The number of companies that use SSL certificates has increased significantly over the past few years, there are several reasons for this:
- Some businesses need SSL to provide privacy (i.e., data encryption).
- Some businesses use SSL to add more trust and assurance of security for customers (they want you to know they are a genuine organization and can trust them).
Since the reasons why companies use SSL differ, there are several different types of SSL certificates.
- Extended Validation SSL Certificates (EV)
- Certificates with organization validation (OV)
- Certificates with domain validation (DV)
Extended Validation (EV) SSL certificates are only issued when a Certificate Authority (CA) performs validation to ensure that the organization is authorized to use a particular domain plus the CA performs a thorough validation of the organization itself. The EV certificate issuance process is standardized and must strictly adhere to the EV rules, which were created at the CA/Browser Forum in 2007. It specifies the necessary steps that a certification authority must perform before issuing an EV certificate:
- Must verify the legal, physical, and operational activities of the subject.
- Must make sure that the organization corresponds to the official documents.
- It must be ensured that the organization has the exclusive right to use the domain specified in the EV certificate.
- Make sure that the organization is fully authorized to issue an EV certificate.
EV certificates are used for all types of businesses, including government and non-profit organizations. It takes 10-14 days to release.
The second part of the rules is relevant for the certification center and describes the criteria which the certification center has to meet before it is allowed to issue an EV certificate. It’s called, EV audit rules, and every year there is an audit for compliance with those rules.
SSL certificates with organization validation are issued only when the Certification Authority has verified that the organization has ownership of the domain plus the Certification Authority performs some checks on the organization itself. Verified information about the company is displayed in the information about the certificate, it shows the visitor what organization belongs to the site. Usually released within 7 days.
SSL certificates with domain validation are issued when a certificate authority has verified that the applicant has rights to the specified domain name. The organization information is not checked and no information about the organization is displayed in the certificate. DV certificates can be issued instantly.