There are two classifications of TLS/SSL certificates:-
- Based on the number of domains or subdomains to support
- Based on the level of assurance needed
1. Based on the number of domains or subdomains to support:
- Single Domain or Single Name – one certificate secures only a single domain or an individual subdomain. For example, if you buy a certificate to secure www.abc.com, you cannot use the same certificate to secure its subdomain help.abc.com.
- Wildcard – one certificate secures a single domain and all the subdomains under it. Websites with wildcard certificate have an asterix (*) and a period before their domain names. For example, a domain secured by a wildcard certificate is denoted by https://*.abc.com, where the ‘*’ can be any of abc.com’s subdomains like help.abc.com, blog.abc.com, etc.
- Multi-domain or Subject Alternative Name (SAN) – one certificate secures a number of domains and subdomains. Eg. An SAN certificate used to secure www.abc.com can secure www.abc.org, www.abc.co.us, blog.abc.com, etc.
2. Based on the level of assurance needed:
- Domain Validation (DV) – these TLS/SSL certificates are the easiest to obtain. The URL of websites with DV TLS/SSL certificates will have only the HTTPS and padlock and not the business name. Hence, there’s no way for visitors to check if the website really belongs to the business they’re looking for, despite the secure sign. DV TLS/SSL certificates can be got in minutes with no business verification.
- Organization Validation (OV) – OV TLS/SSL certificates are used by organizations that deal with sensitive customer data. Websites with OV TLS/SSL certificates have their business name on the address bar along with HTTPS and the padlock. Since these certificates offer high assurance, they’re provided only after appropriate scrutiny by the CAs, are more expensive, and can take day to issue.
- Extended Validation (EV) – EV TLS/SSL certificates offer the highest level of security and are the hardest to obtain. To get an EV certificate, the organization has to undergo rigorous vetting by the CA, which includes verifying the physical existence of the business. Websites with an EV TLS/SSL certificate have their organization name, country code, and padlock in green. These certificates are very expensive and can take up to 3 days to issue.
All these certificates are issued on completion of DCV (Domain Control Validation), wherein the organization has to prove that the domain they’re requesting certification for really belongs to them.