What is the difference between SHA-1 and SHA-2?

SHA stands for Signature Hashing Algorithm. It’s a mathematical hash that proves the authenticity of the certificate. SHA-1 is an older version of the algorithm that is no longer seen as secure by industry experts and major browsers and is not allowed to be used during the generation process any longer by the industry. SHA-2 is the latest version that is widely accepted and viewed as secure by all major browsers and industry experts. The hashing algorithm of your CSR has no relevance to what hashing algorithm is used on the certificate.

How can I use 256-bit encryption?

256-bit encryption is a server configuration. This has nothing to do with the certificate itself, it is based on your server configuration. To learn this, you should seek information provided by your webhosting platform or operating system. They will inform you how to set this encryption strength up.

What is the difference between Wildcard and SAN/Multi-Domain functionality?

Wildcard SSL certificates can cover one main domain (www.domain.com) and an unlimited amount of subdomains (mail.domain.com, login.domain.com, test.domain.com, etc.). Multi-domain (SAN) SSL certificates can cover multiple domains on just one certificate. For example, Symantec and Thawte multi-domain certificates can cover up to 250 domains. GeoTrust multi-domain certificates can cover anywhere from 25 to 250 domains, depending on the type of certificate you order.

What certificates offer www and non-www coverage?

GeoTrust and RapidSSL both offer coverage for www and non-www. As long as the certificate is generated with www as the common name, the non-www version will automatically be covered. This is not the case, however, for Symantec and Thawte certificates. You will to purchase separate certificates to cover both the www and non-www common name for either of those brands. Comodo certificates also automatically cover www and non-www.