Was this helpful? Support me via buymeacoffee.com and help me create lots more great content!

DV, OV, and EV SSL Certificates: Understanding the Differences

In August 2019, Google and Firefox announced changes to the way SSL certificates are displayed in web browsers. They eliminated the visual distinctions between Domain Validation (DV), Organization Validation (OV), and Extended Validation (EV) SSL certificates in the address bar. As a result, all SSL certificates now appear the same, making it necessary to use the browser's certificate viewer to discern the differences between them. In this article, we explore the distinctions between these certificate types.

Domain Validation (DV) SSL Certificates

Domain Validation SSL certificates are the easiest to obtain. They serve the fundamental purpose of verifying that you have control over the domain for which you are requesting the SSL certificate. This verification is typically done by one of the following methods:

  1. Adding a specific file to the root directory of the website.
  2. Adding a TXT DNS record for the domain.

The SSL certificate authority then checks for these updates to confirm your authority to manage the domain or subdomain in question. To identify DV SSL certificates, observe the following characteristics through the browser's certificate viewer:

  • The Organization (O) and Organization Unit (OU) fields both display ""
  • The Certificate Policies field shows an Object Identifier (OID) value of OID.2.23.140.1.2.1.
  • The Subject field only contains a Common Name (CN) value with the domain, for example: CN=redr.it.

Organization Validation (OV) SSL Certificates

Obtaining Organization Validation SSL certificates requires more time and additional verification steps. This may include checks to ensure that your organization is listed on appropriate registers, such as Companies House in the UK. To distinguish OV SSL certificates, use the following criteria in the browser's certificate viewer:

  • The Organization (O) field displays your organization's name.
  • The Subject field includes information about the organization's location (L), state (ST), and country (C), in addition to the organization (O) and common name (CN).
  • The Certificate Policies field shows an OID value of OID.2.23.140.1.2.2.

Extended Validation (EV) SSL Certificates

Extended Validation SSL certificates require even more extensive validation compared to OV certificates. In addition to the information requested for OV certificates, you must provide further proof, such as your organization's physical address. To identify EV SSL certificates, look for the following attributes in the browser's certificate viewer:

  • The Organization (O) field displays your organization's name.
  • The Subject field includes details about the organization's location (L), state (ST), and country (C), along with the organization (O) and common name (CN).
  • The Certificate Policies field shows an OID value of OID.2.23.140.1.1.

In summary, the differences between DV, OV, and EV SSL certificates lie in the extent of verification and the information included in the certificates. While browser changes have made them visually indistinguishable in the address bar, understanding their distinct characteristics is crucial for selecting the right certificate to meet your website's security needs.

Originally published at https://chrisshennan.com/blog/how-to-distinguish-between-dv-ov-ev-ssl-certificates