If you are in the market to buy an SSL certificate you will find three main categories of SSL certificate regardless of the vendor. These categories identify the type of validation your Certificate Authority (CA) will perform prior to issuing the certificate. More intense the validation is more expensive the certificate becomes. In addition, more expensive certificates also carry a warranty or an insurance that guard against any issues related to the certificate.
Domain Validated (DV) Certificates
DV certificate is the easiest & fastest certificate to obtain. It validates the ownership of your domain name either through an email or through an entry you add to your domain DNS configuration. If the validation is through DNS configuration, the CA asks you to add either a TXT entry or a CNAME entry with a specific ID. Given the minimal validation, DV has a low assurance suitable for a less security concerned web asset like a low traffic blog.
Organization Validated (OV) Certificates
The next level up in the SSL certificates is OV certificate, hence it is more expensive, involves more scrutiny and in return provides more assurance. An OV certificate validates attributes like physical address and telephone number via trusted online source or through legal documents. You may need to provide business registration documents, tax filings, article of incorporation or government issues business licenses. In addition, the CA also carries validations similar to those of DV certificates which involves validating your domain name through a DNS entry or through an email.
Extended Validation (EV) Certificates
EV certificates reside in the apex of certificate hierarchy. The validation process can go into details where the CA can call directors of the company, involves lawyers, check company letterheads, phone numbers, physical addresses and legal document they can get hold to validate the identity and business information. These vigorous requirements are in place to give high assurance to the end customers that the organization is a valid legal entity with proper business presence. These certificates are good for those that handles logins, process payment cards, handles health care or government information. Each of the above 3 categories can be subdivided into three more categories based on the scope they cover.
Single domain certificates
Depending on the CA, this usually covers two domains, pure domain name and a sub domain starting with www. E.g. mydomain.com and http://www.mydomain.comor mydomain.org and http://www.mydomain.org.
Multi domain
This usually covers up to 100 multiple domains and sub domains. E.g. mydomain1.com http://www.mydomain1.com mydomain2.org and http://www.mydomain2.org. When obtaining these certificates, make sure your certificate broker allows creating multiple subdomains under the same domain. Wild Card Certificates
This covers any subdomain of a given domain or a subdomain. E.g. *.mydomain.com, *.docs.mydomian.com. These certificates usually include one primary domain or a subdomain under which you can have multiple sub domains. For example, CAs usually won’t issue a single certificate for *.mydomain.com and *.mydomain.org.
Pingback: Certificate Signing Request (CSR) - Cloudopian