SSL certificates explained: DV vs. OV vs. EV

SSl certificates - cover - security

Securing your website has never been more critical than it is today. Privacy regulations have never been more stringent, and sites without SSL certificates are penalized in search results. Web-users themselves are also being more careful about which websites they visit.

All of these issues can be solved, at least in part, by purchasing an SSL certificate. That seems simple enough until you realize that there are three main types of certificates and you’ll need to choose:

  • Domain Validated (DV)
  • Organization Validated (OV)
  • Extended Validated (EV)

This article explains what each option means and highlights the differences between them. Understanding these differences will help you choose the right option on your Certificate Authority (CA) application.

Domain Validated (DV)

A DV certificate is the most basic option and also the most common type. The CA will verify the site by sending a confirmation email to the email address listed in the WHOIS section. The site owner will then click on a link in the email to confirm that the email address is legitimate.

Alternatively, the CA will give the site owner a file to place on the site. By placing the file, the site owner confirms that they control the domain.

A DV is the most common type of certificate, but it engenders the least trust. All that displays on the site is the little padlock image. But this verification is inexpensive and achieved quickly. For a new blogger or firm, it’s a good way to gain some trust at a low cost.

As long as the clients aren’t parting with sensitive information, they’re likely to feel comfortable seeing just the padlock. Warranties on CA-side errors are limited to $20,000 at most.

Organization Validated (OV)

These verifications cost more because they require more effort from the CA. With these certificates, the CA validates the organization as well. The document has the company’s name on it, showing that the company and its site are legitimate.  

Companies will usually also use this type of certificate for signing code, documents, and emails, and for authenticating clients.

It’ll take about one to three business days to get the work done. The firm will be able to display the padlock and dynamic site seals. The warranties against CA-side errors are higher for this product.

An OV is a good middle-of-the-road solution for firms that collect some sensitive data from clients.

Extended Validation

With an extended validation, the CA performs a comprehensive check. The company will have to provide the CA with additional supporting documents. The CA looks into the validity of the company and its site. This check takes longer, and the price reflects this.

It’s this type of certificate that software developers such as Microsoft use to engender instant trust. Banks will usually opt for this kind as well. The company name again appears on the page and proves to the visitor that the firm was thoroughly vetted.

Not all websites need this level of verification. However, if you want to prove to your visitors that you’re a real business, you don’t get much better.

Which option is right for my website?

Choosing an option is going to depend on your target market and the type of information you hope to get from them. People tend to be quite free with their email address, for example. If you’re running a community blog, paying for an EV would be overkill.

However, if you’re running an investment platform, it wouldn’t make sense to settle for a DV.

Bear in mind that you pay an annual fee for SSL certificates. Get some quotes from a few different suppliers, and then work out which option makes the most sense for your business. Even better if your host throws one in the package.

E.g., Some of the best Australian web hosts, Canadian hosts, and UK hosting providers we recommend make SSL certificate a part of the deal. Depending on the package, you will get the appropriate type of SSL. For instance, all Hostinger, HostPapa, Kinsta, SiteGround, and Cloudways include the most basic SSL on its base plans because that’s all most need.