Overview of SSL certificates: types, choices, benefits.
Many people asked themselves the question of the difference between different SSL certificates, why receive it and why you cannot use a self-signed one.
Here I will try to answer these questions by considering:
')
I do not claim 100% loyalty to this article, it is based only on my opinion and personal experience :)
SSL - Secure Sockets Layer - a standard for sending encrypted data over a network. For the web industry, this is the HTTPS protocol .
First, let's look at what an SSL certificate is.
An SSL certificate is an individual digital signature of your domain. He might be:
Let us examine them in more detail.
A self-signed certificate does not guarantee anything. Anyone can take and issue such a certificate. All browsers provide the client with a pre-warning that the certificate is not reliable.
A certificate signed by a non-trusted CA does not confirm anything either, since There are CAs selling certificates to anyone and without checks. Most browsers respond to such certificates in the same way as self-signed ones.
A certificate signed by a trusted source (for example, Thawte or VerySign) confirms that:
Browsers do not issue an error to trusted certificates.
But it is technically. And now that shows the trusted certificate to your site visitor.
Many users (especially foreign ones, ours are not used to it yet), a self-signed certificate (or the lack of SSL in things related to services \ finance \ privacy) may, if not scare away, put a fat minus in your favor.
My personal conclusion: on all sites related to online commerce, payments, personal information should be SSL.
Suppose, guided by the considerations from Part 1 of the article, you decided to buy a signed certificate. What will be your surprise when you find out on the CA site that they are different :)
Types of certificates:
Esential SSL is the least expensive and fastest certificate. Available for both legal and individuals. Only ownership of the domain name is checked, personal data or company registration is not verified. Issued on 1 domain.
Instant SSL - available for individuals. persons and for jur. individuals. The ownership of the domain, the registration data of the company or the identity of a person is checked. faces. Issued on 1 domain.
SGC SSL certificate. - Similar to Instant SSL, but with support for 40-bit extensions (relevant for older OS and browsers). Issued on 1 domain, or wildcard (see below).
Normal Wildcard. - the same as a regular certificate, but is issued not for 1 domain, but for all subdomains of the root domain. Those. not only on domain.com, a and on www.domain.com , bill.domain.com, etc. It is much more expensive.
EV (Extended Validation) certificate. - extended verification certificate, available only to legal entities. Domain ownership is checked, the company, notarized translations of documents into English, require confirmation of data by a third party. Allows you to install on the site a picture of confirmation of possession and is displayed in browsers as guaranteed to be trusted (in green), against the yellow of ordinary certificates. It is 2-3 times more expensive than usual, registration takes a long time.
In the browser it looks like this:
EV Wildcard and EV SGC. - similar to Wildcard and SGC, but with extended verification.
Instant and Essential certificates are positioned as a product for websites of individuals and organizations that are not related to e-commerce.
Extended Validation - for sites related to finance, services (Internet banking, payment systems, online stores, etc.).
In the next article I will write how to choose a registrar and get a certificate.
Here I will try to answer these questions by considering:
- And the advantages of having SSL in general, and a signed certificate in particular.
- Types of SSL certificates.
- Ways to get them.
')
I do not claim 100% loyalty to this article, it is based only on my opinion and personal experience :)
SSL - Secure Sockets Layer - a standard for sending encrypted data over a network. For the web industry, this is the HTTPS protocol .
About certificates in general and why they need to be signed.
First, let's look at what an SSL certificate is.
Hereinafter, we will focus mainly on web sites. Questions SSL + FTP, Email, digital signatures of the source code, etc. for the time being aside.
An SSL certificate is an individual digital signature of your domain. He might be:
- Self-signed This means that you yourself gave yourself a certificate, and signed it yourself.
- Signed by an untrusted certification authority. This means that the site certificate has been verified, but the “verifier” himself has not been awarded.
- Signed by a trusted CA. This means that the certificate data has been verified by the company that is entitled to it, they at least exist.
Let us examine them in more detail.
A self-signed certificate does not guarantee anything. Anyone can take and issue such a certificate. All browsers provide the client with a pre-warning that the certificate is not reliable.
A certificate signed by a non-trusted CA does not confirm anything either, since There are CAs selling certificates to anyone and without checks. Most browsers respond to such certificates in the same way as self-signed ones.
A certificate signed by a trusted source (for example, Thawte or VerySign) confirms that:
- This site really belongs to the company for which it claims to be itself, and not Vasya Fisher from a neighboring entrance.
- The company that the site represents really exists in life, and not in Vasya’s thoughts from a neighboring entrance.
- The data of this company is verified and registered by the certification center.
Browsers do not issue an error to trusted certificates.
But it is technically. And now that shows the trusted certificate to your site visitor.
- This is really the site we went to, not deface or phishing.
- The site is created in earnest and for a long time. In general, those who want to “play a week” are not ready to pay money for a certificate.
- The site belongs to the company, or registered physical. person, not anonymous anonymous. Pluses are clear - those who want to cheat or steal rarely seek to certify their identity.
- The company is concerned about the security of information and confirmation of its authenticity.
- If something happens, this company can be found through the certifier.
Many users (especially foreign ones, ours are not used to it yet), a self-signed certificate (or the lack of SSL in things related to services \ finance \ privacy) may, if not scare away, put a fat minus in your favor.
My personal conclusion: on all sites related to online commerce, payments, personal information should be SSL.
Types of certificates.
Suppose, guided by the considerations from Part 1 of the article, you decided to buy a signed certificate. What will be your surprise when you find out on the CA site that they are different :)
Types of certificates:
Esential SSL is the least expensive and fastest certificate. Available for both legal and individuals. Only ownership of the domain name is checked, personal data or company registration is not verified. Issued on 1 domain.
Instant SSL - available for individuals. persons and for jur. individuals. The ownership of the domain, the registration data of the company or the identity of a person is checked. faces. Issued on 1 domain.
SGC SSL certificate. - Similar to Instant SSL, but with support for 40-bit extensions (relevant for older OS and browsers). Issued on 1 domain, or wildcard (see below).
Normal Wildcard. - the same as a regular certificate, but is issued not for 1 domain, but for all subdomains of the root domain. Those. not only on domain.com, a and on www.domain.com , bill.domain.com, etc. It is much more expensive.
EV (Extended Validation) certificate. - extended verification certificate, available only to legal entities. Domain ownership is checked, the company, notarized translations of documents into English, require confirmation of data by a third party. Allows you to install on the site a picture of confirmation of possession and is displayed in browsers as guaranteed to be trusted (in green), against the yellow of ordinary certificates. It is 2-3 times more expensive than usual, registration takes a long time.
In the browser it looks like this:
EV Wildcard and EV SGC. - similar to Wildcard and SGC, but with extended verification.
Instant and Essential certificates are positioned as a product for websites of individuals and organizations that are not related to e-commerce.
Extended Validation - for sites related to finance, services (Internet banking, payment systems, online stores, etc.).
In the next article I will write how to choose a registrar and get a certificate.
Source: https://habr.com/ru/post/51315/
All Articles