As the internet has moved towards a more secure and privacy-respecting web with HTTPS a standard feature of all websites, it’s more important than ever that site admins get a hold of an SSL certificate from a registered certificate authority.
If you want to save yourself the hassle of researching, purchasing, and installing SSL certificates for your site(s), you can get regular SSL and wildcard SSL certificates installed for free automatically with our secure fully managed WordPress hosting.
Or, if you prefer to do it all yourself, read our side-by-side comparison of the top five certificate authorities below. It will help you decide, which company offers an SSL certificate best suited to your needs.
What to Look Out for in a Certificate Authority
When it comes to choosing a Certificate Authority (CA), it comes down to knowing what you need and which CA has it.
To help you decide, here are the main types of SSL certificates to choose from:
- Domain Validation (DV) – Certificates that are quick to be issued since only the domain is verified for legitimacy.
- Wildcard – The root domain and its sub-domains can be included in a single certificate.
- Extended Validation (EV) – Distinguishable by the browser’s address bar being colored green as opposed to only the https text. Both the legal identity of the business or organization and domain needs to be verified for legitimacy.
- Unified Communications (UC) – Used for encrypting the connection for use with email and other communication software. Multiple domains can be included in one certificate, and it’s also a type of Subject Alternative Name certificate.
- Subject Alternative Name (SAN) – The root domain and related domains that are linked can be included under one certificate
- Wildcard – A certificate that includes the root and its sub-domains.
- Organization Validation (OV) – Similar to extended validation certificates where both the legal identity of the business or organization and the domain is verified for authenticity, except it doesn’t include a green address bar.
There are also different kinds of encryption that you may come across when searching through different Certificate Authorities:
- Rivest-Shamir-Adleman (RSA) – Named for the surnames of its creators, it’s the most common form of encryption and comes in 128-bit, 256-bit, and 2048-bit encryption.
- Digital Signature Algorithm (DSA) – Government standard of encryption necessary for sites which are required to meet this criterion.
- Elliptical Curve Cryptography (ECC) – The most powerful form of encryption of the ones that are most commonly used.
The higher the bit rate of encryption, the better the security. Although, ECC is stronger than RSA, so an ECC 256-bit certificate is stronger than an RSA 2048-bit certificate.
The difference between RSA and DSA is that the former is faster at validating signatures, which are encrypted keys that are used in the process of issuing an SSL certificate. RSA is also slower at creating signatures. DSA encryption is the opposite since it’s faster at creating signatures, but it’s slower when validating them.
Knowing the difference between the most common types of certificates is a start, but now it’s time to determine which kind of certificate you need.
Which Certificate Do I Need?
As a general rule of thumb, here are the types of sites that commonly need each kind of certificate mentioned above:
- Domain Validation – Any WordPress site, any site that has a form or basic sites.
- Extended Validation – eCommerce, business or organization sites or any site that wants to present themselves as extremely trustworthy.
- Unified Communications – For email servers and it’s also a requirement for Microsoft Exchange.
- Subject Alternative Name – You have multiple domains that are all related but aren’t necessarily sub-domains and can include email or IP addresses, DNS name or URL.
- Wildcard – For WordPress Multisite networks set up with sub-domains. (Learn more about using Wildcard SSL for WordPress Multisite).
- Organization Validation – Business or organization sites which need to appear as trustworthy.
Now that you have a better idea of the kind of SSL certificate you need, let’s take a look at which of the top Certificate Authorities can fill your encryption requirements.
Top Certificate Authorities Reviewed
There are many Certificate Authorities on the market, but these are the most popular options. Below is a review of each of them based on five categories: price, the variety of the certificates offered, the warranty that’s included with certificates, compatibility across browsers and mobile devices and the included features.
All of these Certificate Authorities issue certificates that work and that are secure. That’s why there isn’t a category in the review for security. It all comes down to your needs and the specific features and capabilities that are included when a certificate is issued from these options.
Notes:
- This post originally contained reviews for Symantec and GeoTrust SSL certificates, but these products have since been acquired by Digicert. You can still purchase GeoTrust SSL certificates (powered by Digicert).
- The details and warranty dollar amounts included for each Certificate Authority are accurate at the time this review was published.
Let’s Encrypt
Let’s Encrypt is an open source Certificate Authority that’s backed by companies such as Automattic, Mozilla, Sucuri, WPMU DEV, Facebook, Chrome and many more. It offers RSA 2048-bit encryption with ECDSA encryption currently in development.
Getting a DV certificate and renewal is free for everyone and you can have as many as you want. With the Certbot installer, you can also have multiple certificates up and running in seconds. Issuing a SAN or UC certificate can also be done by adding multiple names to an otherwise DV certificate.
Even though certificates are free, it doesn’t mean it’s not secure. As I mentioned earlier, It’s just as secure as most other Certificate Authorities so it’s a suitable option if you’re on a budget. Unfortunately (and understandably), free certificates don’t come with any kind of warranty or extra features.
It’s not the kind of certificate you can use for any given situation, but it’s a viable option for many sites that only require domain validation.
The Good
- You can have as many certificates as you want for free
- All renewals are free and can be automated
- Certificates are issued instantly
- Compatible with most major browsers and devices
The Bad
- Only DV, SAN and UC certificates are available
- There are obscure devices and browser versions that aren’t compatible
- No warranty is available
- There aren’t any additional features
Comodo
Comodo offers an RSA 2048-bit encryption for DV, wildcard and EV certificates. UC certificates have 128-bit or 256-bit encryption. It’s also the only Certificate Authority included in this review that offers premium SSL certificates with a free trial, though, the trial is only for a DV certificate.
Other than the free trial, there are four different types of certificates: DV, wildcard, EV and UC.
When you get an SSL certificate, it also comes with a warranty no matter which one you choose, but the amount varies between certificates.
One of the best features of Comodo is that you can choose to upgrade your certificate’s warranty if the largest amount isn’t already included. You can also get a Comodo logo to place on your site to build your visitors’ trust, but it’s only available for wildcard and EV certificates.
Other than that and customer support, there aren’t other additional features, but that’s reasonable given that it’s the most affordable option directly after Let’s Encrypt.
The Good
- There’s a free 90-day trial for a DV certificate
- PCI and site scanning is free for one certificate
- Warranties are available of $250,000 to $1,750,000 for certain certificates
- You can upgrade the warranty on some of the certificates
- It’s the second most affordable option
- Compatible with all major browsers and mobile devices
The Bad
- Scanning features are only available for one certificate per account
- A trust logo for your site is only included for wildcard and EV certificates
- May not be compatible for less popular browser versions and mobile devices
Digicert
Digicert has mid-range pricing since it offers features for every certificate including a warranty of $1,000,000, free re-issues and a logo you can add to your site to built visitor confidence. It also supports RSA 2048-bit, 128-bit and 256-bit encryption.
There are five different types of certificates that are available: SSL Plus (DV), EV, Multi-Domain (UC/SAN), EV Multi-Domain and Wildcard Plus.
While Digicert’s certificates are compatible with all major browsers and mobile devices, there may be some versions or devices that aren’t supported but are also not widely used.
If you require a warranty rate that’s higher than the base amount that’s offered by some other Certificate Authorities and you also need a logo to place on your site for the type of certificate you need and it’s not supported elsewhere that’s within your price range, then it’s worth taking a closer look at Digicert.
The Good
- Free certificate re-issues
- Warranty of $1,000,000 for all certificate types
- Compatible with all major browsers and mobile devices
- All certificates include unlimited server licences
The Bad
- May not be compatible with less popular browser versions and mobile devices
- You need to sign on for multiple years to get a certificate discount
Comparing the Top Certificate Authorities
Now that the most popular Certificate Authorities have been reviewed, you can check out each of them compared side-by-side in each category.
Price
Certificate Variety
Warranty
Compatibility
Features
Overall
Choosing the Best Certificate Authority
As mentioned earlier, each Certificate Authority in this comparative review offers secure SSL certificates and choosing one is dependent on your needs.
To aid in your decision-making process, here are some recommendations based on each Certificate Authority’s best features:
- If you’re on a budget or run a basic site such as a personal WordPress blog, portfolio site or small business site, check out Let’s Encrypt or Comodo.
- Digicert is the best option if you need DSA, ECC or the highest level of encryption.
- If you need site scanning for vulnerabilities or malware, take a look at Comodo.
- Comodo and Digicert all have the highest warranties
- If you need a fairly high warranty at a reasonable cost for DV, wildcard or SAN certificates, check out Digicert.
- For unlimited server licenses or free certificate re-issues, consider Digicert.
- Comodo and Digicert all offer their logos to place on your site to help increase your visitors’ trust.
Overall, you need to decide which kind of certificate fits your specific needs and which features you require. Then, you can choose a Certificate Authority that includes everything you need at a price that fits into your budget.
Editor’s Note: This post has been updated for accuracy and relevancy. [Originally Published: March 2017 / Revised: October 2021]
Tags:
