Difference Between OV and EV SSL












Menu



	
Contact Us

	
1-877-775-4562 

	
Login

	
EN | United States



	
Enterprise

	



	Certificates
	
	
Managed SSL / TLS


	
Authentication


	
Digital Signatures


	
Secure Email


	
NAESB Compliance


	
eIDAS Compliance


	
Code Signing








	
	Management and Automation

	
	
Atlas

	
Managed PKI Platform


	
Auto Enrollment Gateway (AEG)


	
Certificate Inventory Tool


	
Mobile Devices


	
PKI for DevOps








	
	CA Services

	
	
Custom CA / Private PKI


	
Trusted Root


	
Timestamping


	
Hosted OCSP


	
See GlobalSign’s full line of solutions











	
IoT

	

IoT Identity Platform
	
IoT Edge Enroll

	
IoT CA Direct




	
IoT Device Identity Lifecycle Management


	
IoT Custom Trust Models


	
IoT Device Certificates

	
IoT Certificate Revocation
	

Hosted OCSP 




	
IoT Developer Program


	
IoT Partner Program
	
MS Azure IoT Hub Integration 

	
AWS IoT Core Integration




	
IoT Markets





	
Partners
	
Global Partnerships

	
Certified Regional Partners

	
Our Partners




	
Resources

	
Datasheets


	
White Papers & eBooks


	
Case Studies








	
How-to Videos


	
Webinars


	
Information Center


	
API Documentation





	
Support


	
Company

	
News & Events


	
 Blog


	
Leadership


	
Careers


	
Locations & Contact


	
Legal Repository


	
Corporate Policies


	
Customers





	
Shop

	
Buy Individual Certificates

	
	
	SSL/TLS CERTIFICATES

	
	
Domain Validated (DV)


	
Organization Validated (OV)


	
Extended Validation (EV)


	
Wildcard


	
Multi-Domain / SANs


	
View More








	
	CLIENT CERTIFICATES

	
	
Document Signing


	
Code Signing

 
	
S/MIME Certificates








	
	SPECIALTY CERTIFICATES

	
	
EIDAS Electronic Signatures


	
PSD2 Digital Certificates


	
Belgian Government Services


	
NAESB


	
AEC Digital Signature


	
FDA Certificates (21 CFR Part 11)


	
FDA ESG








	
	PKI Solutions

	
Did you know you can automate the management and renewal of every certificate?


Learn More
































Domain Validated vs. Organization Validated SSL













How to tell DV and OV SSL Certificates apart

There are three kinds of SSL certificates: Domain Validation (DV), Organization Validation (OV) and Extended Validation (EV).

Many articles have been written on how browsers display the differences between EV SSL and non-EV SSL. However, to determine the difference between the non-EV SSL certificates, namely DV and OV, it’s necessary to review the structure of the certificate itself.

Deterministic Approach

Today, the only way to know with confidence that a certificate is of a specific type is to know the practices of each Certificate Authority (CA). In the X.509 PKI/Digital Certificate standard, the way an issuer is supposed to express their practices is via the Certificate Policies extension as defined in RFC 5280.

This allows a CA to express a unique identifier (an OID) in issued certificates that maps to a document describing its practices associated with this certificate. This identifier can be used programmatically to make trust decisions about a certificate or to differentiate the user interface in an application based on the type of certificate.

This is exactly how browsers today can tell if a certificate is an EV Certificate. In essence they have some configuration that says “I trust GlobalSign to issue EV Certificates, when a certificate is presented to me from them that has this policy OID, show the EV user experience.”

The CAB/Forum Baseline Requirements use the same approach defining identifiers for Domain Validated and Organization Validated certificates, these are:

	Type	Policy Identifier
	Domain Validated	2.23.140.1.2.1
	Organization Validated	2.23.140.1.2.2


Having these identifiers takes us a long way towards our goal of deterministic evaluation of certificate issuance policy — that said, not all CAs have adopted them.

Heuristic Approach

Since the CA/B Forum Baseline Requirements were only established in 2012, it will naturally take some time for the existing install base of certificates to be reissued to use these Policy Identifiers called out above. GlobalSign’s CTO, Ryan Hurst, details some example code on how to configure your application to determine certificate class without reliance on object identifiers.

Summary

Unfortunately, today there is not a deterministic way to tell if a certificate was Domain or Organization Validated, however, things are changing and within a few years hopefully it will be possible.

In the meantime, there are heuristics you can use that help tell these types of certificates apart.







Information Center Articles


	What is SSL?
	What is an SSL Certificate?
	Certificate Authority Root
	What are the Types of SSL?
	CA Network Security Practices
	9 Common Myths About CAs
	What is EV SSL?
	Using a Secure Site Seal
	Telling DV & OV Apart
	Choosing Safe Key Sizes
	Transitioning to SHA-256
	1024 bit Public and Private Keys
	Security and Website Performance
	Dangers of Self-Signed Certificates
	Dangers of SSL Certificate Expiration
	Removing Upcoming GTLDs used as Internal Server Names
	What is Public-Key Cryptography?
	Why Should I Sign Code?
	What is Code Signing?
	Difference between Electronic Signatures & Digital Signatures
	397 Day Maximum TLS Certificate Validity
























GlobalSign is the leading provider of trusted identity and security solutions enabling businesses, large enterprises, cloud service providers and IoT innovators around the world to secure online communications, manage millions of verified digital identities and automate authentication and encryption. Its high-scale Public Key Infrastructure (PKI) and identity solutions support the billions of services, devices, people and things comprising the Internet of Everything (IoE).









 
	Follow Us
	


	


	


	


	


	













	About
	

	Company Profile
	News & Events

	Blog
	Legal Repository
	Corporate Policies
	Locations & Contacts
	EN / Products









	Tools
	

	SSL Server Test
	Certificate Inventory Tool









	Learning
	

	Support Site
	SSL Information Center
	Resources
	Customer Stories









	Contact
	

	Sales-us@globalsign.com
	1-877-775-4562
	Open Support Ticket
	Systems Alerts












EN | United States



Close
Click the downloads icon in the toolbar to view your downloaded file.









Close
Click the downloads icon in the toolbar to view your downloaded file.









X
Your file has been downloaded, click here to view your file.





X
Your file has been downloaded, click here to view your file.





X
Your file has been downloaded, check your file in downloads folder.





X
Your file has been downloaded, check your file in downloads folder.











	Data Subject Request Form

	Preference Center Login
	Privacy Policy
	Cookie Policy / DNT


沪ICP备08025378号




© 2021 GlobalSign. All Rights Reserved.













Get a GlobalSign Site Seal
 









































GlobalSign Website in other countries/regions







	EMEA & Americas
	
	EN / United States
	EN / United Kingdom
	EN / Europe
	EN / Scandinavia
	DE / Deutschland
	DE / Europa
	FR / France
	NL / Nederland
	ES / América Latina
	ES / España
	RU / Россия
	PT / Brasil
	EN / United Arab Emirates








	APAC
	
	日本語 / 日本
	中文 / 中华人民共和国
	EN / Hong Kong
	EN / India
	EN / Singapore
	EN / Australia & New Zealand
	EN / Philippines
	ภาษาไทย








	Preferred Partners
	
	Find a Partner
	Become a Partner
	Contact Us