What is an OV SSL Certificate?
OV TLS/SSL stands for organization validation Transport Layer Security/Secure Sockets Layer, and it provides a high assurance TLS/SSL, an additional layer of trust online by authenticating business identity assurance and legitimacy through a certificate authority (CA).
These certificates are best suited for e-commerce by encrypting user transaction data by verifying organizational identity. OV TLS/SSL certificates use a 2048-bit bit private key and offer 256-bit encryption.
Additionally, OV TLS/SSL certificates display the organization’s name in the site seal and browser, showing the legitimacy by providing information assurance. This in turn protects websites from phishing attacks and deters potential hackers. Organization validated (OV) TLS/SSL certificates require a vetting process by the CA that, while not as extensive as an EV certification, is a much more substantial validation process compared with DV TLS/SSL. OV TLS/SSL certificates are considered more secure and require checking the applicant’s business credentials and ensuring the organization’s physical address is verified.
What is an extended validation (EV) TLS/SSL certificate?
Extended validation (EV) certificates ensure that the organization holding the certificate has gone through the most exhaustive level of identity background checks and vetting to verify that their website is authentic and legitimate.
Do I need an OV TLS/SSL certificate?
For any e-commerce website or online business that collects sensitive information from users such as credit card details, banking data, and more, an OV TLS/SSL certificate is something that should be implemented in the organization. If the online business relies on search engines, Google has stated it considers TLS/SSL as a ranking signal and without it, any website will be harder to find, which can affect traffic and sales. For individuals, a DV certification is more affordable and provides simple encryption for things like login data. However, a domain validated certificate is just not the recommended choice. At a minimum, small to mid-sized e-commerce sites should be using OV TLS/SSL certifications to provide users information about the business in the certificate. As a user carrying out a transaction through a website, an OV TLS/SSL or EV TLS/SSL certificate would provide security. OV and EV certificates make sure that financial data is being protected by the business the transaction is being done with and that they are who they portray they are.
How can I implement OV TLS/SSL certificates in my business?
With Entrust, businesses can easily apply for OV services. This will allow organizations to get access to the following Entrust capabilities:
Robust Reporting: Avoid system downtime, security gaps, and accidental certificate expirations with automatic multi-person, multi-level expiration notifications.
Unlimited Server Licenses: Install TLS/SSL certificates on an unlimited number of servers at no extra cost.
Unlimited Reissues: Cancel and reissue TLS/SSL certificates throughout their term without TLS/SSL or replacement fees.
Universal Browser Compatibility: Get TLS/SSL that is trusted by and compatible with more than 99.9% of current desktop and mobile browsers.
x.509 Compliance: All Entrust certificates conform to the widely accepted x.509 international public key infrastructure (PKI).
What is the difference between EV TLS/SSL, OV TLS/SSL, and DV TLS/SSL certificates?
Each certificate provides a different level of validation for public trust over the internet. From least extensive to most extensive:
DV or Domain Validation: Easy to obtain anonymously, but the validation is limited to domain control and the lack of identity information enables bad actors to request them.
OV or Organization Validation: A higher assurance TLS/SSL that strengthens security by verifying the organization’s information in the certificate against an independent CA; this tells visitors to the site that it is associated with a real organization, which deters fraudulent activities such as phishing.
EV or Extended Validation: For the highest level of security and assurance, EV TLS/SSL certifications are the best option for organizations that handle sensitive information (personally identifiable information) such as Social Security numbers, health records, or even credit card information and other financial data.
Learn more about OV vs EV certificates.
Why are OV TLS/SSL certificates important?
Organizations that want to provide identity assurance and strong encryption to their customers and meet a standard of best security practices while transacting with customers’ financial data need to have an organization validated (OV) certificate. It is a mid-level certificate and best suited for businesses and organizations that want to prove trustworthiness on their website, such as public bodies, e-commerce, and intranet and extranet portals.
Why choose Entrust OV TLS/SSL certificates?
Entrust is one of the founding members of the CA/Browser Forum and is always committed to conforming to the CA/Browser Forum Guidelines for Organizational Validation (OV) TLS/SSL Certificates ("Guidelines"). The most updated version of the guidelines can be found at cabforum.org. Entrust handles all customer communication and offers expertise and support for transitioning phases while industries evolve.
What are OV TLS/SSL certificate practices?
Entrusts OV TLS/SSL certificate policies, practices, and procedures meet the standards set by the CA/Browser Forum Guidelines for Organizational Validation (OV) TLS/SSL Certificates. Our practices are summarized in our Certificate Practice Statements (CPS) in our Entrust Certificate Services Repository. Every year we get audited by Deloitte for WebTrust for CAs, WebTrust for SSL Baseline Requirements, WebTrust for EV SSL, WebTrust for Code Signing Baseline Requirements, and WebTrust for Verified Mark Certificates (VMCs). For Entrust Europe, we also have audits completed to support being a Qualified Trust Service Provider.
What are the requirements for organization validation certificates?
Regardless of which CA you choose the requirements for organization validation TLS/SSL certificates are always the same. The validation process for businesses includes 3 phases:
- Domain ownership verification or DCV (domain control validation) verifies domain name ownership. There are several possible ways to validate domain ownership, like e-mail validation, HTTP/HTTPS Hash file, DNS CNAME, and Meta tag.
- Company or organization confirmation. A business/organization validation and official documentation may be required to the certification center. Typically, they require a business license or an article of incorporation/registration application. These documents can then be submitted via email, in PDF/JPG format, fax, or post mail.
- The last step is a callback process. For business validation TLS/SSL most vendors will use an automated callback process. An automated robot calls you on the verified number and tells you a validation code.
If all documents are correct and turned in on time the process typically takes 2-5 business days.