EV Extended Validation Certificate

Extended validation for maximum trust with your users.

Extended Validation (EV) certificates represent the highest level of SSL/TLS validation available. Unlike DV (Domain Validation) certificates that only verify domain ownership, EV certificates require thorough verification of the organization's legal identity.

Historically, EV certificates displayed the company name in a green bar in browsers. Although this visual indication was removed by most browsers in 2019, EV certificates remain important for organizations that want to prove their verified identity.

MoniTao monitors the expiration and validity of your EV certificates to ensure continuous protection and alert you before any service interruption.

What is an EV Certificate?

Characteristics of Extended Validation certificates:

  • Rigorous validation: the certificate authority verifies the legal existence of the company, its physical address, phone number, and the requester's authority.
  • Identity in the certificate: the organization name, city, and country are included in the certificate and visible in browser details.
  • Multi-step process: validation can take 1 to 5 business days and requires official documents such as business registration.
  • Higher cost: EV certificates are more expensive than DV or OV due to the manual and rigorous validation process.

Benefits of EV Certificates

Why choose an EV certificate:

  • Increased trust: visitors can verify that your organization has been authenticated by a trusted third party.
  • Protection against phishing: attackers cannot obtain an EV certificate for a phishing domain because they wouldn't pass the validation.
  • Professional image: demonstrates a commitment to security and reassures customers, particularly for financial transactions.
  • Compliance: some regulations or business partners may require EV certificates for sites handling sensitive data.

EV Validation Process

The steps to obtain an EV certificate:

  1. Domain verification: you must prove you control the domain (similar to DV).
  2. Organization verification: the CA verifies legal existence through official registries (business registration, DUNS, etc.).
  3. Physical verification: the company's address and phone number are verified through professional directories.
  4. Requester validation: the CA verifies that the person requesting the certificate is authorized to do so for the organization.

Verify an EV Certificate

How to identify an EV certificate:

# Check certificate details
openssl s_client -connect example.com:443 2>/dev/null | openssl x509 -text -noout

# Look for Organization (O) field and EV policies
# An EV certificate will have a CA-specific policy OID

# In certificate details:
# Subject: C=US, ST=California, L=San Francisco, O=My Company Inc, CN=www.example.com
# Certificate Policies: 2.23.140.1.1 (EV policy)

EV certificates contain the full organization name and a specific policy OID that identifies the certificate as EV.

Best Practices

Tips for EV certificates:

  • Anticipate renewal: start the renewal process 30 days in advance because validation takes time.
  • Keep documents up to date: keep your business registration and other legal documents current to facilitate revalidations.
  • Monitor expiration: an expired EV certificate immediately impacts user trust. Use MoniTao for proactive alerts.
  • Evaluate ROI: for e-commerce or banking sites, the additional cost of an EV certificate is usually justified.

EV Certificate Checklist

  • Organization legally registered
  • Legal documents up to date
  • Verifiable address and phone number
  • Authorized requester identified
  • Certificate correctly installed
  • Expiration monitoring configured

Frequently Asked Questions

Does the green bar still exist?

No, since 2019 browsers have removed the special display for EV certificates. The information is still available by clicking the padlock.

Is an EV certificate more secure than a DV?

Technically, the encryption is identical. The difference is in the organization identity validation, not in cryptographic security.

How much does an EV certificate cost?

Prices range from $100 to $500 per year depending on the certificate authority and included options.

Can I have an EV wildcard certificate?

No, CA/Browser Forum rules prohibit EV wildcard certificates for security reasons.

Does Let's Encrypt offer EV certificates?

No, Let's Encrypt only offers DV certificates. For an EV certificate, you must go through a commercial CA.

Does MoniTao distinguish between certificate types?

MoniTao monitors all your SSL certificates and alerts you before they expire, regardless of their type (DV, OV, EV).

The Right Choice for Your Organization

EV certificates are suitable for organizations that want to prove their verified identity to customers. They are particularly relevant for e-commerce, banking, and any entity handling sensitive data.

With MoniTao, monitor your EV certificates and receive proactive alerts to avoid any interruption due to an expired certificate.

Useful Links

Ready to Sleep Soundly?

Start free, no credit card required.

Create My Account See pricing