Knowledge Base

Check for answers to your questions by searching by keywords, or check categories below.

SSL Certificate types and their differences

Question

What types of SSL certificates are available for ordering, what are the difference between them?

Answer

SSL certificates differs in the degree of validation and the purpose of the resource they are protecting.

Table of contents:
1. DV Certificates
2. OV Certificates
3. EV Certificates
4. SSL Certificate Videos

Single domain, multi-domain, wildcard certificates - there is a wide variety of different certificates.
Let's check what are the main differences between these certificates and what sets them apart.

Let’s sort certificates by two attributes. They are “Object” and “Validation level”.

The object includes single domain (protect one domain and subdomain with "www"), multi-domain that includes different domains under one organization name and sometimes subdomains could be included.

The third type is a wildcard, that can protect a lot of subdomains of a single domain. Depending on strictness of validation status there are DV, OV and EV certificates. Depending on the purpose of usage most cheap and quick is the domain validation method. It validates only domain ownership.

Legals prefer organization validation (more expensive variant with organization name shown in certificate details) and EV (showing organization name to the left near the address bar).

We can categorize the many different certificates into three classes.
Three classes symbolize the differences in validation procedures, and how this is reflected visually.

Let's review these three classes.

DV Certificates

DV certificate verifies your ownership of the domain.
For a domain validation, there is only one step that need to be completed before the certificate is successfully issued.

Domain validation is done through either email validation, HTTP(S), or DNS validation.

With a domain validation certificate, there is a green lock on the left side of the address bar, but no company name shown next to the lock, and no company information shown on the certificate detail page

OV Certificates (Organization Validation)

For an organization validation certificate, there are several steps that need to complete before the certificate is successfully issued. Steps are organization validation, phone validation, domain validation.

Organization validation is done by checking the given company name and registration number against the information in the Chamber of Commerce.

Phone validation is done by checking the given phone number against public phone records and then performing a validation call to the certificate requester.

Domain validation is done through either email validation, HTTP(S), or DNS validation.

With an organization validation certificate, there is a green lock on the left side of the address bar, there is no company name shown next to the lock, but the company information is visible on the certificate detail page.

EV Certificates (Extended Validation)

For an extended validation certificate, the steps that need to completed before the certificate is successfully released are similar to that of an OV certificate, with one exception. The requester needs to sign a formal agreement with the CA. The steps, in order, are organization validation, EV documentation validation, phone validation, and domain validation.

EV validation additionally is done by signing the EV documents and returning them to the CA.
This can be done digitally.

Phone validation is done by checking the given phone number against public phone records and then performing a validation call to the certificate requester.

Domain validation is done through either email validation, HTTP(S), or DNS validation.

With an extended validation certificate, there is a green lock on the left side of the address bar, the company name is shown next to the lock, and the company information is visible on the certificate details page.

REMEMBER

The certificate will be on the name of the company for which the request has been done.
If you request it for the organization SwitzerlandHolding (based in Switzerland) with the domains test.de, test.fr, and test.ch, all 3 domains will show the organization SwitzerlandHolding in the certificate and the green bar with the locker.

Each certificate can only be requested for one company, regardless of the count of domains.
It is not possible to put multiple companies in a one request.

If you want to have the name of a sub-company in the certificate/green bar, you will need to request a separate (single-domain) certificate for it.

SSL Certificate Videos

Below you'll find videos explaining the visual differences between the three classes.
English version

  Play.png

Dutch version

 

Was this article helpful?
2 out of 2 found this helpful