What’s the difference between DV, OV & EV SSL certificates?
What do they mean, how are they different & where can you get them?
DV / Domain Validation
What is it?
- SSL certificate verified at a domain level e.g. email sent to webmaster or secrets in files that the Certificate Authority can check. Let’s Encrypt has great information on how they handle this:
https://letsencrypt.org/how-it-works/
- Free via Let’s Encrypt & Cloudflare, or purchase available.
How does it look?
- This blog uses a DV certificate.
Where can you get them?
- Let’s Encrypt offers free certificates. Certbot will help you get setup.
- Cloudflare sits as a proxy with free ssl between visitors and your site.
- Any SSL provider will see you DV certificates, e.g. https://www.ssls.com/
How long does it take?
- Normally issued in minutes.
OV / Organization Validation
What is it?
- Verified by Certificate Authority that the business is really the one requesting the certificate.
- Requires purchase.
How does it look?
- Generally the same as the DV certificate though if you inspect the certificate it’ll show the organization name inside, while DV certificates do not. This can aide trust with users, though may often not be noticed.
- Amazon uses an OV certificate.
Where can you get them?
- Most SSL providers will issue you an OV certificate.
- Let’s Encrypt currently have no plans to offer these though.
- Cloudflare also don’t offer these, but allow you to upload them if you pay for their Business & Enterprise plans.
How long does it take?
- Can take several days to issue.
EV / Extended Validation
What is it?
- Similar to Organization verified certificate, but with even further checks the existence of the business.
- Requires purchase, more expensive.
How does it look?
- Sometimes a full screen bar or the company name before the url
- Twitter use an EV certificate to show “Twitter, Inc. [US]”.
Where can you get them?
- Most SSL providers will also issue you an EV certificate.
Again, Let’s Encrypt currently have no plans to offer these either, nor do Cloudflare without their Business or Enterprise licences.
How long does it take?
- Can take up to a week to issue.
What about wildcard certificates?
DV & OV certificates are available as a wildcard, except some providers such as Let’s Encrypt & Cloudflare’s free plan don’t currently support them.
Facebook for example use a wildcard OV certificate to protect all their subdomains.
EV certificates are not available as wildcards though. It was decided that each address associated with an EV certificate must be validated, and, as a wildcard cannot be validated, it cannot be covered. However you can have a multi domain certificate and declare each domain on it. Or use a single EV for your main domain and a DV or OV separately for wildcard subdomains.
The million dollar question, which should you get?
In most cases I’d recommend a DV certificate as these are easy to get, cheap (or even free) and get your site encrypted and running on HTTPS quickly.
But if you’re looking to try and increase the level of trust with your users, or simply the vanity of having your name up their in the URL bar? Then an OV or better yet an EV certificate may be the way to go, though these normally cost a lot more.
In terms of Encryption, they offer the same level of encryption & so neither is more secure as such. OV & more so an EV can however increase trust the instilled with users when needed, e.g. I’d definitely recommend this for Banks and similar large well known sites that want to help users identify themselves easier.
Also it’s worth noting that mobile browsers don’t always show any difference between EV certificates: https://www.expeditedssl.com/pages/visual-security-browser-ssl-icons-and-design
Looking to move to HTTPS soon?
Over on https://movingtohttps.com our free guide shows how to do so and allows you to configure the plan to match your hosting and platform.
