OV vs EV SSL — What You Should Know About Them

Understanding the difference between OV vs EV SSL is like understanding the difference between two pairs of shoes. While they both essentially serve the same function — both types of x.509 digital certificates help to facilitate encryption and assert identity — they require different levels of effort and have different features. Some shoes are somewhat inexpensive and are made quickly in mass-production environments. Others involve more individual effort, care, and attention. 

The same can be said with business validation certificates. OV and EV certificates — or what are known as SSL certificates that have undergone organization validation (OV) or extended validation (EV) — are those that undergo different levels of business validation. They help to confirm and validate the existence of the organization that requested the certificate from the issuing certificate authority (CA). This helps to create a higher standard of trust with your site visitors than what basic SSL certificates can achieve.

OV vs EV SSL Certificates — A Business Validation Comparison

As you likely know, there are a total of three types of validation for SSL certificates. The first, domain validation (DV), is the most basic and involves literally just validating the domain. (This typically involves sending an email to the requestor’s email address.) The next two types, which are considered forms of business validation, include OV and EV.

Organization Validation

At the most basic level, organization validation is domain validation plus basic business validation. This means that in addition to validating the domain, a certificate authority also will verify the company’s details.

OV SSL certificates should be the absolute minimum for banks, financial institutions, eCommerce businesses, and any websites that handle customer information. Domain validation simply doesn’t cut it when it comes to protecting this type of data.

To get a certificate issued with this level of validation, it requires your chosen CA to verify:

• That your organization is a legitimate entity;
• The physical location of your business operations (what’s referred to as “locality presence”);
• Your organization’s main telephone number via a phone call;
• That your organization controls the domain(s) listed on the certificate; and
• All of your business and certificate-related details via a final verification call.

Meeting these validation requirements shouldn’t be an issue — so long as you’re operating a valid business with a legal entity, of course. The entire process should only take between one and three days to complete and then the CA should issue the certificate.

However, if achieving the highest level of trust from your customers is important to your business, then you may want to consider an EV SSL certificate instead.

Extended Validation

An extended validation certificate takes OV’s more basic type of business validation and raises it to the next level. These types of certificates, which are considered premium SSL certificates, are better for helping you assert identity and confirm your identity to site visitors. These types of certificates are better for financial institutions, enterprises, and others who collect, store, and use customer data.  

Extended validation basically consists of providing your chosen CA with documentation that allows them to verify the following information:

• That you have submitted an enrollment form;
• Your organization’s legal name is accurate, and that the entity is active and in good standing;
• Organization tradename or DBA (Doing Business As) identifier, if applicable;
• The physical address where you conduct business operations;
• Your organization’s main phone number;
• That you control the domain(s) listed on the certificate;
• A final verification call with your contact (and someone higher up such as a manager or human resources representative) to confirm order details and ask a few additional questions.

The questions in the final verification call — the first two are asked of the contact and the second types of information requests are asked of the manager or HR representatives) — typically include:

• Did you request the certificate?
• Does everyone who has access to the account that ordered the certificate(s) have access to request the certificate(s)?
• Does the certificate requester work at the organization?
• Confirm the email, last name, job title, and telephone number

OV vs EV SSL: Comparing the Advantages of Each Certificate

The biggest differences between these types of certificates come down to:

• Their individual levels of validation and the verifications that are required to achieve them;
• The types of visual indicators they provide;
• The time it takes for a CA to issue each certificate;
• What they individually offer in terms of warranties;
• The level of identity you assert on your site; and
• The cost of each certificate and the brands that offer them.

We’ve already discussed the differences concerning the differing levels of validation and the verification requirements that go with them for OV vs EV certificates. The next thing to mention would be the difference in issuance times. Because OV SSL certificates require less validation than EV certificates do, you can expect to receive your certificate within one to three days. With certificates with extended validation, you’ll typically receive your certificate within one to five business days.

Historically, EV certificates would enable multiple visual security indicators within the browsers. Although some browsers have decided to phase out these indicators, many still support them.

One of the other main differences between OV vs EV SSL certificates comes down to the warranties that different CAs offer with them. Let’s consider the warranties offered by OV and EV certificates from a few Comodo CA (now Sectigo) sub-brands:

• An InstantSSL OV certificate comes with a $50,000 warranty. An InstantSSL OV premium certificate comes with a $250,000 warranty. A Comodo OV Elite SSL certificate comes with a $750,000 warranty.
• A PositiveSSL EV certificate, which covers a single domain (both the WWW and non-WWW versions of it), comes with a $1 million warranty. A comparable certificate from Comodo, such as the Comodo EV SSL certificate, comes with a $1.75 million warranty.

Concerning the brand and cost of these certificates, you can spend varying amounts depending on the type and brand of certificate you buy. OV SSL certificates start for as little as $27.44 per year. EV certificates, on the other hand, start for as little as $72.18 per year. It’s important to note, however, that not all brands offer both OV and EV SSL certificates.

Ultimately, when choosing between an OV vs EV SSL certificate, the choice comes down to how much identity you want to assert on your website. We believe the more you can verify your identity through a trusted third party such as a CA, the more trust you can establish with your customers and site visitors.