How to Choose the Right TLS/SSL Certificate

Transport Layer Security (TLS), or famously known as Secure Socket Layer (SSL), are cryptographic protocols that establish an encrypted connection between a browser and a web server. This connection protects data privacy and integrity as communication between both parties remains encrypted. In short, it keeps the internet connection secure and protects sensitive data such as personally identifiable information, credit card details, and passwords from attackers.

SSL icon in web browser

How Do TLS / SSL Certificates Work?

TLS/SSL certificates consist of a public and private key pair and verified identification information about the web server. When a web browser makes a connection with a web server, the server shares the public key with the client to establish an encrypted connection. This process is called a TLS Handshake. The encrypted data can only be decrypted by the webserver using the private key.

What Are the Types of TLS / SSL Certificates?

There are many types of TLS/SSL certificates available, including Domain Validated (DV), Organization Validated (OV), and Extended Validated (EV). The question is which TLS/SSL certificate is right for your business? The different types of TLS/SSL certificates below will help you make an educated decision.

  • Domain Validated (DV) Certificate: This certificate is issued after verifying that the applicant has control over the submitted domain name. It provides the lowest level of assurance, is very easy to get, and doesn’t contain any organizational information.
  • Organization Validated (OV) Certificate: This is the most popular type of business certificate. This certificate is issued after verifying the validity of the domain name (similar to DV), associated organization details, and registered address for authenticity. Since this type of certificate is hard to get, attackers running fake websites won’t be able to get one. It not only proves that your business website is safe but also confirms the identity of the organization so customers can securely transact.
  • Extended Validated (EV) Certificate: This is the highest level of assurance. In addition to DV and OV validation requirements, an EV certificate verifies the address of the place of business, the jurisdiction of incorporation, registration, and other supplied information. In the past, web browsers would show a green bar or green paddle lock for an EV certificate, but that’s no longer the case. According to SSL Pulse, an organization that continuously tracks over 150K of the most popular sites in the world, the usage of EV certificates is decreasing.

How to Choose the Right One

Choosing the right TLS/SSL certificate is the first step to securing your website. However, the lifespan of these digital certificates has been shrinking in recent years. Starting on September 1, 2020, TLS/SSL certificates cannot be issued for a validity period greater than 398 days (13 months). Apple first announced this change, and we anticipate that other major browser providers will follow suit. To reduce the burden of keeping up with hundreds or thousands of certificate renewals every year, implementing a certificate lifecycle management solution will be the key to success.

For additional guidance on choosing and managing TLS/SSL certificates for your organization, read our white paper or ask one of our digital certificate experts a question.

Ready to buy a TLS/SSL certificate? Check out our TLS/SSL certificates for web security.

Get the latest blogs on identity and access management delivered straight to your inbox.

Mrugesh Chandarana is a Senior Product Manager, Identity and Access Management Solutions at HID Global, where he focuses on IoT and PKI solutions. He has more than 10 years of cybersecurity industry experience in areas such as Risk Management, Threat and Vulnerability Management, Application Security and PKI. He has held product management positions at RiskSense, WhiteHat Security (acquired by NTT Security), and RiskVision (acquired by Resolver, Inc.).