differences of SSL certificates?

certificate ssl ssl-certificate

With the exception of wildcards, the differences are largely cosmetic and affect browser UI behavior. All certs from trusted CA's will show the key, lock, or what have you in a browser. Some of the more vetted certs will do things like turn the address bar green in Internet Explorer.

Wildcards are different in that they can be used for any single wildcard underneath that domain. They're not restricted to a static hostname. If you have a wildcard for *.domain.com, you can use the same cert for mail.domain.com, www.domain.com, foo.domain.com, etc. However, you cannot use it for domain.com nor can you use it for subdomains such as www.corp.domain.com nor mail.corp.domain.com. You'd need a *.corp.domain.com wildcard in that case.

Update: the previous statement isn't always true. Some CA's like rapidssl will now cover *.domain.com and domain.com as the CN. This is a recent change and was probably brought about due to marketplace competition.


Extended Validation SSL Certificates validates a web site as secured with an SSL Certificate that meets the Extended Validation Standard by causing the URL address bar to turn green. It should list the organization name in the certificate and the Certificate Authority (VeriSign® or GeoTrust, for example). Firefox and Opera have announced their intention to support Extended Validation SSL in upcoming releases.

Smart Seal is basically a visual cue to your online users that your website is protected using SSL - well really that the traffic is encrypted. These typically display the Date and Time to ensure the most up-to-date security.


Extended validation requires the CA to go and validate the identity of the person/company requesting the Certificate (and verify the domain to go onto the certificate to be registered to him) which doesn't happen for a "normal Certificate".

UPDATE: and yes depending on the browser different colors will be displayed to differentiate it from other Certificates.

I guess unless you offer highly sensitive content I'd suggest to go for the normal certificate.

Related

Is it better to have more small ram chips or fewer large ones?
How to allow non-root user to listen on privileged port?
Error 2020: Got packet bigger than 'max_allowed_packet' bytes when dumping table
Comparing owners and permissions of content of two folders?
How do I improve OpenVPN reliability over a high latency link?
How does the updated Shellshock vulnerability test for CVE-2014-7169 work?
How can I configure Postfix to ignore relayhost for some domains?
deleted cron tab file and need to recover it
How to extract Only the file name from the request uri
Will changing applicationHost.config cause IIS7 restart?
Exchange 2007 Client for Linux
Increase the value of LimitRequestFieldSize in Apache