(10 votes, average: 3.20 out of 5)
One of the most common questions we get asked is about whether or not Extended Validation (EV) SSL is really worth it.
The answer, for a great many companies and organizations, is yes. Unequivocally, yes.
Now, before we get started comparing EV SSL to a basic SSL Certificate, let’s preface with a few things. First of all, for the sake of this discussion we’re going to categorize “basic SSL certificate” as just non-EV, meaning we’ll cover both Domain (DV) and Organization Validation (OV) SSL and compare them to EV. Then we’ll pit the Comodo EV SSL certificate against the Comodo SSL certificate, which is one of our most popular DV options, before wrapping up with a few final thoughts.
And one last thing, for a great many websites EV isn’t even going to be an option – after all you have to be able to furnish official documentation that establish your legitimacy as legal business or organization, if you’re not a business or organization then you’re not going to be eligible for EV or even OV – in that case DV is a phenomenal option.
That’s right, if you’re a private individual running a small website or a blog, DV encryption is an ideal decision. In your case, authentication is less important than simply being able to secure your connections. In 2017, everyone needs encryption and DV is the perfect choice for a great many websites and IPs.
But for the sake of this article, we’re talking to the businesses—companies and organizations with a financial stake in their websites.
Let’s get started…
For the purposes of this discussion we’re lumping Domain Validation SSL certificates and Organization Validation SSL certificates together. The reason for this comes down to their visual appearance, whereas you can instantly recognize an EV SSL certificate on a site, DV and OV are very difficult to tell apart—we’ll get to that in a minute, though.
Here’s a quick rundown of DV and OV
All SSL certificates, regardless of authentication level, offer the same industry-standard encryption strength. That means they all offer encryption strength up to 256-bit and most come with a 2048-bit signature key. You do not get more protection from EV than DV—it’s exactly the same.
What differentiates SSL Certificates is the authentication level, and that’s where Extended Validation stands out.
To obtain EV SSL, a company must go through an extensive seven-step process of authentication. This sounds like a lot, but it’s actually not that bad for any company that keeps up to date records. In fact, the whole process can be expedited within 20 minutes in some cases.
The benefit of undergoing extensive business vetting comes in the form of a green address bar—one that has evolved to the point where it’s almost not green at all anymore.
Nowadays, the green address bar just refers to a company or organization’s name being displayed in green font along with its country of origin beside the URL in a browser’s address bar. This is an unmistakable, unimpugnable visual indicator of both identity and connection security. As soon as someone visits a site with EV SSL, they get instant visual confirmation of the site’s true identity as well as assurance of their safety there.
Now contrast that with a basic SSL certificate. In the case of basic SSL, the standard visual indicator is a green padlock and the word “Secure.” Without clicking the icon, it’s impossible to tell whether or not a site has OV or DV SSL.
Now here’s where things get even murkier, the new visual indicators – the browsers are now marking sites “Secure” and “Not Secure” on the basis of whether or not they have SSL – are going to lull many people into a false sense of security as a new binary emerges. People will make determinations about safety with a single glance, a site is either “Not Secure” or “Secure” and by extensions safe.
This will be a mistake, and people will eventually see that, but in the interim, a lot of people are going to get phished and grow skeptical of the standard “Secure” indicator. That’s because of free SSL services like Let’s Encrypt, that lack the infrastructure and funding to implement any security measures beyond simply checking Google’s blacklist.
Basically, any malicious website that isn’t blacklisted by Google yet can easily get a free SSL certificate, thus allowing it to be labeled “Secure” until Google finally does flag it. After a few months of people getting tricked by sites that have been marked “Secure,” people are going to start having trouble trusting websites.
But not websites with EV SSL certificates. They will be immune to this. You can’t fake the green address bar. It’s the only way to stand out, while also offering instant verification of identity. EV SSL inspires instant trust from consumers, and that’s only going to become more true as 2017 continues.
In addition to helping protect your customers by both encrypting connections and keeping them safe from phishing, EV SSL carries a whole host of other benefits.
For instance, per Tek-ED, EV SSL certificates have been proven to boost conversions when implemented on e-commerce websites. Some websites, such as Fitness Footwear in the UK, have seen upwards of a 28% boost in sales since investing in EV SSL. When you do the math, you’ll see that even with a modest upward tick in conversions EV SSL certificates typically pay for themselves within a matter of months.
EV SSL is also a status symbol—it says something about your brand. In fact, nowadays it says more than ever. As the browser community mandates SSL in 2017, you no longer get points just for encrypting. That’s now a requirement—it’s literally the least you can do. But EV SSL aligns your brand with the world’s top companies. It stands out for more than just security reasons—it also boosts your brand image.
The only real drawback to EV SSL has historically been the price, and as you’ll see in a moment—that’s no longer an issue.
Let’s compare the Comodo EV SSL certificate to the Comodo SSL certificate. These are two of the most popular SSL certificates available from Comodo.
|Technical Features||Comodo EV SSL||Comodo SSL|
|SSL Type||2048-bit Standard SSL||2048-bit Standard SSL|
|Issuance Time||1-5 Days||Within Minutes|
|Validation Type||Extended Validation||Domain Validation|
|Notification Level in Browsers||Green Address Bar + Domain Name and Organization Name Shown On Certificate||Domain Name Shown On Certificate Only|
|Site Seal||Dynamic Corner of Trust Seal||Dynamic Comodo Secure Seal|
|Price (1 Year)||$179.99/yr||$62.00/yr|
|Price (2 Years)||$157.49/yr||$54.25/yr|
|Price (3 Years)||$149.99/yr||$51.67/yr|
|Price (4 Years)||$146.24/yr||$50.38/yr|
|Read More||Read More|
As you can see, there are some big differences in terms of features. Aside from the benefits of top-line authentication and the green address bar, the EV SSL certificate also comes with a better site seal and a bigger warranty (1.75-million to $250,000).
The one thing that isn’t all that different is the price.
EV SSL has historically been thought of as extremely expensive, in fact some Symantec EV certificates cost upwards of a few thousand dollars. Why pay that? The Comodo EV SSL certificate starts at just $157.49/year for a two-year term. Just about any company or organization can afford that.
2017 is the year you’re going to have to get SSL, but don’t just do the bare minimum—make an investment. With Comodo EV SSL at a price this low, the question isn’t whether you can afford to go with Extended Validation—it’s whether you can afford not to.