What are differences of SSL certificates for web server, such like extended validation, Smart Seal, wildcards, single root? What certificates are appropriate for what needs?
What are differences of SSL certificates for web server, such like extended validation, Smart Seal, wildcards, single root? What certificates are appropriate for what needs?
With the exception of wildcards, the differences are largely cosmetic and affect browser UI behavior. All certs from trusted CA's will show the key, lock, or what have you in a browser. Some of the more vetted certs will do things like turn the address bar green in Internet Explorer.
Wildcards are different in that they can be used for any single wildcard underneath that domain. They're not restricted to a static hostname. If you have a wildcard for *.domain.com, you can use the same cert for mail.domain.com, www.domain.com, foo.domain.com, etc. However, you cannot use it for domain.com nor can you use it for subdomains such as www.corp.domain.com nor mail.corp.domain.com. You'd need a *.corp.domain.com wildcard in that case.
Update: the previous statement isn't always true. Some CA's like rapidssl will now cover *.domain.com and domain.com as the CN. This is a recent change and was probably brought about due to marketplace competition.
Extended Validation SSL Certificates validates a web site as secured with an SSL Certificate that meets the Extended Validation Standard by causing the URL address bar to turn green. It should list the organization name in the certificate and the Certificate Authority (VeriSign® or GeoTrust, for example). Firefox and Opera have announced their intention to support Extended Validation SSL in upcoming releases.
Smart Seal is basically a visual cue to your online users that your website is protected using SSL - well really that the traffic is encrypted. These typically display the Date and Time to ensure the most up-to-date security.
Extended validation requires the CA to go and validate the identity of the person/company requesting the Certificate (and verify the domain to go onto the certificate to be registered to him) which doesn't happen for a "normal Certificate".
UPDATE: and yes depending on the browser different colors will be displayed to differentiate it from other Certificates.
I guess unless you offer highly sensitive content I'd suggest to go for the normal certificate.
It should be noted that Windows Mobile 5 does not support wildcard certificates at all. Apparently Windows Mobile 6 and up do.