SSL certificates are issued with three levels of validation – the process that verifies the identity of those operating the website. EV stands for Extended Validation and is the highest level – the gold standard for website security.
In order to issue an EV certificate, the issuer must, among other things, verify the organization’s identity and legal status. The physical existence of the company must be confirmed and a person authorized to sign for the company must confirm the order.
The process for validating an organization for an EV certificate is an international standard. It is set by the CA/Browser Forum, a body representing certificate authorities and browser manufacturers. Those who issue the certificates must also meet strict requirements.
The strict approval process is designed for the types of websites that require the greatest security and trust in the organization behind them. These organizations typically handle either payment information or sensitive personal information.
Some examples:
- Company pages with login or payment
- Online stores and marketplaces
- Bankers
- Insurance companies
- Health portals
- Public websites and services
- Universities and colleges
The other validation levels offered are DV certificates for Domain Validation and OV certificates for Organization Validation. DV only verifies that the person ordering the certificate has control over the domain. OV requires some documentation from the organization, but less than for EV. The levels provide the same encryption, but different degrees of identity verification.
EV certificates have a higher price level than other SSL certificates due to the thorough validation process. The process typically takes 1-2 weeks and the certificates need to be renewed regularly. However, for many organizations, the benefits that come with increased trust and security can outweigh the increased cost and waiting time.
