Due to the prevalence of counterfeit Websites on the Internet, one of the key purposes of an SSL Certificate is to help assure consumers that they are actually doing business with the Website they believe they are accessing. An SSL Certificate provided by a trusted third-party authenticates the identity of a Website based on a validation process performed by the CA. However, there are several different levels of validation that back SSL Certificates depending on the certificate and the CA.
The level of identity authentication assured by a CA is a significant differentiator between SSL Certificates. The explosive growth of phishing and other fraudulent Websites designed to steal information from consumers has put a spotlight on the authentication strength of various SSL Certificates and the authentication processes employed by different CAs. There are three commonly recognized categories of SSL authentication: Extended Validation (EV), Organization Validation (OV), and Domain Validation (DV).
Extended Validation represents the best SSL Certificate and is the recommended SSL Certificate type. As the highest level of authentication using validation criteria defined by the CA/browser forum and audited annually by KPMG, EV triggers Web browsers to turn green in the address bar, and displays the organization’s name plus the name of the issuing CA. It also validates domain ownership and organizational information, along with the legal existence of the organization, and certifies its awareness and approval of the request. The result of opting for a higher value EV certificate is more security and more online trust, which leads to more transactions conducted online.
Organizational Validation stands as a more advanced and better SSL Certificate because it has more validation requirements. OV authenticates domain ownership plus the organization’s information included in the certificate (name, city, state, and country).
Domain Validation represents the simplest “good” SSL certification. DV confirms that the domain is registered, and someone with administrative rights is aware of and approves the certificate request.