SSL Certification

Transport Layer Security, and its now-deprecated predecessor, Secure Sockets Layer, are cryptographic protocols designed to provide communications security over a computer network. Several versions of the protocols find widespread use in applications such as web browsing, email, instant messaging, and voice over IP.

SSL Certification

There are three types of SSL Certificate available today; Extended Validation (EV SSL), Organization Validated (OV SSL) and Domain Validated (DV SSL). The encryption levels are the same for each certificate, what differs is the vetting and verification processes needed to obtain the certificate. Over the last few years the number of organizations using SSL Certificates has increased dramatically. The applications for which SSL is being used have also expanded.

you might need SSL for privacy in communication (to ensure you are not being snooped on),
or you might wish to prove you can trust who you are talking to (identity in private communication).

With encryption, you are able to hide communications from a hacker but you cannot stop them from intercepting communications and posing as your website to steal information from your customers. As people move away from brick and mortar stores and increase their online shopping and banking habits, consumers have to be able to trust they are visiting the true website of the store they are shopping on. This is more difficult to prove online. You can prove your identity by having an external third-party (like GlobalSign) vet your personal and company information. Based on this verification or vetting procedure, SSL Certificates can be broken down into three categories.

Extended Validation (EV SSL) Certificates

With an EV SSL, the Certificate Authority (CA) checks the right of the applicant to use a specific domain name plus, it conducts a thorough vetting of the organization. The issuance process of EV SSL Certificates is strictly defined in the EV Guidelines, as formally ratified by the CA/Browser forum in 2007. All the steps required for a CA before issuing a certificate are specified here including:

verifying the legal, physical and operational existence of the entity
verifying that the identity of the entity matches official records
verifying that the entity has exclusive right to use the domain specified in the EV SSL Certificate
and verifying that the entity has properly authorized the issuance of the EV SSL Certificate

Organization Validated (OV SSL) Certificates

The CA checks the right of the applicant to use a specific domain name PLUS it conducts some vetting of the organization. Additional vetted company information is displayed to customers when clicking on the Secure Site Seal, giving enhanced visibility in who is behind the site and associated enhanced trust. Organization name also appears in the certificate under the ON field.

Domain Validated (DV SSL) Certificates

The CA checks the right of the applicant to use a specific domain name. No company identity information is vetted and no information is displayed other than encryption information within the Secure Site Seal. While you can be sure that your information is encrypted, you cannot be sure who is truly at the receiving end of that information.