all existing sub-domains will be covered. Best of all, if you add a new sub-domain while the SSL certificate is still valid all you have to do is re-issue it and it will cover the new sub-domain too. Unfortunately, Wildcards are not available in EV.

Which SSL Certificate is Best for Business: Multiple Domains and Sub-Domains

There truly is an SSL certificate for every situation. The Multi-Domain Wildcard can secure multiple domains and unlimited sub-domains. It’s all due to the Wildcard SAN field. The Wildcard SAN field functions both ways. List a fully qualified domain name to secure a whole domain, or use an asterisk and secure the domain and all of its sub-domains.

How Easy is That?

Which SSL Certificate is Best for Business: Choosing a CA

So now you know the product type, but what brand do you go with? Well, that all depends on you. Various CAs service to different demographics. If you need a fast, inexpensive solution then RapidSSL is a great choice. If you need more of a business-class product, try GeoTrust. If you’re a small brand looking to leverage the power of an established brand to help pull you up then choose Symantec. And then there’s Comodo, which is a jack of all trades.

The decision depends on you and your business. We’re just trying to make sure you have all the information.

Related Post: