SSL Certificate Validation Levels: What is the Difference between Domain Validated (DV), Organization Validated (OV), and Extended Validation (EV)?
With online fraud and cybercrime increasing, website visitors are increasingly wanting confirmation of who’s on the other side of the URL. The best way to resolve questions of identity and instill confidence is to make an informed choice when it comes to selecting an SSL certificate.
When it comes to enabling an encrypted connection and confirming the domain owner, Domain Validation (DV), Organization Validation (OV) and Extended Validation (EV) SSL Certificates are all technically the same. While protecting data in transit is critically important and now a browser requirement to avoid “Not Secure” warnings, the other major value provided by SSL Certificates is validation of the identity of who’s on the other end of the connection.
SSL certificates come in three levels of validation: Domain Validation, Organizational Validation and Extended Validation. The higher the certificate level, the more in-depth and rigorous the authentication processes and, ultimately, the more confidence and trust you will ideally establish with visitors.
Here’s a summary that highlights the important differences between DV, OV and EV validation so you can make an informed choice.
Domain Validation (DV)
Validation Level: Minimal. The issuing Certification Authority verififed that you have control over the registered domain that the SSL certificate will be associated with. Often, this is done via email, by uploading a file supplied by the CA to the domain, or by making changes to a DNS record.
Pros: It’s fast, inexpensive and easy.
Cons: It’s an automated process, and therefore less authoritative.The certificate also does not provide information about your organization, which may be a concern to first-time visitors and security-minded consumers.
Best for: Blogs, internal testing domains, one-person entities.
Organization Validation (OV)
Validation Level: Moderate. The issuing Certification Authority will contact you and you will need to provide up-to-date documentation that proves your business or organization is a legitimate legal entity.
Pros: Comes with a dynamic clickable site seal that displays validated company information.
Cons: The overall visual indicators are the same as for DV except for the site seal which not all visitors know to click. Although the validation process requires human involvement, it is still pretty light.
Best for: Small e-commerce sites and entities that don’t have the budget for EV, but want to additionally authenticate their identity to increase trust.
Extended Validation (EV)
Validation Level: Highest. The issuing Certification Authority validates the ownership, organization information, physical location, and legal existence of a company. Some of the process is conducted manually, while other details are confirmed via public records. The issuance process is standardized and conforms to strict guidelines; moreover, CA’s must undergo a yearly audit and meet certain criteria before they are allowed to issue Extended Validation certificates.
Pros: Boasts the green address bar—the most universally trusted symbol on the web. The green address bar is impossible to fake, so visitors instantly know they can trust you. Visitors can view more certificate details, including the issuing Certificate Authority to add credibility. EV SSL Certificates are proven to increase conversions, but are also widely used by non-ecommerce businesses, organizations, institutions and all levels of government.
Cons: The validation process takes a more time, sometimes as long as 10 days.
Best for: Entities looking to maximize conversions and gain a competitive edge, national and global brands.