What is an SSL Certificate?
Whenever you view a webpage, you may notice the address starts with http (Hypertext Transfer Protocol). For websites that may use personal or sensitive data, such as your bank or other website you may log into, it's preferable to make these more secure by encrypting data transferred between the client (the web browser you're using) and the server (where the website is installed). This is done using a Secure Sockets Layer (SSL) that is configured on the server. Any website that is secured in this way will display https (Hypertext Transfer Protocol Secure) and display a locked padlock icon on the address bar.
As WEBcnx is an application that users log in to and contains potentially sensitive customer data, it is recommended that you secure it by applying an SSL certificate.
SSL Certificate Authentication Types
Depending on your needs, there are many different types of SSL certificate options available, all with their unique use cases and value propositions. The level of authentication assured by a Certificate Authority (CA) is a significant differentiator between the types. Each type of certificate requires specific information and documentation, and once that is received, a CA follows a set of Baseline Requirements to complete the certificate verification process before issuance.
There are three recognized categories of SSL certificate types:
Within these authentication types, there are also unique variations available including single domain, multi-domain, and wildcard. Which of these you choose depends on how you wish to configure your domain.
Selecting a Certificate
Depending on what type of websites, eCommerce or other web applications you may already have, you may already have an SSL certificate that covers your new WEBcnx installation. An existing Wildcard SSL certificate could be used if you wanted to host WEBcnx as a subdomain of your main corporate domain name; webcnx.yourwebsite.com for instance. If you don't already have any secure websites and are unlikely to need one in the future, a simple Single Domain SSL certificate is what you would need.
Single Domain SSL Certificates
A single domain SSL secures one domain, both the WWW and non-WWW versions. It can also secure a single subdomain, hostname, IP address, or mail server. This variation is available in DV, OV, and EV authentication options. If your WEBcnx site is the only one you need to secure, you should choose this option.
Multi-Domain (MD) or Subject Alternative Names (SAN) SSL Certificates
Also commonly referred to as SAN certificates, multi-domain certificates allow a single certificate to secure multiple domains, including subdomains of a single main domain name or entirely different domain names. One of these can secure up to 250 unique domains with a single solution. They provide a convenient option for organizations that own a lot of domains and are looking for a simplified way to secure them through a single solution rather than purchasing an individual certificate for each. Multi-domain SSL certificates are available in DV, OV, and EV validation options. If you already host a number of secure websites or web applications with different domains, you may already have a suitable SSL certificate that can be easily extended to include WEBcnx. You should discuss with your IT team for more information.
Wildcard SSL Certificates
The Wildcard SSL option is used to secure the main domain and an unlimited number of subdomains under the main domain. For example, www.yourwebsite.com, webcnx.yourwebsite.com, ecommerce.yourwebsite.com, etc., would all be secured with one Wildcard certificate. This type offers full encryption for the subdomains, making it an affordable and effective solution for most websites. They are available in DV and OV validation options. As for Multi-Domain SSL certificates, if you already have other secure websites, you may already have a suitable SSL that can be used. You should discuss with your IT team for more information.
Free vs Paid SSL Certificates
There are a number of free SSL Certificate Authorities as well as those providing paid certificates. All types offer the same level of encryption, so a Single Domain SSL certificate of a Domain Validation type is just as secure as an Extended Validation, Wildcard SSL certificate. Free SSL certificates do not validate ANYTHING about websites, but just the ownership of the domain. On the other hand, paid SSL certificates verify the BUSINESS IDENTITY of the website before issuing the certificate to the site owner. It is an in depth verification carried out by the Internet certificate authority(CA).
If you're hosting WEBcnx for largely internal users who need to be able to access WEBcnx remotely, without having to join a VPN, a free Domain Validation certificate will do the job. If you may have your customers also accessing WEBcnx, an Organization Validated certificate will give them the added reassurance that the WEBcnx site they're connected to truly belongs to you.
A good rule of thumb is this: if the certificate is issued to a company, then it should be one that requires validation of that company – either OV or EV. And anytime there are transactions occurring on a website, an OV or EV certificate should be used to instil confidence in the customer that their data is safe and that they are dealing with who they think they are.