Skip to main content
banner image
venafi logo

What Is an EV SSL Certificate, and Why Should You Get One?

What Is an EV SSL Certificate, and Why Should You Get One?

EV SSL Certificate
January 9, 2018 | David Bisson

An extended validation (EV) certificate is a type of SSL/TLS certificate. It is highly valued because it requires the most amount of effort by a certificate authority (CA) to validate. As such, an EV certificate provides a high degree of trust for visitors to a website operated by the certificate owner.


Due to their intensive verification process, EV certificates are generally less common than other SSL certificates. On the opposite side of the scale, domain validated (DV) certificates are the most common type of SSL/TLS certificate. They only require verification using the domain name, validation which a domain owner achieves by confirming their email listed in the WHOIS record with the CA or placing a verification file on the website.

The next step up are organization validated (OV) certificates, which require more verification than DV certificates. For these digital files, CAs commonly request documentation verifying a domain owner's address and other organization information. If successfully obtained, OV certificates list the names of both the website and the company.

As for EV certificates, CAs require a domain owner to provide extra documentation such as a signed subscriber agreement, a signed authorization form, and documentation verifying either their business or their EV request. A vetting partner then looks over all this information in an effort to verify the domain owner's name, legal existence, operational existence, physical existence, and other properties. Successful passage of the vetting process yields a fully validated EV certificate, a digital file which shows the name of the company or organization in the address bar as well as displays the address bar in green.

Not everyone needs an EV SSL/TLS certificate for every instance. They are best reserved for high-profile websites that attackers commonly target for phishing attacks. Those generally include retailers, major technology brands, banks, and financial institutions.

EV certificates help protect against sophisticated phishing techniques. In response to a warier population of web users, fraudsters have turned to purchasing fraudulent "domain-only" SSL/TLS certificates for their convincing phishing domains. An example of this would be a certificate for (with the number 1 substituting for the lowercase letter "L"). This skin-deep level of apparent protection successfully fooled previous web browsers versions, as they were incapable of distinguishing between fully verified SSL/TLS certificates and easy-to-acquire "domain-only" digital files. As a result, many users thought these fake sites were real and willingly gave up their sensitive information.

By comparison, attackers can't easily obtain an EV certificate, as the amount of verification leaves ample room for a CA to spot discrepancies in the bad actors' applications. But if attackers are able to steal or compromise existing EV certificates, they have access to abuse a much wider range of trust.

Also, it's important that high-profile companies don't allow their EV certificates to expire. Failure to keep these highly trusted certificates up-to-date could raise a red flag in the minds of web visitors, causing a decline in business. To prevent this from happening, these domain owners should invest in a solution that monitors their certificates and automates the renewal process.

Related blogs

Like this blog? We think you will love this.
wildcard certificates
Featured Blog

Wildcard Certificates Make Encryption Easier, But Less Secure

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

David Bisson
David Bisson

David is a Contributing Editor at IBM Security Intelligence.David Bisson is a security journalist who works as Contributing Editor for IBM's Security Intelligence, Associate Editor for Tripwire and Contributing Writer for Gemalto, Venafi, Zix, Bora Design and others.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more