Validation Levels
SSL certificates are categorized by their validation level, which determines how thoroughly the applicant's identity is verified:
DV — Domain Validated
DV certificates verify only that the applicant controls the domain. The CA sends an email or requires a DNS record change to prove ownership. These are issued quickly (often within minutes) and are the most affordable option. Let's Encrypt provides free DV certificates.
Best for: Personal blogs, testing environments, simple websites that need encryption.
OV — Organization Validated
OV certificates verify both domain ownership and organization identity. The CA checks business registration records and may contact the organization directly. The certificate displays the organization's name, giving visitors more confidence.
Best for: Business websites, intranet portals, any site where trust matters.
EV — Extended Validation
EV certificates require the most rigorous identity verification. The CA performs extensive checks on the organization's legal, physical, and operational existence. Historically, EV certificates showed the organization name in the browser's address bar (green bar), though modern browsers have simplified this display.
Best for: Financial institutions, e-commerce, high-value transactions.
Coverage Types
- Single Domain — Covers one hostname (e.g., www.example.com).
- Wildcard — Covers a domain and all subdomains (e.g., *.example.com).
- Multi-Domain (SAN) — Covers multiple distinct domains with one certificate.
Choosing the Right Certificate
For most personal projects, a free DV certificate from Let's Encrypt is sufficient. For businesses, an OV certificate provides a better trust signal. EV certificates are recommended for high-security applications like banking and e-commerce.