Historically, certain Certificate Authorities (CAs) utilized a “Class” system to categorize digital certificates. For instance, VeriSign classified them as:
Class 1: Intended for individuals, primarily for email.
Class 2: For organizations requiring proof of identity.
Class 3: Used for servers and software signing. The issuing CA independently verified and checked identity and authority.
Class 4: Designed for online business transactions between companies.
Class 5: Reserved for private organizations or governmental security.
This class-based approach has become outdated. The industry has since shifted towards a clearer system based on the depth of validation and vetting:
DV (Domain Validated): The simplest level, similar to Class 1. The CA verifies that the applicant controls the specified domain. It’s suitable for personal sites and email but lacks details about the organization or individual behind the domain.
OV (Organization Validated): Analogous to Classes 2 and 3. Here, the CA verifies domain ownership and confirms specific details about the organization, such as its name and location.
EV (Extended Validation): This represents the highest level of validation. It can be compared to the trust level of Classes 3, 4, and 5. The CA rigorously examines the organization, ensuring its legal existence, physical presence, and domain ownership.
In summary, while not an exact match, the modern DV/OV/EV classifications offer a clearer, more intuitive understanding of the validation levels than the older Class 1-5 system. The DV/OV/EV system provides a direct insight into the certificate holder’s validation processes, guiding end-users on the level of trust they might place in a website.
Below is Digicert’s “best used” for each one:
Any website that doesn’t conduct transactions or gather personal information
Global banks and financial services
Fortune 500 companies
Global 2000 companies
The DigiCert Validation team rejects approximately 3,750 EV certificates every year in some part due to fraudulent requests.