LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What are the three validation levels for SSL/TLS certificates, and what is different between them?

Domain Validation (DV), Organisation Validation (OV), and Extended Validation (EV) — each requires progressively more verification of the requester's identity by the CA.

Level What CA verifies Issuance time Browser display
DV — Domain Validation Only that you control the domain (e.g. email to webmaster, DNS TXT record, file on the site) Minutes (Let's Encrypt) Padlock
OV — Organisation Validation Domain control plus real organisation exists (legal entity check) Days Padlock + cert details show org name
EV — Extended Validation OV plus physical address, operational existence, signed legal agreements 1–2 weeks Padlock (used to be green address bar; mostly removed by browsers)

What's the same across all three: the cryptography. A DV cert encrypts traffic exactly as strongly as an EV cert. The differences are only in what attribute claims the CA asserts about the subject.

The other axis — coverage:

Type Coverage
Single-domain Just example.com
Wildcard *.example.com (any direct subdomain)
Multi-domain (SAN) Up to ~25 different domains listed in Subject Alternative Names

EV was once highly visible (green address bar) but Chrome (2019) and Safari (2020) removed the visual indicator after research showed users didn't actually distinguish EV from DV in practice. The legal-entity attestation is still there, just not surfaced in the UI.

Tip: For a personal blog or hobby project, a free DV cert from Let's Encrypt is enough — it provides the same encryption strength as a $500/year EV cert. Pay for OV/EV only if your customers/auditors explicitly require it.

From Quiz: ISF / Asymmetric Cryptography | Updated: Jul 14, 2026