DV vs OV SSL — The Key Differences Explained

Let’s talk about the differences between domain validation SSL and organization validation SSL. Yeah, it’s one of those “DV vs OV SSL” type of articles. We actually get asked about this quite a bit and, while the names of each are fairly accurate descriptors, we can’t blame you for wanting a little more information.

So, we wrote this article to lay out the key differences between domain validated SSL and organization validated SSL. Let’s start with the OG of SSL, the OV certificate.

What is Organization Validation SSL?

OV SSL is the original type of SSL. Back when the need for HTTPS first became apparently more than 20 years ago, the conventional wisdom was that only businesses needed to have SSL certificates. There was also a lot less shared hosting, where multiple websites reside on the same IP address. So, OV SSL was created to authenticate organizations and secure entire IP addresses.

Organization validation is exactly what it sounds like: The certificate authority (CA) issuing your certificate performs a business vetting that checks to see where you’re located and whether you’re operational. It’s really no problem for any organization with available registration details.

The problem, at least at first, was that OV SSL wasn’t scaling well alongside the increasing need for encryption. Shared hosting scenarios were impossible to encrypt because the certificate only worked for one domain on the IP address. Attempting to reach other domains on the same IP resulted in mismatch errors.

There was also a problem with the fact you had to be a registered organization to pass validation. The excluded a lot of websites.

The answer came in the form of Server Name Indication, or what’s referred to as SNI, a TLS extension that allows for a client to request a specific host name on an IP address. That paved the way for other kinds of SSL certificate, like DV, EV, wildcards and multi domains.

What Domain Validation SSL?

DV SSL certificates are the most basic type. They offer the same encryption and security as any other SSL certificate, but they don’t assert any organizational identity. They simply tell a user who the domain is. The upshot of this is that it’s removed the barrier to entry for smaller websites and organizations. DV SSL certificates are cheap, sometimes even free, and they can be issued almost instantly with a simple domain check.

The downside is they don’t identify the organization or entity associated with the website. As more and more phishing sites use free DV SSL certificates to look more legitimate, users are growing wise to the game. That means they look for more trust indicators, and seeing your website isn’t authenticated beyond its domain name will give a lot of people pause.

SSL: DV vs OV — What’s Better?

Knowing what to look for in an SSL certificate is critical. DV is a great option for small websites and organizations that operate on shoestring budgets and just need encryption. But, overall, OV is the superior choice. OV is no longer hamstrung by its one cert, one IP approach. You can use an OV certificate on a single domain in a shared hosting environment. OV is also the highest validation level for a wildcard certificate.

Identity is critical on today’s internet, and SSL is one of the best places to assert it. DV just can’t do that.