What’s the Difference Between DV, OV, IV, and EV Certificates?
Although all X.509 certificates use similar methods to assure encryption, authentication, and integrity, they vary significantly in the information they include about the identities that they secure. A useful way to categorize certificates is by the method used by the certificate authority (CA) to validate the subject information included in the certificate:
Domain Validation (DV) is the lowest level of validation, and verifies that whoever requests the certificate controls the domain that the certificate protects.
Organization Validation (OV) verifies the identity of the organization (e.g. a business, nonprofit, or government organization) of the Subject listed in the certificate, along with the location where the organization operates.
Individual Validation (IV) verifies the identity of the individual person listed as the Subject of the certificate. This may be the same as the person who requested the certificate. Often, the address of the Individual is also verified.
Extended Validation (EV), like OV, verifies the identity of an organization. However, EV represents a higher standard of trust than OV and requires more rigorous validation checks to confirm that the organization is properly registered with the authorities in its jurisdiction and that it meets the requirements set by the CA/Browser Forum.
Read on to find out how to view certificate information in a web browser, and much more about these validation types:
“Click the Lock” to View Certificate Information in a Web Browser
In modern desktop web browsers, a website secured by a valid, trusted SSL/TLS certificate will display a closed padlock to the left of the website’s URL in the address bar.
If you want to find out more about the website’s certificate, such as the validation information included, simply click the lock:
What is a DV Certificate?
Domain validated or DV certificates are the most common type of SSL/TLS certificate. They are verified using only the domain name. Typically, the CA exchanges confirmation email with an address listed in the domain’s WHOIS record. Alternatively, the CA provides a verification file which the owner places on the website to be protected, or the applicant creates a DNS record verifying control of the domain. Any of these methods confirms that the domain is controlled by the party requesting the certificate. Please see SSL.com’s Domain Validation requirements for information about the DV methods we support.
- Basic SSL
- SSL.com customers purchasing an OV SSL/TLS certificate will immediately receive a DV certificate after going through the standard domain validation process. This certificate will serve as a placeholder so you can secure your website right away. Your OV certificate will be issued as soon as all verification steps are completed and confirmed.
What does a DV Certificate look like in a web browser?
After clicking the lock in a web browser on a website with a DV certificate, you will only see that the site has a valid SSL/TLS certificate:
You can dig deeper by viewing the certificate’s Subject field. In Chrome you can do this by clicking Certificate (Valid), then choosing the Details tab and the Subject field. A Domain-Validated (DV) certificate will only show the Common Name (CN) field, including the domain name that the certificate protects:
OV and IV Certificates
Organization Validated (OV) and Individual Validated (IV) certificates require more validation than DV certificates, but provide more trust. For these types, the CA will verify the actual organization or individual person that is attempting to get the certificate. The organization’s or individual’s name is also listed in the certificate, giving added trust that both the website and its owner are reputable.
OV certificates are often used by corporations, governments and other entities that want to provide an extra layer of confidence to their visitors. Aside from SSL/TLS certificates, OV and IV are also commonly used for code signing, document signing, client authentication, and S/MIME email certificates. For more information, please refer to SSL.com’s OV and IV requirements.
What does an OV or IV Certificate look like in a web browser?
When you click the lock to view certificate information in a web browser, an OV or IV certificate looks the same as a DV certificate; the browser displays that the website has a valid SSL/TLS certificate.
Digging deeper in Chrome by clicking Certificate (valid), then selecting the Details tab and Subject field you can see that the certificate includes the URL, as well as details about the company running the website. This information was verified by the CA that issued the certificate, so you can have confidence in the identity of the website’s owner.
EV Certificates
Extended validation or EV certificates provide the maximum amount of trust to visitors, and also require the most effort by the CA to validate. Per guidelines set by the CA/Browser Forum, extra documentation must be provided to issue an EV certificate (as described in SSL.com’s EV requirements). As with OV, EV lists the company name in the certificate itself. EV certificates may only be issued to businesses and other registered organizations, not to individuals.
An EV code signing certificate is required to sign Windows 11 drivers and provides an instant SmartScreen reputation boost. If you’re not sure which code signing certificate you need, please read this FAQ.
What does an EV Certificate look like in a web browser?
If you click the lock to view a website’s SSL/TLS certificate and the site is protected with an EV certificate, the name of the website’s owner will be displayed:
As with other validation types, you can dig deeper for more information. In Chrome, click Certificate (Valid), then select the Details tab and Subject field. The information shown about the website’s owner is CA-validated, so you can trust that the entity operating the website is who they claim to be.
An EV SSL certificate provides all of the information that an OV certificate shows but provides additional important information that is useful for a website visitor.
When users visit an organization’s website that has an EV certificate, they have the assurance that it is licensed to do business in the listed jurisdiction. The organization’s serial number from an incorporation/registration agency is also listed in an EV SSL certificate, providing confirmation that it is valid to operate. These information details are significant if a website visitor intends to perform financial transactions on that website.
Summary
DV certificates offer the most basic level of validation. It verifies that whoever requests the certificate controls the domain that the certificate protects. Beyond that, however, it does not provide any additional validated identifying information.
OV and IV certificates provide a higher level of validation as they indicate the name of the organization/person as well as verified address details. These serve as stronger trust signals to users who are visiting a website, downloading a software, or emailing someone that the entities they are interacting with have verified identities.
EV certificates provide the highest level of validation and can only be issued to registered organizations or businesses. They represent a higher standard of trust than OV and require more rigorous validation checks to confirm that the organization is properly registered with the authorities in its jurisdiction and that it meets the requirements set by the CA/Browser Forum. Because they provide the maximum amount of trust, they are often preferred for entities that need to process financial transactions or sensitive data such as online banking websites, e-commerce stores, or government databases.
Need more information? Check out the pages and video shown below for SSL.com’s validation requirements for DV, OV, IV, and EV certificates:
- Domain Validation (DV) Requirements
- Organization Validation (OV) and Individual Validation (IV) Requirements
- Extended Validation (EV) Requirements
