Types of SSL-Related Questions we Encounter
It can be an uncertain if not intimidating process to those that haven't gone through it before. Obtaining SSL certificates require a variety of steps and decisions:
- What Certificate Authority to select? (i.e. Digicert, GoDaddy, Sectigo, Comodo)
- What's the difference between a DV, OV, and EV certificate?
- Do I require a wildcard or Multi-SAN certificate?
- How do I complete the certificate request process?
- What if I configure it incorrectly?
What Certificate Authority to select?
Rievent customers utilize a variety of SSL Certificate Authorities. Common authorities include Digicert, GoDaddy, Sectigo, Comodo. It's not our position to recommend one authority over another, but it is worth noting that some are less expensive than others. You should balance cost concerns, the reputation of the authority, and ease of managing a distribution of domains and certificates. Your domain authority may provide streamlined options for obtaining and managing SSL certificates. Of the Certificate Authorities mentioned above, all are considered highly reputable.
What's the difference between a DV, OV, and EV certificate?
The main differences between Domain Validated (DV), Organization Validated (OV), and Extended Validation (EV) SSL certificates lie in the level of validation and the information displayed in the certificate:
-
Domain Validated (DV) SSL Certificate:
- Validation Level: Involves basic verification of domain ownership.
- Verification Process: Typically requires the certificate applicant to prove control over the domain, often through email verification.
- Information Displayed: Only the domain name appears in the certificate.
- Security: Ensures the privacy and security of transmitted data for the website.
- Use Case: Suitable for basic websites and personal blogs where encryption is the primary concern.
-
Organization Validated (OV) SSL Certificate:
- Validation Level: Involves verification of both domain ownership and organizational information.
- Verification Process: Requires additional checks to confirm the legitimacy of the organization, such as verifying its physical address and legal existence.
- Information Displayed: Includes both the domain name and the organization's name in the certificate.
- Security: Ensures the privacy and security of transmitted data for the website.
- Use Case: Ideal for business websites and e-commerce platforms that want to establish trust by displaying organizational information.
-
Extended Validation (EV) SSL Certificate:
- Validation Level: Highest level of validation, involving rigorous checks of domain ownership and extensive verification of the organization's legal and operational existence.
- Verification Process: Requires a thorough examination of legal documents and communication with the organization.
- Information Displayed: In addition to domain and organization names, EV certificates display the organization's name in the browser's address bar, often turning it green.
- Security: Ensures the privacy and security of transmitted data for the website.
- Use Case: Best suited for high-security websites, especially those handling sensitive information like financial transactions, where building maximum user trust is crucial.
Choosing Between Them:
- DV: Quick and cost-effective, suitable for basic websites.
- OV: Adds organizational legitimacy to the encryption, recommended for business websites.
- EV: Provides the highest level of assurance and is recommended for websites dealing with sensitive data or where user trust is paramount, such as financial institutions or e-commerce platforms.
Rievent recommends choosing a single domain OV SSL Certificate to balance organizational reputation and cost optimization concerns.
Do I require a wildcard or Multi-SAN certificate?
No, not specifically for hosting your domain on Rievent. Customers typically host a single production domain in Rievent. Rievent also strongly discourages sharing your existing site-wide wildcard SSL certificate as that involves transfer of sensitive private key information and exposes your core business to risk outside its perimeter.
How do I complete the certificate request process?
Certificate Authorities have different processes for verifying the authenticity of your domain or organization. Major Certificate Authorities typically provide a streamlined user experience to walk through the certificate request process. The process increases in complexity from a DV to an OV to an EV certificate, as you'll be required to provide more detailed organizational details for verification. In the process, you'll need to determine whether you require a single or multi-year certificate. Multi-year certificates are often discounted on a yearly basis and require less recurring maintenance by the customer and Rievent.
You should expect it taking 2-5 days to complete the information gathering and processing for obtaining an OV certificate. At the end of the process, the Certificate Authority will notify you and provide the SSL certificate that you can share with Rievent.
-
Choose a Certificate Authority (CA):
- Select a reputable Certificate Authority, which is a trusted entity that issues SSL certificates. Popular CAs include Digicert, Symantec, and Comodo.
- Select a reputable Certificate Authority, which is a trusted entity that issues SSL certificates. Popular CAs include Digicert, Symantec, and Comodo.
-
Coordinate with Rievent on the Certificate Request:
- Rievent will generate a Certificate Signing Request (CSR) for the requested domain on the customer behalf. This involves creating a key pair (public and private key) and providing information about your organization, including its legal name and location. Rievent returns the CSR back the customer. The customer provides the CSR to the chosen CA when purchasing the OV SSL certificate. This is typically done through an online portal provided by the CA during the certificate purchase process.
- Rievent will generate a Certificate Signing Request (CSR) for the requested domain on the customer behalf. This involves creating a key pair (public and private key) and providing information about your organization, including its legal name and location. Rievent returns the CSR back the customer. The customer provides the CSR to the chosen CA when purchasing the OV SSL certificate. This is typically done through an online portal provided by the CA during the certificate purchase process.
-
Verify Organization Information:
- The CA will initiate the OV verification process, which includes confirming the accuracy of the submitted organizational information. This may involve checking public records, contacting the organization directly, and verifying the domain ownership.
- The CA will initiate the OV verification process, which includes confirming the accuracy of the submitted organizational information. This may involve checking public records, contacting the organization directly, and verifying the domain ownership.
-
Validation Steps:
- Typically, the CA will perform various checks to verify the legitimacy of your organization. This may include confirming the organization's legal existence, physical address, and phone number.
- Typically, the CA will perform various checks to verify the legitimacy of your organization. This may include confirming the organization's legal existence, physical address, and phone number.
-
Provide Additional Documentation:
- Depending on the CA's requirements, you may need to provide additional documentation to support the information submitted during the verification process. This could include business licenses, articles of incorporation, or other legal documents.
- Depending on the CA's requirements, you may need to provide additional documentation to support the information submitted during the verification process. This could include business licenses, articles of incorporation, or other legal documents.
-
Approval and Issuance:
- Once the CA successfully verifies the information, they will issue the OV SSL certificate. This certificate will contain the verified information about your organization and will be signed by the CA.
What if I configure it incorrectly?
After receiving the certificate, Rievent will review and notify the customer of any potential configuration issues. Certificate Authorities are usually pretty accommodating to small changes and can revise in a short period of time.