Special Types of SSL Certificates

The most popular certificates are web server authentication certificates for securing a web site but there are several other special types of certificates. Knowing which SSL certificate type can help you avoid many problems such as trying to use a certificate for something that it isn't meant to do.

What is a web server authentication certificate?

A web server authentication certificate is the normal type of certificate that is issued to secure web site traffic or other data connections. All certificates listed in the SSL Certificate Wizard are web server authentication certificates. Although their primary use is to secure web servers, they can be used to secure email servers, file transfers, and other data connections.

What is a Unified Communications (UC) certificate?

A Unified Communications (UC) certificate is a type of certificate that secures Unified Communications products such as Live Communications Server and Exchange Server 2007 or any normal server. It allows you to secure multiple domain names or server names in one certificate. For example, you could secure www.domain.com, domain.com, mail.domain.com, autodiscover.server.local, etc. all in one certificate. Read our Unified Communications SSL Certificates page to learn more.

What is a wildcard certificate?

A wildcard certificate can secure an unlimited number of first level sub domains on a single domain name. For example, you could get a wildcard certificate with *.yourdomain.com as the common name. This certificate would secure www.yourdomain.com, mail.yourdomain.com, secure.yourdomain.com, anything.yourdomain.com, etc... In other words, it will work on any sub-domain that replaces the wildcard character (*).

What is an Extended Validation certificate?

An EV certificate is a new type of certificate that is designed to prevent phishing attacks. It requires extended validation of your business and authorization to order the certificate and can take a few days to a few weeks to receive. It provides even greater assurance to customers than high assurance certificates by making the address bar turn green. Learn more about EV Certificates and compare the cheapest ones.

What is a low assurance/domain-validated certificate?

A low assurance/domain-validated certificate is a certificate that only includes your domain name in the certificate (not your business or organization name). Certificate authorities usually can automatically verify that you own the domain name by checking the WHOIS record. They can be issued instantly and are cheaper but, as the name implies, they provide less assurance to your customers.

What is a code signing certificate?

A code signing certificate is a certificate that enables you to digitally sign an executable or script to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed. Normal web server authentication certificates can't be used to do this so you need to get a special code signing certificate. Learn more about code signing.

What is an e-mail certificate?

An email certificate/S/MIME certificate is primarily used to sign an e-mail to encrypt and guarantee authorship of the e-mail. Learn more about email certificates.

What is a root signing certificate?

Root signing certificates are certificates that you can use to sign other certificates that are linked up to a trusted root certificate. With a root signing certificate, you essentially become your own certificate authority and you can issue certificates that are trusted by all major browsers/clients. Read more about root signing certificates.

What is a shared SSL certificate?

To prevent phishing, SSL certificates are made to work on one specific hostname (or multiple specific hostnames in the case of wildcard certificates and Unified Communications certificates) like mail.mydomain.com. If a certificate is used on a different domain name than what is listed in the certificate, a web browser will give a name mismatch error. Many hosting companies offer what is called a shared SSL certificate. A shared SSL certificate is used by multiple sites on the same IP address so that each site doesn't have to get their own certificate.

If you just want your connection encrypted and aren't worried gaining your visitors' trust or preventing phishing attacks on your site, a shared SSL certificate could work well for you. Some hosting companies let you use a folder or subdomain on their domain so that the address bar matches the hostname in the certificate. This avoids the name mismatch errors. Others let you use their certificate on your domain name which will give an error to visitors.