Guide: What Makes the Best SSL Certificate

Guide: What Makes the Best SSL Certificate

Table of Contents

So you need to secure your website. Or, you're just stumbling upon the realization that you need to secure your website. That's cool too. Either way, everyone who knows what they're talking about is saying you need the best SSL certificate.

They're right, by the way – SSL is the backbone of the secure internet.

What is SSL, and why do you need the best certificate you can manage? Keep reading to find out.

What is an SSL Certificate?

An SSL certificate, or a Secure Sockets Layer, is, as you've probably guessed, a certificate.

Not like a sheet of paper with a gold ribbon on it that you got from your school spelling bee.

Don't confuse SSL with SEO or SEM either. It's not the same thing (though SSL will give a moderate SEO boost).

Basically, an SSL certificate is sort of like your site's proof of identity, like a driver's license or a passport at TSA. But it doesn't just authenticate your site identity – it encrypts information sent to the server.

Information like, say, passwords. Or credit card numbers. Or Social Security numbers. You know, the important information.

It's basically security. A declaration of security and a promise of security.

How Does It Work?

How does the best SSL certificate work? Or the run-of-the-mill SSL certificate, for that matter?

Basically, an SSL certificate makes use of two keys – a public and a private key. These two keys work together to encrypt the data sent between a server and a web browser.

The certificate contains a "subject", which is the identity of the website owner or certificate holder.

In order to obtain an SSL certificate, you'll need to create a Certificate Signing Request (CSR) on your server, which will create a public and private key.

You'll then send that data file to the SSL certificate issuer. The file you send contains the public key, and the issuer then uses that file to create a data structure that mimics your private key without actually seeing your private key at any point.

Think of the two keys like two pieces of a puzzle. The issuer more or less reverse-engineers their own version of your private key based on the public key, but the private key remains just that – private.

Once you have the certificate, you need to install it on your server, as well as an intermediate certificate that establishes the validity of your SSL certificate based on your issuer's root certificate.

This creates what's called a certificate chain – the issuer's root certificate, your intermediate certificate, and the server certificate.

Why Do You Need the Best SSL Certificate?

You need the best SSL certificate for three main reasons.

First, let's answer a question that's probably floating around your head about SSL certificates.

It is possible for (almost) anyone to create an SSL certificate. But a browser won't accept a certificate by any random person off the street. It will only accept certificates created by issuers who are on their list of trusted providers (browsers come pre-installed with a trusted list, so you can't exactly cheat them).

How does a browser know that a certificate came from the best SSL provider? The certificate is signed, more or less, by the issuer. When you get the certificate back, the company digitally signs it. This is what the browser reads when it recognizes an SSL certificate.

The second is that consumers are demanding security from the websites they visit before they ever see your homepage. In fact, 68% of users believe the laws protecting their internet privacy are not strong enough.

They and their browsers will be looking for an https before they reach your homepage. And if they don't see it, their browser will bounce them back – or they won't click in the first place.

https and green security badge from a SSL certificate
Green Security Marker In Search Bar

There's also that little thing about SEO.

See, Google values security. And they value giving their users the security they look for.

So in 2014, Google announced HTTPS as a ranking signal.

And that means that they're now considering your SSL certificate (or lack thereof) as part of your SEO ranking. Not a huge part, mind you, but in the SEO rat race, every little bit counts.

Let's talk about finding the best SSL certificate for you. It starts with what kind of certificate is best for your needs.

Types of SSL Certificate

Of course, finding the best SSL certificate isn't just a matter of, you know, buying an SSL certificate.

There are several different types of SSL certificates in the world wide web. Some will work well for most anybody, while others are more useful for specific needs and security interests.

It depends on you. But first, you have to know what you're looking for.

There are six different types of SSL certificates to choose from. Let's break it down.

Organization-Validated Certificate

Also called a high assurance certificate.

It's about as good as it sounds.

An organization-validated certificate requires real agents to verify the domain ownership and the legal identity of the business (thus high assurance).

It also requires additional documentation and information such as the name of the business, as well as the city, state, and country the business is located in.

You know, things that tend to be helpful in verifying the identity of your business.

Domain-Validated SSL Certificate

If you think the name sounds redundant, don't worry.

It's actually related to an organization-validated certificate (in case the name similarity wasn't a giveaway). A domain-validated SSL certificate is also called a low assurance certificate.

SSL is the standard type of certificate issued. It's pretty simple, as SSL certificates go – there's an automated registration of the domain name which is then verified by an administrator. To complete the validation, the webmaster will either confirm via email or configure a DNS record.

Basically, it's an organization-validated certificate, without the extra step of validating the business name as well.

If you've started looking for the best SSL certificate for you, this is probably one you've already encountered.

An EV Certificate

Also called an extended validation certificate, this one's the new kid at the table. Don't be deterred – that doesn't mean it won't work for you.

Of the three SSL certificates we've discussed thus far, the extended validation certificate has the most rigorous validation process of the three.

Remember how an organization-validated SSL certificate required verification of a business's legal identity?

The EV certificate takes that a step further.

This certificate checks to ensure that a business is, in fact, a legal entity, and as part of the process, it requires certain information from your business as proof of ownership.

And before you can ask the question: no, other types of SSL certificates do not offer any verification to your potential customers that your website is being run by a real, legitimate business.

An EV certificate offers visual proof – you get the https that comes with the territory of an SSL certificate, as well as a green padlock in your website browser bar.

Why make the investment? Because other types of SSL certificates don't offer this level of verification – and by taking the extra step, you're offering your potential customers the extra level of reassurance they need to be able to trust you.

Other certificates can make solid runs at being the best SSL certificate, but this one has a pretty significant benefit.

Unified Communication

As the name implies, this type of SSL certificate specifically relates to communication.

It's most often for encrypting the connection used in various types of communication software, including email.

The best part of this one is that you can fit multiple domains under one SSL certificate, but, again, it tends to be somewhat specialized.

It's a type of subject alternative name certificate, though the two are different in a few significant ways.

Subject Alternative Name

A subject alternative name certificate is best thought of as an extension built into a certificate.

To make a long story short, a subject alternative name certificate allows identities to be bound to the subject contained within the certificate. Identities can include an email address, a DNS name, an IP address, or a URL.

Wait, why would you want to do that?

Because it allows the SSL administrators to secure multiple domains with a single certificate.

Which is pretty cool when you think about it. As far as the best SSL, this one gives you a lot of bang for your buck in terms of ground covered.


And, finally, there's the wildcard SSL certificate.

Don't worry about the name, it's not as much of a shot in the dark as the name might lead you to believe.

It's actually pretty similar to a subject alternative name certificate. The difference is that a wildcard is like an inverted subject alternative name.

Where a subject alternative name certificate can secure multiple domains with one certificate, a wildcard certificate can only secure one domain but with multiple hostnames.

And in case you're wondering, despite their similarity of style, a wildcard certificate doesn't make use of a subject alternative name extension.

Types of Encryption

Now, not all SSL encryptions are created equal.

There are two types of encryption that you'll find in SSL certificates: asymmetric encryption and symmetric encryption. SSL uses both types of encryption to ensure security.

Let's break it down.

Asymmetric Encryption

This is also called public-key encryption.

This type of encryption uses a separate key for encryption and decryption. The encryption key, or public key, is available for anyone to use, but the decryption key, or the private key, is kept a secret so that only the intended recipient can decrypt the message.

Symmetric Encryption

So if asymmetric encryption involves two separate keys, it makes a lot of sense that symmetric encryption involves…well, the same key, right?

Actually, that's exactly how symmetric encryption works.

Unlike asymmetric encryption, the sender and receiver are using the same key. Thus, symmetric encryption.

Which is Stronger?

You might think that because asymmetric encryption involves two separate keys that it's implicitly more secure.

It's true that asymmetric encryption is harder to crack, but for the strength of encryption, we need to evaluate computational burden and ease of distribution.

Symmetric encryption takes the cake in terms of the computational burden. It makes sense because it only involves one key.

But when you consider ease of distribution, asymmetric encryption is the winner.

Think of it this way. Because you and the sender have to use the same key in symmetric encryption, you have to send the other person your key. Which is fine if they're close by. But if you're sending it halfway across the world, the route of that key suddenly becomes concerning.

In asymmetric encryption, even if the wrong person managed to get ahold of the public key, you still have access to the private key, so you're not entirely compromised.

Lucky for you, the best SSL certificates use both symmetric and asymmetric encryption to ensure your keys always remain secure.

10 Best SSL Certificate Providers

Remember how we said that a browser will only accept an SSL certificate from its list of verified best SSL providers? Well, logically, you should buy from one of those providers. Here are 10 of the great ones.

  1. Comodo
  2. Digicert
  3. Entrust
  4. Geocerts SSL
  5. GeoTrust
  6. GoDaddy
  7. Network Solutions
  8. Rapid SSL
  9. Symantec
  10. Thawte

Each has its own costs and benefits. The key to choosing the best SSL provider for you is to assess cost versus risk, keeping in mind that this investment is a business requirement.

How to Choose the Best SSL Certificate for You

And now for the question of the hour: how do you choose the right SSL certificate for you?

Well, that's complicated. Rewarding once you figure it out, but complicated.

First, you need to identify what you want to protect (a domain, a sub-domain, etc.) This will change the type of certificate you're looking for.

You also need to figure out if you're protecting one property or multiple properties. Based on what you already know about certificates, that will already help you narrow your candidates.

Finally, you need to figure out what level of protection you need. If you're looking to just cover your bases, a domain-validated certificate will suit you just fine. If you're looking for something a smidge more ironclad, then you're in the market for something more like an extended validation certificate.

Then, it's time to find a provider. If you plan on renewing for several years, you can often get a discount for buying a multi-year certificate upfront. It's often cheaper to buy from a third-party reseller, but keep in mind that you're sacrificing customer service quality.

Master Your Website

So you've got your SSL certificate.

Good for you! Now, it's time to cover everything else. Check out our blog for all of your real estate website questions.

For managing your brand, we've got everything from understanding how to manage brand reputation to how to get reviews.

Or, for your local SEO questions, check out our post on 8 signs you could benefit from local SEO, or, if you're ahead of the game, 6 local SEO strategies to drive traffic.

Share This Post

Share on facebook
Share on linkedin
Share on pinterest
Share on twitter
Share on email
Share on print

Leave a Comment

Subscribe To Keep Learning

Get updates and learn The latest Strategies

Want to Keep Keep On Learning?