So you know you need to move your website from HTTP to HTTPS, and you even know that you need an SSL certificate in order to do it. But do you know what type of SSL certificate you’re going to install on your web server? Did you even know there were different types of certificates? In fact, there are three different types of SSL certificates and each brings its own level of security.
The first, and most common, type of SSL certificate is a domain validation certificate, or DV SSL certificate. But just because it’s the most common doesn’t mean that it’s necessarily the best kind for your website. While all SSL certificates will have some way of verifying the information a website owner provides, this one has very little. So little in fact, that some go so far as to say that it doesn’t really verify identity at all.
This is because when a Certificate Authority (CA) tries to verify the information with a website owner, they’ll simply send an automated email to the email address provided with a confirmation link included in it. Once that link has been clicked, it verifies that the email recipient is the owner of the website address and places the security symbol on the website.
The problem with this is that anyone can create an email address and click on the link when it’s sent to that email address, even when they’re not the owner of the website. This is how many phishing websites and fake duplicate websites are created to be made to look secure, even though they aren’t.
Organization validation or, OV, SSL certificates provide a bit more security because the verification process is more involved. Government entities may be contacted in order to verify the business’ registration, the company will be verified in business databases and verification will take place to determine that the website and the domain name actually belong to the company. But while this verification process definitely is stricter, there’s still one more type of SSL certificate that requires even more.
That’s the Extended Validation (EV) SSL certificate. The verification process with EV SSL certificates is so extensive that it’s virtually impossible for someone to claim that a website is for their own business when it’s not. This verification process doesn’t just verify a company’s location, but also their phone number, the business registration within a province or country, and more. By the end of that process, there’s a real certainty that the person requesting the certificate owns, or at least is part of, the company and has the authority to act on its behalf.
So why is this important to business owners? After all, if they’re the ones requesting the certificate, they already know that they’re a legitimate business and that they’re allowed to act on its behalf, right? Well, that’s true, but that doesn’t mean that customers know it. It’s very easy to check out a website’s SSL certificate and find the details of it. And when customers find the details of a SSL certificate and find that it’s only a DV SSL certificate, they may be just as hesitant to purchase from the website or enter their information as they would be if the site didn’t have an SSL certificate at all.
Knowing that you need an SSL certificate on your website is great. But knowing what type of SSL certificate you need to get is just as important. While not all businesses will need to go through the strict validation process that an EV SSL certificate requires, there are few that should be satisfied with an OV SSL certificate. The best bet for most business is to choose an OV SSL certificate to give their customers better peace of mind, and to open the doors for them to new business.