What is the difference between SHA-1 and SHA-2?

SHA stands for Signature Hashing Algorithm. It’s a mathematical hash that proves the authenticity of the certificate. SHA-1 is an older version of the algorithm that is no longer seen as secure by industry experts and major browsers and is not allowed to be used during the generation process any longer by the industry. SHA-2 is the latest version that is widely accepted and viewed as secure by all major browsers and industry experts. The hashing algorithm of your CSR has no relevance to what hashing algorithm is used on the certificate.

How can I use 256-bit encryption?

256-bit encryption is a server configuration. This has nothing to do with the certificate itself, it is based on your server configuration. To learn this, you should seek information provided by your webhosting platform or operating system. They will inform you how to set this encryption strength up.

What is the difference between Wildcard and SAN/Multi-Domain functionality?

Wildcard SSL certificates can cover one main domain (www.domain.com) and an unlimited amount of subdomains (mail.domain.com, login.domain.com, test.domain.com, etc.). Multi-domain (SAN) SSL certificates can cover multiple domains on just one certificate. For example, Symantec and Thawte multi-domain certificates can cover up to 250 domains. GeoTrust multi-domain certificates can cover anywhere from 25 to 250 domains, depending on the type of certificate you order.

What certificates offer www and non-www coverage?

GeoTrust and RapidSSL both offer coverage for www and non-www. As long as the certificate is generated with www as the common name, the non-www version will automatically be covered. This is not the case, however, for Symantec and Thawte certificates. You will to purchase separate certificates to cover both the www and non-www common name for either of those brands. Comodo certificates also automatically cover www and non-www.

What is an Extended Validation (EV) SSL Certificate?

EV stands for Extended Validation and is the most premium type of SSL certificate available. These certificates are identified on websites mainly by the green address bar, the most universally recognized symbol of trust on the web. EV certificates are becoming more and more commonplace in the industry, especially amongst ecommerce sites, as they are used by some of the most trusted sites in the world like Bank of America, Twitter, Paypal, and more. These certificates require that a company complete a thorough vetting process before being issued.