When it comes to protecting your website with Secure Sockets Layer (SSL) encryption, there are a bunch of factors to consider when choosing the right one for your needs. One of the things people get confused about is the difference between a Private vs. Shared SSL Certificate. In fact there are three main types to choose from, and we’re going to break them down for you.
Self-Signed SSL Certificate
These certificates are not signed by a trusted Certificate Authority and can be generated for free. They can provide the same level of encryption and can be used in closed, for example, test environments. However, they don’t provide authentication i.e. assurance that the server you connect to belongs to the owner of the domain name. In other words, self-signed certificates do not protect from Man in the middle attacks. Self-signed SSLs are not recommended, especially when users are going to interact with them in browsers, because browsers don’t recognise Self-Signed SSL Certificates as secure and will flag them as invalid with a warning. This, and the fact that they’re not backed by the cybersecurity industry, means the Self-Signed option is not a good idea for publicly available services.
Shared SSL Certificate
Popular these days, as you can get them for free. The way it works is they aren’t tied to a specific domain, like mybrand.com. Instead, they usually cover entire servers that host a number of domains or subdomains.
These SSLs are generated, installed and managed by the hosting or CDN (Content Delivery Network) providers and site owners have little or no access to them. They cannot use these certificates outside the hosting or CDN platform that is in use, reissue or revoke (invalidate) the SSL.
This means that if a shared certificate is compromised, all the domains covered by it would be put at risk and site owners would not be able to mitigate the situation by revoking the SSL certificate.
You should only use shared SSL certificates from providers you can trust.
Free shared SSL Certificates also don’t come with a warranty, or dedicated support. So if things go wrong, there’s no backup.
Private SSL Certificate
This type of SSL Certificate is issued by a registered, industry recognised Certificate Authority, and distributed by SSL providers. There are a range of them to suit different online needs.
Instead of covering a server hosting multiple domains like the Shared SSLs, Private Certificates are connected to the exact domain(s) you specify e.g. mybrand.com. The site or domain owner has full access to the SSL certificate and can use it on multiple servers, reissue and revoke it.
You also have the option of getting Organization Validation (OV) or Extended Validation (EV). To cautious customers who check out what type of SSL Certificate protects your website, is this means trust — with OV and EV, the Certificate Authority goes through in depth checks to verify that you have a legit. This added trust is why ecommerce websites tend to prefer the Private SSL option.
Shared SSL Certificates are free and provide very limited SSL management to users. Private SSL Certificates often come with a price tag and you get more validation options to show website customers your business is reliable. They also give you added peace of mind with a warranty and customer support. Both kinds of website security offer the same level of encryption.
There’s a third kind of Certificate — Self-Signed SSLs aren’t issued by an industry recognised supplier or Certificate Authority. They’re definitely not recommended for public sites and services because browsers will flag them as not secure.