The three levels
| Level | What's verified | Issuance time | Visible |
|---|---|---|---|
| DV | Control of the domain | Minutes | No |
| OV | Domain + organisation | Hours–days | Only in details |
| EV | Thorough legal vetting | Days | No (since ~2019) |
DV — Domain Validation
The CA only confirms that the applicant controls the domain (typically via a DNS or HTTP challenge). It is fast, free at many CAs, and fully automatable. For the vast majority of websites, DV is all you need.
OV — Organization Validation
In addition to the domain, the CA verifies that the organisation exists as a legal entity. The company name sits in the certificate details — but no ordinary visitor sees it. OV is typically used because a tender or internal policy requires it.
EV — Extended Validation
The most thorough vetting of the company. Historically EV showed the company name in a green bar in the address bar — but that was removed from all browsers around 2019, because users did not notice it. EV also typically does not support wildcards.
Which level should you choose?
DV for almost everything. OV/EV only when a specific requirement demands it. The level changes neither encryption nor browser trust — only what the CA looked up. More on the trade-off in which CA you should choose.
How CertControl helps
CertControl records the validation level and issuer for every certificate, so you can document to auditors and customers exactly which certificates you use — and get warned before they expire.
Frequently asked questions
Is an EV certificate more secure than a DV?
No. The encryption is identical. EV only vets the organisation more thoroughly, and since ~2019 browsers no longer show any visible EV indicator.
Can I get a wildcard as DV?
Yes. Wildcard certificates are available as DV (e.g. free via Let's Encrypt and DNS-01). EV typically does not support wildcards.
When should I choose OV?
When a tender, an enterprise customer or an internal policy requires the organisation to be verified in the certificate. Otherwise DV is enough.