Provision of SSL Certificates
SSL 驗證的三種主要類型是:
– 組織驗證證書 (OV SSL)
– 擴展驗證證書 (EV SSL)
Certificate Type | Domain Validation (DV) SSL Certificate | Organization Validation (OV) SSL Certificate | Extended Validation (EV) SSL Certificate |
---|---|---|---|
Best for | blogs and social websites | businesses and organizations | eCommerce websites |
Proves domain ownership | ✔ | ✔ | ✔ |
Validates organization | ✔ | ✔ | |
Shows business is legitimate | ✔ | ||
Padlock in address bar | ✔ | ✔ | ✔ |
Protects multiple websites (Multi-domain SAN SSL) | ✔ | ✔ | ✔ |
Protects all subdomains (Wildcard SSL) | ✔ | ✔ | |
Security trust seal | ✔ | ✔ | ✔ |
Certificate Plan | Standard SSL | UCC / SAN SSL | Wildcard SSL |
---|---|---|---|
Number of Secured Sites | one website | up to 100 websites | one website and all its sub-domains |
Strong SHA2 & 2048-bit encryption | ✔ | ✔ | ✔ |
Compatible certificate types | DV, OV and EV SSL Certificates | DV, OV and EV SSL Certificates | DV and OV SSL Certificates |
Boosts Google® ranking | ✔ | ✔ | ✔ |
DV SSL
How it’s validated: DV SSL certificates have the lowest level of validation of the three. When issuing DV certs, CAs do not look into information about the identity of a person or company running a website. They simply verify that they have control over the domain that they are looking to get SSL certified.
What it looks like: The web address will feature “https” and the padlock symbol. When you click on the padlock to view the certificate, the information about website ownership will be limited.
Pros: DV SSL certs are issued more quickly than the other options due to the less rigorous verification process, which is generally online and automated. Most of the time it is issued on the same day, often in a few minutes. It is the cheapest option of the three, with some CAs offering them for free. This makes it ideal for smaller websites and blogs.
Cons: As we mentioned before, while the encryption level of a DV SSL is just as effective as the other two, the low level of validation means that website users don’t have much of an idea of who a domain owner actually is. This can impact your site’s trustworthiness and makes it a less than ideal option if you’re running an online store or any kind of site that requires users hand over sensitive information.
OV SSL
How it’s validated: The background checks and verification process are more intensive for OV SSL certificates. CAs verify the individual or business that own the domain and do some minor vetting.
What it looks like: In the browser address bar, an OV SSL cert is signified in much the same way as DV SSL – with the “https” prefix and a padlock. However, when you click on the padlock it will display more information about that company that owns the domain, such as name, address, and country.
Pros: OV SSL certificates are considered more trustworthy than DV SSL since users will know who is behind the website and who they are giving information to. This makes it an ideal option for e-commerce sites.
Cons: OV certs take longer to issue than DV certs. Verification can take several days. However, it’s more than likely worth it for your customers’ peace of mind.
EV SSL
How it’s validated: The highest level of SSL certification you can get, when issuing EV certs, CAs do extensive background checks on the domain owning organization, validating its ownership, legal existence, physical location, and more.
What it looks like: A website with an EV cert will turn part or all of the browser web address bar green. The padlock symbol will also be featured, as well as the organization’s name.
Pros: With an EV SSL cert, the green bar and clearly displayed organization name will show users and customers that they should have no doubts about your site’s trustworthiness and that you run a legitimate business.
Cons: An EV SSL cert is very expensive compared to the other options. The extent of the checks means verification can take several weeks.
Self-signed SSL certificates
Another way to secure your site that isn’t recommended is through a self-signed certificate. A self-signed certificate is basically validated by the website owner rather than a CA. While such an SSL cert will have the same level of encryption as the other options, anyone can create one. For your website users, there will be no trusted third-party verification to the tell them that you are who you say you are. Furthermore, most web browsers display a warning message to users trying to access sites secured with this kind of cert. Unless you’re using it for a website that is strictly private, it is recommended that you go with one of the previously mentioned validation certs.