An EV SSL Certificate is the most expensive and is ranked the highest type of SSL available in today’s market. While all types of SSL—Extended Validation (EV), Organization Validated (OV), and Domain Validated (DV)— offer encryption and data authenticity, they differ in terms of the level of identity verification involved and the way the certificate displays in the various browsers.
When a business wishes to have an EV SSL Certificate installed on its website server, the process by which the certificate is approved is much stricter than with other SSL certificates. The validation process also takes more time when compared to OV or DV certificates.
During the verification of EV SSL Certificates, the website owner must pass a thorough and standardized identity verification process (a set of ratified vetting principles and policies) to prove the exclusive right to use the domain. Each certificate authority (CA) asks for several documents to verify the organization’s details are correct and prove it is a genuine organization, not a fraudulent one.
The documents required for the validation process may vary from one CA to another, but they all require proof the applicant is a legitimate business.
If the documents provided pass the SSL EV Certificate validation guidelines, the SSL Certificate Authority (CA) will approve the request and issue the certificate.
This type of SSL Certificate is only available to commercial entities, including government branches and both incorporated and unincorporated businesses.
It is important to note that individuals are not eligible to be issued with an SSL EV Certificate.
When the EV Certificate has been issued and successfully installed on the server, various changes are made to the browser address bar.
• The normal HTTP is changed to HTTPS, automatically informing the user
that the connection between the server and the user’s computer is
secured by way of SSL.
• The browser address bar changes from white to green, showing the website is utilizing Extended Validated SSL.
• A padlock is displayed showing the user that the server connection is secure. Should a padlock not be displayed, or the padlock shows another symbol over it, then the page is not secured by SSL and the user should be aware of the dangers of proceeding.
• The website owner’s legal company name is displayed in a prominent position on the address bar.
Recently, phishing websites have begun to use domain validated certificates to make their sites appear legitimate.
High-profile websites often targeted by phishers and hackers, such as major brands, banks or financial institutions, may use EV SSL Certificates for their public websites, but any website that collects data, processes logins, user’s online payment details, sensitive information, etc. should adopt EV SSL and benefit from showing their verified identity.