Transition from Certificate Classes to DV, OV, and EV

Historically, certain Certificate Authorities (CAs) utilized a “Class” system to categorize digital certificates. For instance, VeriSign classified them as:

  • Class 1: Intended for individuals, primarily for email.
  • Class 2: For organizations requiring proof of identity.
  • Class 3: Used for servers and software signing. The issuing CA independently verified and checked identity and authority.
  • Class 4: Designed for online business transactions between companies.
  • Class 5: Reserved for private organizations or governmental security.

This class-based approach has become outdated. The industry has since shifted towards a clearer system based on the depth of validation and vetting:

  • DV (Domain Validated): The simplest level, similar to Class 1. The CA verifies that the applicant controls the specified domain. It’s suitable for personal sites and email but lacks details about the organization or individual behind the domain.
  • OV (Organization Validated): Analogous to Classes 2 and 3. Here, the CA verifies domain ownership and confirms specific details about the organization, such as its name and location.
  • EV (Extended Validation): This represents the highest level of validation. It can be compared to the trust level of Classes 3, 4, and 5. The CA rigorously examines the organization, ensuring its legal existence, physical presence, and domain ownership.

In summary, while not an exact match, the modern DV/OV/EV classifications offer a clearer, more intuitive understanding of the validation levels than the older Class 1-5 system. The DV/OV/EV system provides a direct insight into the certificate holder’s validation processes, guiding end-users on the level of trust they might place in a website.

DIGICERT

Below is Digicert’s “best used” for each one:

DV certificates:
  • Blogs
  • Personal websites
  • Any website that doesn’t conduct transactions or gather personal information
OV Certificates:
  • Log-in screens
  • Business sites
EV Certificates:
  • Global banks and financial services
  • Fortune 500 companies
  • Global 2000 companies
  • E-commerce
  • Enterprises
The DigiCert Validation team rejects approximately 3,750 EV certificates every year in some part due to fraudulent requests.