What’s the difference
between DV, OV & EV
SSL certificates?

Three levels of authentication, trust and
brand protection.

To understand the differences of the three types of SSL certificates—Domain Validated (DV), Organization Validated (OV), and Extended Validation (EV)—it is helpful to understand what certificates are and how certificates are issued by authorized Certificate Authorities (CAs) like DigiCert. CAs are trusted third parties that issue TLS/SSL certificates by verifying identity details of a website owner. The only way to see these details is to look beyond the lock in the address bar.

TLS/SSL certificates are two things. First, they provide a secure connection between a website by encrypting the data that is passed between users and the domain. Secondly, certificates verify the ownership and identity of the business or person that owns the URL. Just as a certificate would in the physical world, a digital certificate is essentially certifying your right to represent your business or organization online.

Decoding TLS Acronyms

The names of each SSL certificate type represent the validation steps that took place before issuance of the certificate. For example, Domain Validated certificates refer to the simple verification of the owner of a URL, whereas Organization Validated certificates verify the domain owner and authenticate the business organization affiliated with the URL. Extended Validation certificates are high assurance identity certificates because they require verification of the domain owner, business organization and the legal entity of the business involved.

At the DV level, the process is fairly short, requiring the buyer to only demonstrate control of the domain or URL. This is done by the CA sending an email to the domain owner (as listed in the WHOIS database). While convenient if you need a certificate right away, this one-check form of validation is the lowest standard on the Internet—and should be trusted accordingly.

What distinguishes OV & EV certificates are the extra layers and steps of validation required to obtain them. For both EV & OV certificates CAs must verify the domain owner as well as several details related to the affiliated business including name, type, status, and physical address.

With EV, nine additional steps are required including verifying a businesses’ public phone number, length of time in business, registration number and jurisdiction, as well as a domain fraud check, contact blacklist check and a telephone call to authenticate the employment status of the requestor.

Certificates to ensure your digital identity is secure

From zero-assurance to high-assurance certificates, here’s how the validation
process matches the brand security you expect while using the web.

Give your customers a clearer picture of who you are

Every TLS/SSL certificate type signals to customers the level of organization identity you’ve attached with your certificate, in addition to certifying that a website is encrypted.

Domain Validated

Domain Validated (DV) certificates provide the lowest level of authentication, meaning anonymous entities can get a certificate. Jane Does meander at this level.

Organization Validated

Organization Validated (OV) certificates provide additional checks to ensure brand protections. Jane Doe can no longer hide in the shadows at this level.

Extended Validation

Extended Validation (EV) certificates guarantee the highest standard of brand protections. With EV, brands signal a commitment to customers that transaction are secure. Jane Doe is thoroughly identified.

An evolving Internet and the growing
demand for privacy and identity assurances

The European Union has been a staunch advocate for stronger online security standards to increase user trust and authenticity on the internet. In 2015, the European Commission passed the Payment Services Directive, also known as PSD2, to regulate payment transactions, create a more integrated European payment services market, as well as protect consumers by making payments safer and more secure. PSD2 became effective in January 2018 and requires banks and other online payment service providers to use Qualified Certificates—which are legally binding electronic signatures and even more difficult to obtain than an EV certificate.

We want to build a more secure Internet

As the internet evolves and identity standards are increasingly compromised online, DigiCert takes an active role in the Certification Authority Browser (CA/B) Forum to advocate for higher identity assurances online. Because an authentic online identity should be just as important in the digital world, as it is in the physical world. And in today’s digitally connected world, the erosion of online identities will have an adverse effect on the public trust we aspire to uphold.