DV SSL Certificate Comparison

What is Domain Validated SSL?

Domain validated SSL certificates (DV SSL) are server security certificates that provide the lowest level of validation available from commercial certificate authorities.

Before a DV SSL certificate can be issued, the issuing certificate authority will verify that a contact at the domain in question approves the certificate request. This approval is usually done by email, but can also be done via telephone or through alternate methods.

Because DV certificate issuance can usually be automated, DV certificates are often offered at prices much lower than High-Assurance or EV SSL certificates, both of which require a degree of human element in the certificate issuance process and additional organizational validation processes.

While DV certificates verify the consent of a domain owner, they make no attempt to verify who the domain owner really is. The manner in which domain validation is carried out makes this kind of certificate ideal for both phishing and man in the middle attacks.

What are the Benefits of EV and High-Assurance Validation?

High-assurance and EV ssl certificates add trust to your website.

By maintaining a human element in the validation process, it is more likely that fraudulent or phishing related activity will be detected. In addition, additional steps are taken by our validation staff to ensure that organizations to which certificates are issued are in fact in control of the domains for which they are requesting certificates, and that they are registered and in good standing with their respective governments.

This additional element is further enhanced with the issuance of EV SSL certificates. Extended validation certificates incorporate additional checks to verify the authenticity of a certificate request before the certificate is issued, and cause a web browser to display a green URL bar or other identifying characteristics to show to site visitors that the site has undergone this extended validation.

For example, one requirement before an EV certificate can be issued is that an organization be contacted at a verified phone number (i.e., a phone number listed in a physical telephone directory), and that both a verified contact and the direct supervisor of that verified contact confirm that the EV SSL certificate request is authentic.

Why Doesn't DigiCert Offer DV SSL?

At DigiCert, we believe that the drawbacks of issuing domain validated certificates far outweigh the benefits.

DV SSL certificates are extremely easy to obtain, and provide little value that could not be provided by a self-signed certificate that could be created by anyone on any server for absolutely no cost at all. Although domain validation is a very valid part of our validation process, it is only one of many checks and verification controls in place.

Evidence seems to suggest that many dangers of phishing attacks could be prevented by increased implementation and awareness of EV SSL certificates. Because EV certificates provide enhanced authentication and would be much more difficult to fraudulently obtain, and because of the additional visual cues provided to website users, extended validation provides more phishing deterrent than any kind of digital certificate previously available.

We strongly recommend that site administrators interested in maintaining the integrity of their own websites and increasing consumer awareness for online security switch to EV SSL certificates.

Domain Validation SSL Certificates

Why doesn't DigiCert issue certificates off domain validation alone?