Understanding SSL Certificate Authentication & Validation
Like most things, SSL certificates come in several brands, and types.
There are two basic functions that SSL/TLS certificates provide: one is encryption and the other is trust. Today we're going to talk about certificate trust.
Certification Authorities (CAs) like GeoTrust, Symantec, and Comodo vouch for the authenticity of a website by verifying the registration of the site's domain name and sometimes the company or organization behind it. The extent to what information is verified is known as the authentication or validation level.
Currently there are three major certificate validation levels.
- Domain Validation (DV)
- Organization Validation (OV)
- Extended Validation (EV)
Domain Validation SSL
With a Domain Validated, or DV, certificate the CA verifies that the person applying for an SSL certificate is actually the current owner of that domain name and has domain rights . You can verify you own a domain name simply by being able to receive and respond to what's called a Domain-Control-Validation (DCV) email.
DV certs are the easiest and fastest to get, and they cost the least because the backend process for a CA to issue a DV cert can, for the most part, be automated without the need for real human interaction. Every step is computerized, reducing the costs to the CA and you.
The downside to DV certs is that they are only validated at the domain level. That is, the CA has only vouched for the domain but not the company or organization behind the domain. DV certs are great for sites that just want to get a cert on their site to give their users a secure session and maybe a possible boost to their SEO rankings.
Organization Validation SSL
An Organization Validated, or OV, certificate will display information about your domain name and the registered legal name of your business or organization. Additionally, it will contain the geographical location information for the city, state, and country where your company is registered to do business. We say that OV certs are validated or authenticated at the organization level (rather than just at the domain level).
Extended Validation SSL
Extended Validation, or EV, SSL certificates offer the pinnacle of online trust. EV certs take additional business validation steps beyond what's required of regular OV certs, hence the extended validation moniker.
Fact: Every EV cert is an OV cert but not every OV cert is an EV cert.
EV certs also provide visual trust by way of the "green bar." All popular web browsers participate in acknowledging that EV certs have gone through rigorous CA validation by turning the browser's address bar green and displaying the legal name of the company or organization. EV certificates give users instant comfort and trust by way of easy to understand visual cues.
- The highest level of trust available today
- Turns the browser's address bar green
- Displays the company or organization behind the domain
- Lets your site users instantly know your not a fake phishing site
- Not much more expensive than a regular OV cert
- Requires additional vetting and authentication steps that can seem overwhelming at first
- Can require a little more time to be completed and issued
Which SSL Type Should You Use?
Like my father always said: use the right tool for the job. If you're publishing a blog and you want to get on board with the Always-On-SSL (AOSSL) movement and possibly get an SEO boost, I would use a fast, simple and inexpensive DV certificate. Problem solved.
If, on the other hand, you're operating an e-commerce site that asks for usernames, passwords, credit cards, or any personal, private, or confidential information then definitely bring out the big EV hammer for the job. Users will feel more comfortable and are more likely to do business with you if you have an EV certificate.