Special Types of SSL Certificates

The most popular certificates are web server authentication certificates for securing a web site but there are several other special types of certificates. By understanding the differences between different types of SSL certificates you can avoid problems such as trying to use a certificate for something that it isn't meant to do.

Web server authentication certificates

A web server authentication certificate is the normal type of certificate that is issued to secure web site traffic or other data connections. This is generally what people refer to when they use the term SSL certificate. All certificates listed in the SSL Certificate Wizard are web server authentication certificates. Although their primary use is to secure web servers, they can sometimes be used to secure email servers, file transfers, and other data connections.

Unified Communications (UC or SAN) certificates

A Unified Communications certificate is a type of web server authentication certificate that secures multiple domain names. It was originally used to secure Unified Communications products such as Live Communications Server and Exchange Server 2007 but it is now used to secure any server that has multiple domain names so it is also called a SAN (Subject Alternative Name) certificate. For example, you could secure www.domain.com, domain.com, mail.domain.com, autodiscover.server.local, etc. all in one certificate. Read our Unified Communications SSL Certificates page to learn more.

Wildcard certificates

A wildcard certificate can secure an unlimited number of first level sub domains on a single domain name. For example, you could get a wildcard certificate with *.yourdomain.com as the common name. This certificate would secure www.yourdomain.com, mail.yourdomain.com, secure.yourdomain.com, anything.yourdomain.com, etc... In other words, it will work on any sub-domain that replaces the wildcard character (*).

Extended Validation certificates

An Extended Validation (EV) certificate is a new type of certificate that is designed to prevent phishing attacks. It requires extended validation of your business and authorization to order the certificate and can take a few days to a few weeks to receive. It provides even greater assurance to customers than high assurance certificates by making the address bar turn green. Learn more about EV Certificates and compare the cheapest ones.

Low assurance/domain-validated certificates

A low assurance/domain-validated (DV) certificate is a certificate that only includes your domain name in the certificate (not your business or organization name). Certificate authorities usually can automatically verify that you own the domain name by checking the WHOIS record. They can be issued instantly and are cheaper but, as the name implies, they provide less assurance to your customers.

Code signing certificates

A code signing certificate is a certificate that enables you to digitally sign an executable or script to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed. Normal web server authentication certificates can't be used to do this so you need to get a special code signing certificate. Learn more about code signing.

E-mail certificates

An email certificate or S/MIME certificate is primarily used to sign an e-mail to encrypt and guarantee authorship of the e-mail. Learn more about email certificates.

Root signing certificates

Root signing certificates are certificates that you can use to sign other certificates that are linked up to a trusted root certificate. With a root signing certificate, you essentially become your own certificate authority and you can issue certificates that are trusted by all major browsers/clients. Read more about root signing certificates.

Shared SSL certificates

To prevent phishing, SSL certificates are made to work on one specific hostname (or multiple specific hostnames in the case of wildcard certificates and UC certificates) like mail.mydomain.com. If a certificate is used on a different domain name than what is listed in the certificate, a web browser will give a name mismatch error. Many hosting companies offer what is called a shared SSL certificate. A shared SSL certificate is used by multiple sites on the same IP address so that each site doesn't have to get their own certificate.

If you just want your connection encrypted and aren't worried gaining your visitors' trust or preventing phishing attacks on your site, a shared SSL certificate could work well for you. Some hosting companies let you use a folder or subdomain on their domain so that the address bar matches the hostname in the certificate. This avoids the name mismatch errors. Others let you use their certificate on your domain name which will give an error to visitors.