The three types of TLS/SSL certificates fundamentally do the same thing: encrypt information during TLS negotiations. When installed and configured correctly, both https and the padlock will display in most browsers.
However, beyond the padlock there are different levels of security and risk.
What type of TLS/SSL certificate should you obtain?
Most security administrators have done their homework on technical specifications before requesting a certificate. Is it for internal or public use? What is the user base and their method of use? What operating system and server software are involved? What systems will be affected? What are the security policy requirements?
But beyond that, a TLS certificate is not just about functionality or key size, but also about trust.
Consumer awareness
Research shows that as online fraud grows, consumer digital trust in organizations decreases. If your sites are consumer-facing, you want to earn their trust. Therefore, consider what the organization conveys to the consumer when choosing a TLS certificate.
Types of TLS/SSL certificates
There are three types of TLS certificates: Domain Validation (DV), Organization Validation (OV), and Extended Validation (EV). Certificate Authorities (CAs), such as DigiCert, validate each type of certificate at a different level of user trust.
Domain validation certificate
Domain validation certificates are compared against a domain registry to demonstrate ownership of the site's domain. However, DV certificates do not provide organization identification information. Therefore, using DV certificates for business purposes is not recommended. They may be the cheapest type of certificate, but they provide no authentication value in terms of who is behind the website.
Site visitors cannot validate whether the business identity is legitimate through the certificate, leaving them more exposed to online fraud. Consequently, DV certificates should only be used when authentication is not a concern, such as protected internal systems.
An example of a DV certificate in Chrome (after clicking the padlock):
Note that only the common name or domain is verified.
Organization validation certificate
To issue an OV certificate, the CA authenticates organizations against business registry databases created by governments. CAs may require certain documents and contact personnel to ensure that OV certificates contain legitimate business information. This is the standard type of certificate required on a commercial or public website.
An example of an OV certificate in Chrome (after clicking the padlock):
With OV not only the common name is verified, but also the country, state, city, and organization.
Extended validation certificate
EV certificates add additional validation steps and offer the highest level of authentication to safeguard your brand and protect your users. While not all websites on the web use EV certificates, they are used by leading organizations worldwide to ensure user trust. More than half of the top 400 e-commerce sites use EV, according to 2019 data from Comscore and Netcraft. They have found that switching from OV certificates to EV increases online transactions and improves customer trust.
But they are not just for e-commerce. EV certificates give your brand the highest level of security and validation to ensure that users know exactly where and to whom encrypted data is being sent. That's why EV is the global industry standard for encrypting highly confidential data. EV certificates are used for login pages, main web pages, and other sensitive areas.
Furthermore, it is extremely difficult to impersonate an EV-enabled site. Websites using EV certificates have virtually zero incidents of phishing attacks. This is significant because $17,700 is lost per minute due to phishing attacks. Phishing attacks represent more than 80 percent of reported security incidents.
Below is an example of an EV certificate in Chrome. Note that an EV certificate in Chrome will say "Valid Certificate, issued to: Company Name (US)". If you want more details, you can click on "Certificate" for more information.
EV certificates display all the details of OV and DV plus additional identification information.
Vaya más allá de la seguridad con Certificados SSL de Validacion Extendida
Extended validation goes beyond security. It has become the foundation of any reputable website that cares about security, brand, and its customers. EV makes a strong statement that your brand is committed to data security and offers the highest level of protection for your users.
Buy SSL