DV, OV and EV SSL certificates - What is the difference?
August 2019 saw both Google and Firefox made announcements that they were going to remove the visual distinction of the different certificate types from the address bar meaning that DV, OV & EV SSL certificates now all look the same. The additional data contained within the OV AND EV SSL certificate is still available but you need to use the browsers certificate viewer in order to be able to see it.
So what is the difference between them and how do we tell the difference?
Domain Validation (DV) SSL Certificates
These certificates are the easiest to obtain and they simply verify you have authority over the domain you want an SSL certificate for. Depending on the SSL certificate authority and what you want to do, this can be achieved in a number of ways such as
- Add a file to the root of the website
- Add a TXT DNS record
The SSL certificate authority can then check for these updates which will verify you have authority to administer that domain or subdomain.
Domain Validation (DV) SSL certificates can be identified by the following traits:-
- Using the browsers certificate viewer, the Organisation (O) and Organisation Unit (OU) will both show
<Not Part Of Certificate>
- The
Certificate Policies
will show an OID value of OID.2.23.140.1.2.1 - The
Subject
will only show aCN
value with the domain present i.e.CN=checkmysite.io
Organisation Validation (OV) SSL Certificates
These certificates take longer to obtain as they require additional information the needs to be verified. This may include checks like making sure your organisation is listed on appropriate registers (i.e. Companies House in the UK)
Organisation Validation (OV) SSL certificates can be identified by the following traits:-
- Using the browsers certificate viewer
- the Organisation (O) will show your organisation name
- The
Subject
will include the organisation location (L), state (ST) and country (C) as well as the organisation (O) and common name (CN)
- The
Certificate Policies
will show an OID value of OID.2.23.140.1.2.2
Extended Validation (EV) SSL Certificates
These certificates require even more information to be validated in addition to what is already being requested for OV certificates. For EV SSL certificates, you will need to prove things like the physical address for your organisation.
Extended Validation (EV) SSL certificates can be identified by the following traits:-
- Using the browsers certificate viewer
- the Organisation (O) will show your organisation name
- The
Subject
will include the organisation location (L), state (ST) and country (C) as well as the organisation (O) and common name (CN)
- The
Certificate Policies
will show an OID value of OID.2.23.140.1.1
Originally published at https://chrisshennan.com/blog/how-to-distinguish-between-dv-ov-ev-ssl-certificates