SSL Certificate Types Explained: DV, OV, and EV

Not all SSL certificates are created equal. While they all encrypt traffic between a browser and a server, they differ significantly in how much identity verification the Certificate Authority (CA) performs before issuing the certificate. Understanding the three certificate types — Domain Validated (DV), Organisation Validated (OV), and Extended Validation (EV) — helps you choose the right one for your use case.

Domain Validated (DV) Certificates

A Domain Validated certificate is the most basic type. The Certificate Authority only verifies that the applicant controls the domain — it performs no checks on the organisation behind it. Verification is typically automated via one of three methods: placing a specific file on the web server, adding a DNS TXT record, or responding to an email sent to a domain-specific address.

DV certificates are issued within minutes and are the cheapest option — often free from providers like Let's Encrypt, ZeroSSL, and Cloudflare. They are perfectly adequate for:

• Personal websites and blogs
• Developer and staging environments
• Internal tools and dashboards
• APIs that don't process sensitive user data

The padlock icon in browsers looks identical regardless of certificate type, so users cannot visually distinguish a DV certificate from an OV or EV one without inspecting the certificate details.

Organisation Validated (OV) Certificates

Organisation Validated certificates require the CA to verify both domain ownership AND the legal existence of the organisation. This involves checking business registration records, verifying the organisation's address, and sometimes making phone contact. Issuance typically takes 1–3 business days.

OV certificates embed organisation details (company name, location) into the certificate itself, which is visible to users who inspect the certificate. This provides stronger trust assurance than DV. OV certificates are appropriate for:

• Business websites and corporate portals
• Login and authentication pages
• Public-facing APIs and web services
• Software download sites where code signing trust matters

Extended Validation (EV) Certificates

Extended Validation certificates undergo the most rigorous vetting process. CAs follow strict guidelines set by the CA/Browser Forum to verify the organisation's legal identity, physical existence, operational existence, and authorisation. This process typically takes 1–5 business days.

Historically, EV certificates displayed the company name in the browser address bar in green. Major browsers (Chrome, Firefox, Safari) removed this visual distinction between 2019 and 2020, citing that it provided marginal security benefit while adding complexity. Today, EV certificates still embed organisation details and have value in regulated industries and high-security environments:

• Financial institutions and banking portals
• Healthcare organisations handling patient data
• E-commerce sites processing high transaction volumes
• Government and regulatory websites

Comparison Table

Wildcard and Multi-Domain (SAN) Certificates

Beyond validation level, certificates also differ in how many domains they cover:

• Single-domain: Covers one specific domain (e.g. certnotify.com)
• Wildcard: Covers a domain and all its subdomains (e.g. *.certnotify.com — covers app.certnotify.com, api.certnotify.com, etc.)
• Multi-domain (SAN): Covers multiple different domains in a single certificate using Subject Alternative Names

Wildcard and multi-domain features can be combined with any validation level.

Which Certificate Type Do You Need?

Monitoring Your Certificate Type

Regardless of certificate type, every SSL certificate expires. Certificate expiry is one of the most preventable causes of website downtime — yet it continues to affect organisations of all sizes. CertNotify monitors your certificates continuously, checking validity, TLS version, certificate chain, and expiry — and alerts you before any issues arise.