Knowledge Base

Check for answers to your questions by searching by keywords, or check categories below.

SSL Certificate types and their differences

Question:

What types of SSL certificates are available for ordering, what are the difference between them?

Answer:

SSL certificates differs in the degree of their validation and the purpose of the resource they are protecting.

Table of contents:
1. DV Certificates
2. OV Certificates
3. EV Certificates
4. SSL Certificate Videos

Single domain, multi-domain, wildcard certificates - there is a wide variety of different certificates.
Let's check what are the main differences between these certificates and what sets them apart. 

Let’s sort certificates by two attributes. They are “Object” and “Validation level”.

The object includes single domain (such certificates protect one domain and subdomain with www), multi-domain that includes many different domains under one organization name and sometimes even subdomains could be included.

The third type is a wildcard, that can protect a lot of subdomains of a single domain. Depending on seriousness of validation status there are DV, OV and EV certificates. Depending on the purpose of usage most cheap and quick is the domain validation method. It validates only domain ownership.

Legal companies prefer organization validation (this more expensive variant with organization name shown in certificate details) and EV (EV certificate also showing organization name to the left near address bar).

We can categorize the many different certificates into three classes.
Three classes symbolize the differences in validation procedures, and how this is reflected visually.

Let's review these three classes.

DV Certificates

DV certificate verifies that you are truly the owner of the domain.
For a domain validation certificate, there is only one step that need to be completed before the certificate is successfully released, domain validation.

Domain validation is done through either email validation, HTTP(S), or DNS validation.

With a domain validation certificate, there is a green lock on the left side of the address bar, but there is no company name shown next to the lock, and no company information shown on the certificate detail page

OV Certificates (Organization Validation)

For an organization validation certificate, there are several steps that need to complete before the certificate is successfully released. These steps, in order, are organization validation, telephonic validation, and domain validation.

Organization validation is done by checking the given company name and registration number against the information in the Chamber of Commerce.

Telephonic validation is done by checking the given telephone number against public phone records and then performing a validation call with the certificate requester.

Domain validation is done through either email validation, HTTP(S), or DNS validation.

With an organization validation certificate, there is a green lock on the left side of the address bar, there is no company name shown next to the lock, but the company information is visible on the certificate detail page.

EV Certificates (Extended Validation)

For an extended validation certificate, the steps that need to completed before the certificate is successfully released are similar to that of an OV certificate, with one exception. The requester needs to sign a formal agreement with the CA. The steps, in order, are organization validation, EV documentation validation, telephonic validation, and domain validation.

EV validation additionally is done by signing the EV documents and returning them to the CA. This can be done digitally.

Telephonic validation is done by checking the given telephone number against public phone records and then performing a validation call with the certificate requester.

Domain validation is done through either email validation, HTTP(S), or DNS validation.

With an extended validation certificate, there is a green lock on the left side of the address bar, the company name is shown next to the lock, and the company information is visible on the certificate detail page.

REMEMBER

The certificate will be on the name of the company for which the request has been done. So for example, if you request it for the organization SwitzerlandHolding (based in Switzerland) with the domains test.de, test.fr, and test.ch, all 3 domains will show the organization SwitzerlandHolding in the certificate and the green bar with the locker.

In other words, each certificate request can only be requested for 1 company, regardless of the count of domains. It is not possible to put multiple companies in 1 request.

If you want to have the name of a sub-company in the certificate/green bar, you will need to request a separate (single-domain) certificate for it.

SSL Certificate Videos

Below you'll find videos explaining the visual differences between the three classes.

Click here for the English version of the video.

  Play.png

Click here for the Dutch version of the video.

 

Was this article helpful?
2 out of 2 found this helpful