Menu

Sponsored By: Password Angel - Share passwords, API keys, credentials and more with secure, single-use links.

Learn more

DV, OV and EV SSL certificates - What is the difference?

August 2019 saw both Google and Firefox made announcements that they were going to remove the visual distinction of the different certificate types from the address bar meaning that DV, OV & EV SSL certificates now all look the same. The additional data contained within the OV AND EV SSL certificate is still available but you need to use the browsers certificate viewer in order to be able to see it.

So what is the difference between them and how do we tell the difference?

Domain Validation (DV) SSL Certificates

These certificates are the easiest to obtain and they simply verify you have authority over the domain you want an SSL certificate for. Depending on the SSL certificate authority and what you want to do, this can be achieved in a number of ways such as

  • Add a file to the root of the website
  • Add a TXT DNS record

The SSL certificate authority can then check for these updates which will verify you have authority to administer that domain or subdomain.

Domain Validation (DV) SSL certificates can be identified by the following traits:-

  • Using the browsers certificate viewer, the Organisation (O) and Organisation Unit (OU) will both show <Not Part Of Certificate>
  • The Certificate Policies will show an OID value of OID.2.23.140.1.2.1
  • The Subject will only show a CN value with the domain present i.e. CN=checkmysite.io

Organisation Validation (OV) SSL Certificates

These certificates take longer to obtain as they require additional information the needs to be verified. This may include checks like making sure your organisation is listed on appropriate registers (i.e. Companies House in the UK)

Organisation Validation (OV) SSL certificates can be identified by the following traits:-

  • Using the browsers certificate viewer
    • the Organisation (O) will show your organisation name
    • The Subject will include the organisation location (L), state (ST) and country (C) as well as the organisation (O) and common name (CN)
  • The Certificate Policies will show an OID value of OID.2.23.140.1.2.2

Extended Validation (EV) SSL Certificates

These certificates require even more information to be validated in addition to what is already being requested for OV certificates. For EV SSL certificates, you will need to prove things like the physical address for your organisation.

Extended Validation (EV) SSL certificates can be identified by the following traits:-

  • Using the browsers certificate viewer
    • the Organisation (O) will show your organisation name
    • The Subject will include the organisation location (L), state (ST) and country (C) as well as the organisation (O) and common name (CN)
  • The Certificate Policies will show an OID value of OID.2.23.140.1.1

Originally published at https://chrisshennan.com/blog/how-to-distinguish-between-dv-ov-ev-ssl-certificates

Subscribe to my newsletter...

... and receive the musings of an aspiring #indiehacker directly to your inbox once a month.

These musings will encompass a range of subjects such as Web Development, DevOps, Startups, Bootstrapping, #buildinpublic, SEO, personal opinions, and experiences.

I won't send you spam and you can unsubscribe at any time.