Login Signup Buy SSL Now

Toll Free Toll Free: 800-892-7095   Live Chat Live Chat

Understanding SSL Certificate Authentication & Validation

When a user visits your secure site, your web server will send a copy of your SSL certificate to the user's web browser. The information in the certificate will always include your web site's domain name, such as www.yourdomain.com, and sometimes it will also include your company's information. This lets the browser know that the web site it's connecting to is really the correct web site, and not an impostor or phishing site.

There are two types of SSL certificate authentication: Organization Validated (OV) and Domain Validated (DV).

Organization Validated (OV) SSL Certificates

An organization validated SSL certificate, such as True BusinessID EV and Wildcard SSL, will contain information about your domain name and the legal name of your business or organization. It will also contain the geographical location information for the city, state, and country where your business is registered to do business. Let's say you're visiting a secure web site that has a organization validated SSL certificate installed.

Indicates Secure SSL Page

You can double-click the padlock icon from your browser and it will display the information embedded within the SSL certificate of the site you are visiting.

SSL Certificate Information Window

On the General tab you can see that the SSL certificate is issued to a specific domain name, and has a validity period. The issuer of the certificate is also included. All SSL certificates will have this basic information: domain, validity period, and issuer.

If you click the Details tab you can find out even more about the SSL certificate for this site. Now click the certificate Subject on the left you can see who the certificate was issue to (see below). The CN is the Common Name for the certificate. The CN is another name for the site's domain name. OU stands for Organizational Unit and, the most important entry, the O field, which stands for Organization. The Organization field is the legal name of your business or organization. Following that are the Locality (city), State, and Country fields where you business is registered with your local or state government to do business.

Certificate Subject Details

Having this information available to you will help you determine who you're doing business with. It will also let you know that the site you think you're on is really that site and not some bogus phishing site trying to trick you.

The information on the business' legal name and location is part of a organization validated SSL certificate. An issuing Certification Authority (CA) will verify that the company or organization listed in the certificate is legally registered with local or state agencies via local business license or state Articles of Incorporation. When the CA issues the SSL certificate, it has vouched for the business entity and its registered domain. This type of certificate can be applied for and issued in about one to two days.

Domain-Validated (DV) SSL Certificates

A domain-validated certificate, such as QuickSSL and QuickSSL Premium, will vouch for your domain only. It will not include any information about your company nor its location (except for the two-letter country code). If you were to bring up the SSL certificate Subject details you'd see something like the window below. Because your SSL certificate is not vetted at the company level you will not see information in the certificate for the company or its location. The upside is that because the Certification Authority is not vouching for your company in a domain-validated certificate, you do not have to provide any supporting business documents. This type of certificate can be applied for and issued, in most cases, in about 10 minutes.

Certificate Subject Details

Multi-domain SSL. It's Here!

Ad_tbidmd

Our Customers

  (see more)
Our customers
Symantec SSL Platinum Partner