Question
What types of SSL certificates are available for ordering, what are the difference between them?
Answer
SSL certificates differs in the degree of validation and the purpose of the resource they are protecting.
Table of contents:
1. DV Certificates
2. OV Certificates
3. EV Certificates
Single domain, multi-domain, wildcard certificates - there is a wide variety of different certificates.
Let's check what are the main differences between these certificates and what sets them apart.
Let’s sort certificates by two attributes. They are “Object” and “Validation level”.
The object includes single domain (protect one domain and subdomain with "www"), multi-domain that includes different domains under one organization name and sometimes subdomains could be included.
Note : You can order a "Single Domain Certificate" directly for a subdomain, since it counts as a domain itself. You don't need a Wildcard Certificate for this.
The third type is a wildcard, that can protect a lot of subdomains of a single domain. Depending on strictness of validation status there are DV, OV and EV certificates. Depending on the purpose of usage most cheap and quick is the domain validation method. It validates only domain ownership.
Legals prefer organization validation prefer OV and EV certificates.
We can categorize the many different certificates into three classes.
Three classes symbolize the differences invalidation procedures, and how this is reflected visually.
Let's review these three classes.
DV Certificates
DV certificate verifies the ownership of the domain.
These certificates can be issued within a couple of minutes.
Domain validation is done through either email validation, HTTP(S), or DNS validation.
No company name shown next to the lock, no company name shown on the certificate detail page.
OV Certificates (Organization Validation)
For an organization validation certificate, there are several steps that need to complete before the certificate is successfully issued. Steps are organization validation, phone validation, domain validation.
Organization validation is done by checking the given company name and registration number against the information in the Chamber of Commerce.
Phone validation is done by checking the given phone number against public phone records and then performing a validation call to the certificate requester.
Domain validation is done through either email validation, HTTP(S), or DNS validation.
With organization validation certificate, company name can be found on detail page but not near lock.
EV Certificates (Extended Validation)
For an extended validation certificate, the steps that need to completed before the certificate is successfully released are similar to that of an OV certificate, with one exception. The requester needs to sign a formal agreement with the CA. The steps, in order, are organization validation, EV documentation validation, phone validation, and domain validation.
EV validation additionally is done by signing the EV documents and returning them to the CA.
This can be done digitally.
Phone validation is done by checking the given phone number against public phone records and then performing a validation call to the certificate requester.
Domain validation is done through either email validation, HTTP(S), or DNS validation.
With an extended validation certificate, the company name is shown near the lock.
REMEMBER
The certificate will be on the name of the company for which the request has been done.
If you request it for the organization SwitzerlandHolding (based in Switzerland) with the domains test.de, test.fr, and test.ch, all 3 domains will show the organization SwitzerlandHolding in the certificate.
Each certificate can only be requested for one company, regardless of the count of domains.
It is not possible to put multiple companies in a one request.
If you want to have the name of a sub-company in the certificate, you will need to request a separate (single-domain) certificate for it.
