This is the third in our series of insights that seek to explore and simplify the topic of SSL (and TLS) in web application hosting.
In our previous insight, we looked at SSL Certificate Terminology; in this insight, we’ll explore the differences between different SSL certificate validations and warranties.
EV vs DV vs OV vs FREE SSL Certificates
EV (Extended Validation) SSL certificates were once the best that money could buy; it would display a green bar in many web browsers and the name of the identity to which it was issued to. It meant you could be confident the person you were talking to had jumped through lots of compliance hoops to prove their identity and capability while offering no other technical advantages. A lack of user recognition and many browsers dropping the green or named bar have lost much of the value of EV certificates.
OV (Organisation Validation) SSL certificates carry a higher level of verification than DV certificates, which helps ensure the certificate is only issued to a real-world verifiable organisation.
When visiting a website, when was the last time you verified who the SSL certificate was issued to beyond a glance to see if the padlock is present next to the URL without error? Quite probably never.
DV (Domain Validation) SSL certificates undertake the minimum level of verification using DNS or HTTP methods to verify the person asking for the SSL certificate to be issued has a significant level of control over the domain name. The low cost and quick issuance of DV certificates means they are the most widely used.
FREE SSL certificates from Letsencrypt are DV, as there is no margin to perform the required verification steps.
SSL Certificate Warranty
Certificate Authorities (which we’ll cover later) often offer a $figure for warranty/insurance of their issued EV/OV/DV certificates.
We’re often asked if Free DV certificates carry any warranty, and no, they do not; however, we question the value of these promises as we’ve never seen any evidence of a successful claim against them in two-plus decades.
Keep updated with the latest from Pipe Ten by subscribing below.
More in the Simplifying SSL/TLS series
- SSL Basics – What is SSL?
- SSL Certificate Terminology
- EV vs DV vs OV vs FREE SSL Certificates
- Certificate Authorities and The Signing Process
- TLS and Versions
- Web Server Headers
- Mixed Content Warning
- Testing & Tools
Author: Carl Heaton
Carl is a founder of Pipe Ten and uses his role as Technical Director to drive the company’s vision to transform business online in delivering it’s mission to forge agile technical partnerships that accelerate web success. Carl boasts an illustrious career spanning over two decades, starting as a fledgling web developer in his teens, he swiftly ascended the ranks, honing his skills in architecting secure web application infrastructure. With his finger on the pulse of emerging web technologies, Carl has tracked and influenced the ever changing world of cyber security, internet governance, industry regulations and information security compliance ensuring Pipe Ten successfully achieved and maintain ISO/IEC 27001 certification.