SSL Certificate Features
There are many different types of certificates and many different SSL certificate features that you may need to understand in order to purchase the right SSL certificate. The most critical distinction to make is whether you need a high assurance certificate, a low assurance certificate, or an EV certificate.
What is a high assurance certificate?
There are two things that must be verified before you can be issued a high assurance certificate: ownership of the domain name and valid business registration. Both of these items are listed on the certificate so visitors be be sure that you are who you say you are. Because it requires manual validation, high assurance certificates can take an hour to a few days to be issued.
What is a low assurance/domain-validated certificate?
A low assurance/domain-validated certificate is a certificate that only includes your domain name in the certificate (not your business or organization name). Certificate authorities usually can automatically verify that you own the domain name by sending an automated email to an email address listed on the domain's WHOIS record. They can be issued instantly and are cheaper but, as the name implies, they provide less assurance to your customers.
What is an EV (Extended Validation) certificate?
An EV Certificate is a new type of certificate that is designed to prevent phishing attacks. It requires extended validation of your business and of the person ordering the certificate. It can take a few days to a few weeks to receive but it provides even greater assurance to customers than high assurance certificates by making the address bar turn green.
What is a wildcard certificate?
A wildcard certificate can secure an unlimited number of first level sub domains on a single domain name. For example, you could get a wildcard certificate with *.yourdomain.com as the common name. This certificate would secure www.yourdomain.com, mail.yourdomain.com, secure.yourdomain.com, anything.yourdomain.com, etc... In other words, it will work on any sub-domain that replaces the wildcard character (*).
A certificate authority issues certificates in the form of a tree structure. A root certificate is the top-most certificate of the tree. All certificates below the root certificate inherit the trustworthiness of the root certificate. Many software applications, such as web browsers, include certain root certificates that are automatically deemed trustworthy. Any certificate signed by a trusted root certificate will also be trusted. In turn, the signed certificate can sign another certificate and it will also be trusted as long as the browser has all of the certificates in the chain to link it up to a trusted root certificate.
Any certificate in between your certificate and the root certificate is called a chain or intermediate certificate. These must be installed to the web server with the primary certificate for your web site so that user's browers can link your certificate to a trusted authority. Most certificate authorities use intermediate certificates for security purposes and most web servers and devices support them.
The warranty that you get when you purchase an SSL certificate ($10,000, $250,000, etc...) can be misleading. It is not a warranty to the purchaser but rather to the end users who use a site secured by an SSL certificate. Basically, if you, the purchaser, turn out to be fraudulent and a user of your web site loses money because the certificate authority didn't properly validate you, then the certificate authority will compensate the end user. This practically never happens! It is therefore not very important how big the warranty is when you buy an SSL certificate. Certain certificate authorities have slightly different policies on warranties that you may wish to look into.