Skip to main content
banner image
venafi logo

What Is an EV SSL Certificate, and Why Should You Get One?

What Is an EV SSL Certificate, and Why Should You Get One?

EV SSL Certificate
January 9, 2018 | David Bisson

An extended validation (EV) certificate is a type of SSL/TLS certificate. It is highly valued because it requires the most amount of effort by a certificate authority (CA) to validate. As such, an EV certificate provides a high degree of trust for visitors to a website operated by the certificate owner.

Due to their intensive verification process, EV certificates are generally less common than other SSL certificates. On the opposite side of the scale, domain validated (DV) certificates are the most common type of SSL/TLS certificate. They only require verification using the domain name, validation which a domain owner achieves by confirming their email listed in the WHOIS record with the CA or placing a verification file on the website.

The next step up are organization validated (OV) certificates, which require more verification than DV certificates. For these digital files, CAs commonly request documentation verifying a domain owner's address and other organization information. If successfully obtained, OV certificates list the names of both the website and the company.

As for EV certificates, CAs require a domain owner to provide extra documentation such as a signed subscriber agreement, a signed authorization form, and documentation verifying either their business or their EV request. A vetting partner then looks over all this information in an effort to verify the domain owner's name, legal existence, operational existence, physical existence, and other properties. Successful passage of the vetting process yields a fully validated EV certificate, a digital file which shows the name of the company or organization in the address bar as well as displays the address bar in green.

Not everyone needs an EV SSL/TLS certificate for every instance. They are best reserved for high-profile websites that attackers commonly target for phishing attacks. Those generally include retailers, major technology brands, banks, and financial institutions.

EV certificates help protect against sophisticated phishing techniques. In response to a warier population of web users, fraudsters have turned to purchasing fraudulent "domain-only" SSL/TLS certificates for their convincing phishing domains. An example of this would be a certificate for paypa1.com (with the number 1 substituting for the lowercase letter "L"). This skin-deep level of apparent protection successfully fooled previous web browsers versions, as they were incapable of distinguishing between fully verified SSL/TLS certificates and easy-to-acquire "domain-only" digital files. As a result, many users thought these fake sites were real and willingly gave up their sensitive information.

By comparison, attackers can't easily obtain an EV certificate, as the amount of verification leaves ample room for a CA to spot discrepancies in the bad actors' applications. But if attackers are able to steal or compromise existing EV certificates, they have access to abuse a much wider range of trust.

Also, it's important that high-profile companies don't allow their EV certificates to expire. Failure to keep these highly trusted certificates up-to-date could raise a red flag in the minds of web visitors, causing a decline in business. To prevent this from happening, these domain owners should invest in a solution that monitors their certificates and automates the renewal process.

Related blogs

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

Why Encryption Should Be the Next Step in Operationalizing GDPR Compliance

Why Encryption Should Be the Next Step in Operationalizing GDPR Compliance

Russia-Yandex Encryption Spat Highlights Trust as a Competitive Business Advantage

Russia-Yandex Encryption Spat Highlights Trust as a Competitive Business Advantage

https phishing, tls certificate, phishing scam

FBI Warns Users about Phishing Campaigns that Leverage HTTPS Websites

About the author

David Bisson
David Bisson

David Bisson writes for Venafi's blog and is an expert in machine identity protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat