A website secured with an SSL certificate lets visitors know that it’s safe. It also wins the approval of search engines, confirming that your site is safe for browsing. Hence, you must get a valid SSL certificate for your website.

Short for Secure Sockets Layer, SSL is a security protocol that authenticates and encrypts data over network connections between a web server and a web browser. An SSL certificate secures the connection between your site and your visitors from malicious parties.

SSL certificates come in different types, validation levels, and price tags. But which SSL is best for your website and business? In this guide, we’ve done a deep dive into the different types of SSL certificates to help you make the right decision.

Read on!

Check Out Our Video Guide to Choosing the Right SSL Certificate for Your Site

When and Why You Need an SSL Certificate

Whether you run an ecommerce store or a blog, SSL has become as crucial for websites as wearing a seatbelt before driving.

Here are the three main reasons why you need an SSL certificate for your website:

1. Data Protection and Visitor Trust

The primary purpose of an SSL certificate is to ensure that the data exchanged between the user and the webserver is encrypted and protected from cyber threats like hackers, phishing, and identity theft.

You don’t want your visitors to get the “your connection is not private” warning when they visit your website. A valid SSL certificate will help you avoid such errors.

At its core, SSL is an indicator to your visitors that they can safely share sensitive information such as credit card numbers, IDs, email addresses, and passwords on your website. Therefore, SSL strengthens the trust between you and your customers/visitors.

2. Authentication and Integrity

When you visit a website, how will you make sure that it’s the right one and not a spoof to steal your information? Identity verification is essential when it comes to web security, and this is where SSL comes in. SSL/TLS verifies the authenticity of the web server’s identity.

To install an SSL certificate, you must go through an identity verification process. In other words, SSL is proof that your website is indeed your site and not a spoof or a fake of your company, making it an effective barrier against phishing sites. See how you can verify your SSL certificate.

Data integrity is another critical benefit of SSL/TLS. Using a message authentication code (MAC), SSL/TLS that the data transmitted isn’t lost or changed in any way. The messages sent are received as they are.

To know more, learn our article explaining the difference between SSL and TLS.

3. Improves Search Engine Ranking

To make web browsing a safer place for all, search engines like Google have cracked down on insecure websites and have made it clear that they prefer SSL encrypted sites — HTTPS instead of HTTP. SSL turns Hypertext Transfer Protocol (HTTP) to Hypertext Transfer Protocol Secure (HTTPS).

SSL is now an SEO ranking signal. So, if you want your site to be on Google’s first page, having a valid SSL certificate is one of the must-haves.

How SSL Certificates Work

We have established that SSL encrypts and secures the connection between the hosting server and your visitor’s application (web browser or app).

An illustration of how SSL certificates work.
How SSL certificates work. (Source: Entrust)

If you’re curious to know how this works, we’ll explore an example.

Let’s take your website, for instance, assuming that it’s secured with an SSL certificate. When a person uses a web browser to visit your website, their browser will request your website’s hosting server to identify itself.

The server will respond by sending the browser a copy of its SSL certificate. The browser will also do some validation checks to verify that the SSL certificate is trusted and sends a signal to the server.

In return, the server will digitally respond in acknowledgment to begin an SSL encrypted session between your website and the visitor’s browser.

Types of SSL Certificates

There are two different categories in differentiating the types of SSL certificates — the number of domains and subdomains, and the level of validation of the certificate. As such, there are four different SSL certificate types:

Single-Domain SSL Certificates

As the name suggests, this type of certificate secures a single domain and all the pages on that domain. However, it won’t secure any associated subdomains.

For example, if you have an SSL certificate for the domain kinsta.com, it’ll also cover all the pages related to this domain, such as kinsta.com/knowledgebase/. But it won’t cover any subdomains such as my.kinsta.com.

Wildcard SSL Certificates

Like the single-domain SSL certificate, the Wildcard SSL certificate only secures a single domain. However, it also covers any subdomains (unlimited number of subdomains) relating to that single domain. A single Wildcard SSL certificate protects them all.

Multi-Domain SSL Certificates

This certificate’s purpose is the complete opposite of the Wildcard SSL certificate as it secures multiple domains, but doesn’t secure any related subdomains. It is also known as Subject Alternative Name (SAN) and Unified Communication Certificate (UCC).

Multi-Domain Wildcard SSL Certificates

The multi-domain Wildcard SSL certificate combines the features of both the multi-domain and the Wildcard SSL certificates. In other words, with a single certificate, you’re able to secure multiple domains as well as all their related subdomains.

SSL Validation Levels

SSL certificate validation level is assigned by the certificate authorities (CA) that validate your business authenticity before issuing you the SSL certificate.

There are three different validation levels for SSL certificates:

Domain Validation (DV) SSL Certificates

DV is the simplest form of SSL certificate validation and only applies to domain ownership verification. It’s usually done through email verification and doesn’t require any further investigations from the CA. It’s also the cheapest and fastest way to acquire an SSL certificate.

Organization Validation (OV) SSL Certificates

OV is the next level up when it comes to validation. In addition to validating your domain, the CA also verifies your business by directly contacting you or your business. The CA verifies that you own the domain and that it’s for a legally registered business. These certificates are considered very reliable.

Extended Validation (EV) SSL Certificates

EV is typical among business websites and offers the highest level of trust and reliability. It involves a full background check of your business. Acquiring this certificate involves a strict vetting process by the CA.

On some browsers, the business names with EV SSL certificates are displayed prominently. They’ll be shown in green beside the domain name when accessing their website.

SSL Certificate Type Validation Level
Single-domain DV or OV
Wildcard DV or OV
Multi-domain EV
Multi-domain Wildcard EV

Benefits and Drawbacks to Different SSL Certificates

In terms of security, guarding your website with an SSL certificate doesn’t carry any disadvantages. However, each type of certificate has its strengths and weaknesses, making each one suitable for a different purpose or needs.

Let’s look at the advantages and disadvantages of the different SSL certificates that we discussed above.

Starting with the single-domain SSL certificate, the most significant advantage is that it’s the most affordable certificate type and covers all the pages related to the domain. The only setback is that it doesn’t secure any subdomains.

A Wildcard SSL certificate is more expensive, but it covers a single domain, all its related pages, and an unlimited number of subdomains at the first level. Unfortunately, it doesn’t cover any subdomains at the second level.

Multi-domain SSL certificates cover multiple domains at the same time. Even though they seem expensive, you only acquire one that covers all your domains instead of obtaining an SSL certificate for each domain, making it more cost-effective.

Having the advantage of both types, the multi-domain Wildcard SSL Certificate covers up to 100 domains and unlimited subdomains at the first level. Its only disadvantage is its high price tag. However, like the multi-domain SSL certificate, Wildcard SSL is very cost-effective for large websites or businesses.

How to Pick the Right SSL Certificate

As shown, SSL certificates come in different flavors. If you want your website to look legit and be trusted by your visitors, but not sure which SSL certificate will meet your needs, we’ll help you make the right choice.

  • For a small or personal website with a single domain, then the single-domain SSL certificate is more suitable for you as it’s affordable and does the job.
  • If your business website has a single domain, but multiple subdomains, then the Wildcard SSL certificate is the way to go and will be much cheaper than acquiring a separate SSL certificate for each subdomain.
  • For larger websites or businesses with more than one domain (e.g. a company that owns multiple brands, each with its own domain), the multi-domain SSL certificate is a wise choice. It will cover all your domains and surely be cheaper than getting an SSL certificate for each domain.
  • If your organization wants to save both time and money, the multi-domain Wildcard SSL is ideal for securing multiple domains as well as an unlimited number of subdomains.

For easy reference, here’s a quick table outlining the benefits of each SSL certificate type:

SSL Certificate Affordability Advantages Disadvantages Best for
Single-Domain Cheapest and most affordable Affordability for securing a single domain Doesn’t secure subdomains  Small website with a single domain
Wildcard More expensive than single-domain SSL, but more cost-efficient Secures unlimited subdomains at the first level It covers only one subdomain level  Small to medium websites with a single domain and multiple subdomains
Multi-Domain Expensive Secures many domains with a single certificate  Domains must be defined before the issuance of this certificate  Large business websites with more than one domain
Multi-Domain Wildcard Most expensive, but also the most cost-efficient A single certificate secures multiple domains and unlimited subdomains at the first level Expensive and any changes to domains and subdomains will require reissuance of this certificate Large websites/businesses with multiple domains and subdomains

How Visitors Will Know If Your Website Has an SSL Certificate

Your visitors can quickly know if an SSL certificate secures your website or not and whether your SSL certificate is valid or not. We’ll show you how.

Look at the address bar of the Kinsta homepage, and you’ll see a small padlock. It means that our website is SSL secured.

If you’re using the Google Chrome browser, click on the padlock sign and select “Certificate.” You’ll now see all the details you need to know about the SSL certificate installed on our Kinsta website: who issued it, to whom it belongs, and its validity date.

In addition to the small padlock sign, you’ll notice that the URL in the address bar starts with HTTPS (it’s hidden by default on some browsers). HTTPS indicates that the connection on our website is secure and that it has an authorized SSL certificate.

Location of HTTPS in the browser address bar.
Location of HTTPS in the browser address bar.

Did you install an SSL certificate on your website but have visitors running into a NET::ERR_CERT_AUTHORITY_INVALID error? No need to panic — check out this detailed tutorial to learn how to fix this error.

Cost of SSL Certificates

The cost of SSL certificates varies from free to chewing a hole in your wallet depending on the type of certificate, validation level, and where you’re purchasing it from (e.g. Comodo, VeriSign, GeoTrust, etc.).

All WordPress sites hosted at Kinsta are protected by our Cloudflare integration, which includes free SSL certificates with wildcard support.

When investing in a premium or paid SSL certificate, the cost of DV and single-domain SSL certificates is the most affordable.

As your business demand grows and you take higher steps up the SSL ladder, you’ll find that Wildcard SSL certificates come at a higher cost. In contrast, OV and EV SSL certificates are the most expensive and provide the highest encryption for organizations and enterprises.

Summary

SSL certificates are widely adopted by almost every website to guarantee a secure internet connection. And with the increase in cyber threats, it’s no wonder then that it’s enforced strictly by popular search engines.

You now have a clear idea about the different types of SSL certificates and their various validation levels. We hope that it helps you choose the most suitable SSL certificate for your website.

After securing your website with an SSL certificate, please perform an SSL check to verify that everything works correctly. Moving from HTTP to HTTPS requires many changes, so please also read our HTTP to HTTPS migration guide.

Do you have any questions about choosing the right SSL certificate? Let us know in the comments section!

Salman Ravoof

Salman Ravoof is a self-taught web developer, writer, creator, and a huge admirer of Free and Open Source Software (FOSS). Besides tech, he's excited by science, philosophy, photography, arts, cats, and food. Learn more about him on his website, and connect with Salman on Twitter.