What are SSL Certificates?
Secure Sockets Layer (SSL) certificates are digital certificates that authenticate websites and encrypt information to protect and validate data. There are three basic types of SSL Certificates that, while possessing the same purpose of encryption and protection, vary in how they are verified by an issuing Certificate Authority, as well as the extent to which they can provide security and assurance. These three types of certificates are referred to as Domain Validated (DV), Organization Validated (OV), and Extended Validation (EV) certificates.
Domain Validated (DV) Certificates
Out of all three types of SSL certificates, DVs are the most common. When it comes to acquiring a certificate, “vetting” in this context means the process through which a CA is able to determine whether the company/organization acquiring the certificate is indeed who they say they are. Compared to OV and EV certificates, however, DVs can be acquired and CA-issued through the quickest and simplest means.
DV certificates are verified only using the domain name of a website. The CA will exchange confirmation information via email based on the address listed in the domain’s WHOIS record. Otherwise, the CA may provide the requesting company/business with a verification file that can be used to then protect the website.
The disadvantages of acquiring a DV for the minimum protection of a website include low assurance as well as lesser security. DV certificates are the most common because of their lack of a validation process with the CA, and that lack of vetting provides little assurance to website visitors that those running a site are who they claim to be. DV Certificates have advantages of speedy acquisition and low price, but they do little to provide security website visitors can trust. In other words, it follows the saying that you get what you pay for.
Organization Validated (OV) Certificates
Acquiring an OV certificate requires a little more work in terms of validation. However, this validation provides more trust and has the advantage of making a website appear more reputable to visitors. This is due to the fact that an organization’s name appears on OV certificates, so visitors can have better assurance that a website is indeed being run by those that claim it. The ownership is visible, then, which provides a level of trust lacking with a DV certificate. OV certificates are typically owned by corporations, governments, and other similar entities that wish to provide assurance to site visitors; hence why these are also often referred to as High Assurance certificates.
Specific information a CA might need to validate before issuing include not only a website’s domain name, but also the name and address of the specific company contact.
Extended Validation (EV) Certificates
Out of all three certificates, EV certificates – as a sort of golden standard – provide the highest levels of security and assurance. In accordance with the pattern you might have already noticed, this is due in part because the acquisition of an EV certificate requires the lengthiest company vetting process of the three by the issuing Certificate Authority. It likely will require more documentation to be provided by the requesting company/organization.
As with the OV certificate, an EV provides visitor assurance by listing the organization/company name in the certificate, but in addition to that, the address bar displayed in various browsers (Firefox, Chrome, etc) will also appear green. This is the most visible indication to site visitors that the site is indeed reputable, secure, and in possession of an EV certificate versus an OV or DV. This immediately visible tip-off is often very attractive to large organizations and companies that wish to offer visitors security assurance – especially those handling credit card and other sensitive information.
The three types of SSL certificates then follow a sort of hierarchy:
- DV – Most common, least validation needed for issue, least security and assurance
- OV – The middle-ground certificate that requires some CA vetting, lists organization name in certificate
- EV – A gold standard certificate that has the lengthiest vetting process, lists organization name and shows visitors a green bar.
Which certificate a customer needs for their own website may then be determined depending on the level of assurance and security they need, as well as any budgetary and time constraints in acquiring the certificate.