The main difference between each validation type is how much validation must be performed by the Certificate Authority (CA) before the certificate can be issued.
The 3 main types of certificate validation which all CA's use:
- DV (Domain Validated) Validates control of the domain by the check applicant (required by all certificate types).
- OV (Organisation Validated) Validates the identity of the applicant and organisation.
- EV (Extended Validation) In-depth validation of the identity of the applicant and organisation.
The encryption facilitated by an SSL certificate is the same regardless of validation or functionality.
Domain Validation (DV)
When performing domain validation all checks are performed on the domain where you validate management of the domain, this type of validation is required for all certificate types.
The most common methods for DV validation are HTTP and DNS
- With HTTP validation this simply requires a text file to be available on the server, the name of the file and it's content are provided by the CA.
- With DNS validation this require a DNS CNAME entry to be added to your domain, the details are provided by the CA, this method can take slightly longer as DNS may take some time to propergate.
Organisation Validation (OV)
When performing organisation validation all checks are performed on the domain (DV) in addition to validating your organisation part of this will include:
- Validating company registration information to ensure the request is for a legitimate legal entity.
- Locality presence to ensure a legal presence in your registered location.
- Verify the company has a listed phone number from a trusted directory.
Extended Validation (EV)
With an EV validation there are a lot more checks that are required to be completed before an EV certificate can be issued. The validation for an EV certificate includes DV and OV methods, this method of validation also takes the longest and can take upto 7 days to complete.
- Organisation legal name and status is in good standing.
- Organisation tradename / DBA (Doing Business As) if applicable.
- Currently operating the business.
- Address where you conduct business operations.
- Organisation main telephone number.
- Control the domain(s) listed on the certificate.
- Authenticity of the subscriber agreement.