My view is that EV SSL is a convenient ploy by certificate authorities instead of fixing the broken chain of trust. It merely does what regular signed certificates did 10 years ago. Nonetheless, if you conduct business over the internet which requires protection against sophisticated phishing attacks, then you don't have a lot of other choices.

So when to definitely get EV SSL?

Are you a bank or financial services organization?
Are you a major retailer with a recognizable and trusted brand?
Are you an organization who can suffer or cause significant financial losses if a rogue website is put up impersonating your organization?

Right now, pretty much anyone can get an SSL certificate, including criminals who wish to stay anonymous, and they can get one for any website, including one that purports to be another organization. This wasn't always the case, as initially to get a signed certificate, CAs would perform extensive background checks to verify the identity of the website operator. That's why the certificates cost 0~200 and had a renewal fee each year. You were paying for the cost of verifying that you are who you claim to be.

Now, CAs buy their way into the chain of trust and then just use it as a way of essentially printing money. We pay them ~100 each year for essentially doing nothing. They simply automatically generate a signed certificate that has no meaning and is issued without any checks or scrutiny on the website it's issued for. The only difference between a regular CA-signed certificate and a self-signed certificate is that the browser displays a scary message to users when it's self-signed. But there's no guarantee that one is safer than the other.

So the system is effectively broken, which the CAs saw as an excellent opportunity to create EV SSL and charge more money for this "deluxe" certificate—you know, one where they actually do the job they're supposed to.

10% popularity Vote Up Vote Down

@Jessie594

That's mostly up to you, standard SSL's are perfectly fine and compliant. I would also decide based on the service or product i'm offering and the amount of security and trust that I had to provide visitors to the website. eCommerce for most products regular SSL is fine in my opinion. As the price of products and services reach ,000 I would suggest getting the best SSL you could which makes the Green URL areas. I forget what they're called.

10% popularity Vote Up Vote Down

Feed

: When should I go for extended-validation SSL? At what point do I need an extended-validation SSL certificates (EV) rather than the less expensive domain-validated SSL certificate?

More posts by @Bethany197

: Slower site with the same configuration than a mirror copy…? I've got this Drupal site (ligadelconsorcista.org) that I have to move it from one server to another. The reason was that my

: Is it possible to stream music/video from an Apache server? I'm just starting to get into setting up a server. I've set up a basic Apache server to access some songs and movies. When I click

: How do I go about assigning my computer to my domain name? I've just registered a domain name, just to test how uploading a website works (I've made heaps, but never uploaded one), and I

: Facebook Like Boxes returning 500 Internal Server Error Since a few days I have seen several of my clients websites, our business website and even my own personal website starting to show blank

Login to post a comment!

2 Comments

Back to top | Use Dark Theme