SSL certificates with Extended Validation provide a higher level of confidence and reliability than simple DV certificates with domain verification only. The latter do not contain any information about the owner in the “Company Name”, and although they are technically support encryption, the end user cannot fully trust such an SSL certificate because they do not know who really stay at the end of the channel data transmission. Simple SSL certificate can get anyone – and scammers too.
At the same time, an extended review suggests that the CA will determine the legal personality of the customer, physical existence and functioning of the company, before issue EV SSL certificate. During the extended verification CA checks:
- the legal right of customer to use domain
- authority for SSL client certificate request
- physical existence and legal status of the customer
- compliance with company customer official records in the state register of legal entities
EV certificate may be issued only after verification of the information for the last 13 months, which means that the CA must always have a current commercial data about the customer. This reduces the risks when changing the domain owner.