DV, OV, EV? There are different certificates.
Standard certificates
When you’re on a website encrypted with a DV (Domain Verified) TLS/SSL certificate, you can’t check who’s providing the service. You may have been redirected to a scam site that mimics the original site and provides false information.
TSL/SSL technology ensures that data traffic between the user’s browser and your site is encrypted. This is indicated by the ‘s’ in the https:// prefix and the lock icon on your web page address. The Organisation Validated (OV) certificate also ensures that the provider of the service in question has been checked out against public registers by a verification expert.
The certificate gives your https site two important features:
- The first is information about the provider of the site. When you visit the https site, you can see the content of the certificate. This includes information about the authority that issued it (e.g., Digicert, Entrust, DVV, Let’s Encrypt) plus the address of the site certified (e.g., www.yritys.fi).
- The second is encryption. When a site has a TLS/SSL certificate, all traffic between browser and server is encrypted so none of the information you enter on the site is visible.
EV certificates
Extended Validation (EV) certificates provide higher level certification (e.g., the PSD2 certificates used by financial institutions). Other EV-level certificates include Qualified Signature Certificates, Verified Mark Email Certificates, and EV Code Signing Certificates. The verification process is more rigorous and may require the organization’s authorised signatory to use video verification.
Paid vs. free certificates – the role of a Certificate Authority
To secure your online traffic, it’s a good idea to order certificates from specialist certificate providers such as Mintly.
These companies maintain systems to ensure the trustworthiness of certificates. Certificates are supplied by CAs (Certificate Authorities) and resellers. A CA is similar to the authority that issues passports and identity cards. The role of the CA is to verify that the individuals and organizations requiring certification actually own the sites and servers they are certifying. This is an important procedure, and can only be properly carried out by operators that carry it the verification to the letter. All CAs are strictly regulated by the CA Browser Forum (https://cabforum.org/), which effectively dictates the terms of this verification procedure. Entrust is among the most trusted CAs in the industry, and their Entrust certificates are available in Finland from Mintly.
You can download a table comparing the different certificate types Mintly offer by clicking here (presently in Finnish).
Verification of certificates
After purchasing a certificate, the verification procedure is initiated and carried out by Mintly in Finland. Entrust trains and tests verification experts on an annual basis. Only those who pass this test can carry out the verifications.
These verification experts then carry out the checks that need to be made to verify your organization can get the certificate. This involves consulting officially approved public data sources and making the necessary calls to you (in Finnish or English) during working hours. Information from your company’s own website is not sufficient. Entrust then independently audits all the verifications carried out by Mintly.
This ensures that the certificate is only issued to the organization or person enttled to it.
Go back