Question
What is the difference between the different types of paid SSL certificates that you can purchase within cPanel?
Answer
There are 3 main types of certificates and a couple of subtypes offered within the cPanel interface. Each section below is dedicated to a main type of certificate and will include details about subtypes if they are applicable.
The paid versions of these certificates can be enabled and sold by the server administrator via the Market Provider Manager interface in WHM. The administrator can adjust pricing and other details via that interface.
Domain Validated (DV SSL)
Domain validated certificates are the most basic type of certificate. They only require that the certificate applicant prove ownership of the domain. Ownership is typically proven by creating a file on your web server, or by creating a DNS record on the authoritative DNS server for your domain that meets the specific requirements of the certificate authority. The certificate authority will then check for the existence of the file or DNS record to verify that you own the domain and can make changes to it. If purchased, these certificates are the least expensive.
AutoSSL - SubType
cPanel has developed a piece of software called AutoSSL which is included with your license that offers free DV SSL certificates for the domains on your server. If you have AutoSSL enabled, there is no need to purchase Domain Validated certificates for your domains. AutoSSL only offers DV and Wildcard DV certificates. No other certificate types are offered.
Wildcard - SubType
Wildcard certificates are a special kind of certificate that covers all of the subdomains of your domain. For example, if you were to purchase a wildcard certificate it would be represented like this: *.yourdomain.tld.
Any 1st level subdomain, existing, or created during the valid period of the certificate will automatically be covered. So test.yourdomain.tld, shop.yourdomain.tld, and anythingatall.yourdomain.tld will all be covered by that certificate. This does not extend to second level subdomains such as level2.level1.yourdomain.tld.
Wildcard Certificates are generally more expensive to purchase with the exception of AutoSSL when you use the Let's Encrypt plugin for AutoSSL which allows you to obtain wildcard certificates for free.
Organization Validated (OV SSL)
Organization Validated certificates require some additional vetting of the organization applying for the certificate. The certificate provider will often verify that the organization legally exists, and verifies the phone number of the company among other things. This can give visitors a higher level of confidence that they are working with the authentic organization that the website claims to represent.
Wildcard - SubType
Wildcard certificates are also offered at the OV certificate level. This allows your site to provide a higher level of trust for all of your subdomains for an additional cost.
Extended Validation (EV SSL)
On top of the checks done in DV and OV certificates, EV certificates require a deeper level of verification of the applicant organization. With this high level of verification comes a much higher level of trust that the certificate provider is able to award. This can mean that the display of your certificate may be more prominent in some browsers. For example, your organization's name may be displayed prominently next to the URL in some browsers. Due to the additional work involved in the extended validation and the added trust, these certificates are the most expensive to obtain.