Should you use an EV SSL certificate to secure your website? What’s the difference between organisation validated certificate and domain validated certificate? When it comes to securing your website, the number of certificate options can make the whole process a little confusing and almost frustrating.
There are several SSL certificate brands out there, each with their own certificate flavours, so how do you make the right choice and select the brand and product that’s the best representation for your business online? As an SSL certificate reseller, we’re no stranger to these and other web security related questions. We help brands find the right SSL solution to match their budgets.
In this post, I’ll break down the different types of SSL certificates we offer and what the verification process looks like for each of them. By the end of this post, you’ll be able to determine what type of SSL certificate (domain, organisation or Extended Validation) will offer the best representation of your business online.
Why SSL certificates matter
The internet is a beautiful thing. It’s filled with tons of information on nearly every subject imaginable, but it’s not altogether safe, and there are people out there who would love to get hold of sensitive information that belongs to you and your customers.
SSL certificates perform two core functions
SSL certificates perform two core functions: encryption and authentication. Using encryption algorithms, SSL certificates encrypt the information exchanged via your server or between internal servers so that it cannot be read by anyone else.
This makes it possible for sensitive information to be shared with websites, like credit card details while you’re shopping online, or your personal identification number if you’re completing an online form. It’s important to know that browsers have begun to make it very difficult for websites without SSL certificates to thrive.
Chrome shows a warning page to visitors when they try to visit unsecure websites.
The authentication function is an extension or result of the verification process that anyone applying for an SSL certificate needs to undergo. When your business is authenticated for the issuance of a certificate, your Certificate Authority verifies certain details to be able to issue you with a trusted SSL certificate which, once installed correctly, will be activated and secure all website visitor sessions.
There are different levels of authentication that apply to different kinds of certificates. In the industry today, there are domain validated (DV), organisation validated (OV), and extended validation (EV) SSL certificates. Each certificate requires a certain amount of verification before it can be issued out.
DV SSL certificates
DV certificates are the easiest certificates to get hold of, which is also why they are often used for malicious purposes, such as phishing sites designed to steal sensitive information from unsuspecting website visitors. To get a domain validated SSL certificate you only need to prove that you own the domain, or have the right to use the domain that you want to secure.
OV SSL certificates
OV certificates, or fully authenticated SSL certificates require more vetting. With this kind of SSL certificate, you need to prove that your certificate will be issued to a registered organisation. You also need to prove ownership of that domain (or the right to use it).
EV SSL certificates
EV SSL certificates are one of the most recent developments in the SSL industry. Prior to EV SSL, website visitors who were not aware of the existence of phishing websites did not know that just because they see HTTPS in the address bar, it does not mean that the site they are visiting could not be a fake (phishing) website using a DV certificate.
Because phishing is a growing threat, the CA Browser forum was created. It was founded in 2005 and consists of a combination of Certificate Authorities and browser software vendors. In order to create a safer internet, the CA Browser Forum introduced EV SSL certificates. EV certificates, unlike DV and OV certificates, display your organisation’s name in a green text within the address bar. Using an EV certificate on your website therefore provides a visual representation that your website is secure and is not a phishing website.
When EV SSL was introduced, the CA Browser Forum also instituted a set of unique or extended validation processes that any organisation requesting an EV certificate must undergo. Like OV SSL certificates, proving that your organisation is legitimate is a step that’s included in the EV authentication process. The extended validation process goes on to include proof of your business’s:
- Physical address
- Phone number
- Operational existence (there is a minimum requirement of three years; however, for organisations less than three years, an old bank letter will suffice)
- The name, title and authority of contract signer. This information is also verified with the organisation’s HR department.
SSL certificates provide two core features, namely, encryption and authentication. Before your website can start encrypting information entered by visitors, you need to complete the authentication steps required for the kind of SSL certificate you’ve selected. DV certificates only rely on proving domain name ownership, while OV certificates are issued to organisations. EV SSL certificates require the most authentication, however they also offer the most visual representation of online security by displaying your business name in green text in the browser address bars.