Essentially\nan SSL\/TLS certificate is a form of digital identity for your website. The\nlevel of identity differs depending on the type of certificate that you have \u2013\ncompare it to how a gym membership ID contrasts with a driver’s license versus\na passport. Each has increasingly more information that further validates your\nidentity. In that way, it’s similar to SSL\/TLS certificate verification for the\ndifferent certificate types.<\/p>\n\n
How are Certificates Verified?<\/strong><\/p>\n\n Verification\nmethods for the three types of SSL\/TLS certificates are required to follow\nstrict guidelines established by the CA\/Browser Forum. The verified information\nis included in public trust SSL\/TLS certificates and differ based on the type\nof certificate. The most basic is domain validation (DV), the next level up is\norganization validation (OV), which includes some identity assurance and\nlastly, extended validation (EV) provides the most identity checking. The\nverification process escalates with each certificate type, and that is also\nreflected in the price.<\/p>\n\n Identity v. Undisclosed SSL\/TLS\nCertificates<\/strong><\/p>\n\n A\nmix of EV and OV certificates are widely used by organizations that want to\nprovide their customers with strong encryption technology as well as deliver\nidentity assurance. Identity assurance\nhelps customers recognize whether or not a website is legitimate. It also\nprevents the brand from suffering damaging losses associated with phishing\nscams and other nefarious online activity.<\/p>\n\n EV\nand OV certificates are used primarily for client-to-server transactions where\nsensitive information (e.g., user name, password, credit card information,\netc.) is being transferred over the Internet. Encryption ensures the data\ncannot be stolen as it makes its way to the organization. The identity piece\ngives website visitors the ability to positively identify that the website they’re\non is authentic.<\/p>\n\n DV\ncertificates only verify control over a domain separating encryption from\nauthentication. In the absence of identity checks, DV certificates lack the\ncritical component of having an identifiable paper trail, and that’s where they\ndiffer from EV or OV certificates. All three certificate types provide the same\nstrong level of encryption technology.<\/p>\n\n DV Certificates<\/strong><\/p>\n\n DV\ncertificates are best used for situations that do not necessitate the important\naspect of identity assurance making them a good choice when rapid acquisition\nof encryption-based technology for server-to-server communication is needed \u2013\nfor example, transferring data between two internal servers.<\/p>\n\n The\npurpose of a DV certificate is to provide IT professionals with a fast and\naffordable way to encrypt non-sensitive data that is passed over the Internet.\nSome CAs issue DV certificates via an automated process at no charge, the\ndomain owner doesn’t even supply a credit card. The ability to acquire these\ncertificates anonymously provides an opportunity for bad actors to appear\nlegitimate without leaving a trace of identity. This is why DV certificates are\nassociated with a high-level of phishing activity.<\/p>\n\n There\nhas been some discussion among industry leaders surrounding the context for\nusing DV certificates and whether or not it is sufficient for ecommerce\ntransactions. There is no identifying information attached to a DV certificate.\nWithout it, DV offers no value for people who want to build trust with their\nwebsite visitors.<\/p>\n\n Major\nbrowsers indicate that a website is secured with DV certificate by the padlock\nwith HTTPS in the address bar, but do not show organization details because\nthey do not exist. These certificates validate domain ownership only, and do\nnot tie a domain to a person, place or entity.<\/p>\n\n OV Certificates<\/strong><\/p>\n\n OV\ncertificates have been issued since the mid-nineties making them the legacy of\nthe SSL\/TLS ecosystem. These certificates have always required that the\ncertificate subscriber complete an identity verification check. Disclosing\nidentity provides accountability and confirmed identity shows that visitors are\non the authentic site and not a look-alike.<\/p>\n\n OV\ncertificates must be validated according to stringent industry guidelines. The\nprocess basically requires three checks before an OV certificate can be issued.\nThe subscriber must:<\/p>\n\n show\ncontrol over the domain name(s) where either the applicant shows control or the\nowner of the domain name authorizes control;<\/p>\n\n have\ntheir organization verified by an approved third-party system confirming their\norganization is registered and valid; and lastly,<\/p>\n\n be\nable to able to authorize certificate issuance. The CA will contact the\napplicant using an accepted communication method. This is typically done by\nphone where the phone number has been validated as registered to the named\nidentity.<\/p>\n\n In\naddition to domain ownership required for DV certificates, the organization is\nvalidated for OV certificate issuance. Once validated, the certificate can be\ndeployed and users will be able to view the website’s confirmed identity in the\ncertificate details on most major web browsers.<\/p>\n\n EV Certificates<\/strong><\/p>\n\n In\naddition to the checks conducted for DV and OV certificates, EV certificates\nrequire a jurisdiction check with the incorporating agency or registrant, a\ncertificate subscriber agreement signed by a validated endorser, and\ncertificate issuance must be approved by a validated certificate endorser.<\/p>\n\n Since\nEV certificates undergo an increased verification level, more identity\ninformation is provided and the authorization level is higher the result is\ngreater reliability. Browsers will show a higher trust level for EV\ncertificates in the web address bar than for either DV or OV certificates. This\nmay be indicated by a green color on the lock icon or the name of verified\norganization depending on the browser \u2013 each browser handles this differently.\nHigh value organizations like financial services institutions typically prefer\nEV certificates to help their customers discern when they are on their authentic\nwebsite. They are also a great choice for landing pages to confirm the\norganization identity and increase site trust.<\/p>\n\n EV\nverification gives customers more confidence to transact on a website and helps\npreserve brand reputation for the organizations who use the. It leaves a\ndetailed paper trail where customers have recourse should they be victimized by\nany nefarious activity that takes place while transacting on that website. EV\ncertificates are distinguished with a locked padlock, organization name and sometimes\ncountry ID in the web address bar in most major browsers. The organization’s\ndetails can be found by clicking on the padlock and searching the certificate\ndetails.<\/p>\n\n The\namount of verification checking behind the various certificate types is\nreflected in the price. The increased\nvetting for EV particularly and OV certificates is what makes high assurance\ncertificates more expensive. EV certificates come with the most comprehensive\nverification checking, which includes domain verification, cross-checks among\nseveral governmental and internal checkpoints that ties the entity to a\nspecific physical location. SSL\/TLS certificates are an integral part of an\norganizations overall IT security posture.<\/p>","protected":false},"excerpt":{"rendered":" Essentially an SSL\/TLS certificate is a form of digital identity for your website. The level of identity differs depending on the type of certificate that you have \u2013 compare it to how a gym membership ID contrasts with a driver’s license versus a passport. Each has increasingly more information that further validates your identity. In […]<\/p>\n","protected":false},"author":1,"featured_media":819,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"off","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-22863","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/dinocolor.si\/en\/wp-json\/wp\/v2\/posts\/22863","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dinocolor.si\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dinocolor.si\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dinocolor.si\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dinocolor.si\/en\/wp-json\/wp\/v2\/comments?post=22863"}],"version-history":[{"count":0,"href":"https:\/\/dinocolor.si\/en\/wp-json\/wp\/v2\/posts\/22863\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dinocolor.si\/en\/wp-json\/wp\/v2\/media\/819"}],"wp:attachment":[{"href":"https:\/\/dinocolor.si\/en\/wp-json\/wp\/v2\/media?parent=22863"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dinocolor.si\/en\/wp-json\/wp\/v2\/categories?post=22863"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dinocolor.si\/en\/wp-json\/wp\/v2\/tags?post=22863"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}