TLS/SSL Certificates and Secure Connections
- Whenever you make a secure connection to a website, the beginning of the URL will change from HTTP to HTTPS (with the ‘S’ standing for secure).
- A padlock will also appear at the left of the address. This indicates that the page is using a TLS/SSL certificate to encrypt all communications between you and the site.
- However, not every type of certificate should be trusted to the same degree.
There are three main types of certificate:
- Domain Validated (DV)
- Organization Validated (OV)
- Extended Validation (EV)
Domain
Validated(DV) - These certificates have the lowest
cost but do not identify owner of the website. DV certs are issued
after the applicant has proven they control the domain for which the
certificate is intended. Applicants can validate domain control using
fast, online methods, such as responding to a challenge-response
email. EV and OV similarly require domain control validation, but
also require the applicant to supply business documentation to
confirm their identity.
Organization Validation (OV) – These certificates include full business and company validation from a certificate authority using currently established and accepted manual vetting processes. Because of this requirement, these certificates provide significantly higher levels of trust and security than DV SSL certificates but are not validated to the stringent standards set by the CA/B forum and do not possess the ability to turn the address bar green in the latest browsers.
Extended Validation (EV) - EV certificates are validated to the strong guidelines set by the CA/B Forum, an independent standards body consisting of major browser providers and certificate authorities. EV certificates are only issued after in-depth background checks have been carried out on the applicant company. Because of this, EV certificates provide the highest levels of security and trust to end-users. To reflect this higher level of trust, IceDragon shows a green indicator if a site has an EV certificate. The indicator contains the name and address of the company that owns the website, and the name of the CA who issued the certificate.
Trust between a person using a browser and the site they are visiting is only confirmed when two stages of validation are complete:
-
Verification that the certificate applicant owns the domain name of the website.
-
Verification that the certificate applicant is a legitimate and legally accountable business.
Users can tell an EV certificate because the name of the company that owns the site is shown in green text next to the URL. You can also click the lock to view complete details. The following screenshot shows the certificate on instantssl.com, which is operated by Comodo.