HomeBest PracticesSSL Certificate Best Practices – Risks & Trade Offs

SSL Certificate Best Practices – Risks & Trade Offs

Coming Soon - The Promise of Encryption & the Future of SSL/TLS


E-commerce has grown at exponential rates in the past decade, with consumers quickly recognizing the convenience of purchasing goods online and making secure and private transactions. This growth in online rests upon a foundation of trust. People trust that the websites they use to track finances and make online purchases are secure and legitimate largely because of Secure Socket Layer (SSL) certificates.

SSL certificates verify that the provider is who they claim to be and also indicate secure connections between personal devices and company websites. There are three primary types of SSL certificates, each requiring a different level of authentication: DV, (Domain Validation), OV (Organization Validation) and EV, (Extended Validation).

Understanding the differences among each SSL certificate type is important to help prevent falling victim to scammers. For example, DV certificates are quick and easy to procure and don’t require any type of information indicating the person trying to get the DV certificate actually represents a legitimate business. Fraudsters often use DV certificates to lure consumers to phishing websites that look authentic but are designed to steal sensitive information. For this reason, doing any type of transaction on a DV-only site poses risk.

OTA recognizes OV and Extended Validation SSL certificates as a best practice for consumer and brand protection and provides sites bonus points toward their overall composite score as part of the 2015 Online Trust Audit and Honor Roll program. Sites with EV SSL receive added bonus points above OV certificates, while sites with DV certificates do not receive any added scoring.  Tentative plans for the 2016 Audit will deduct points for sites with DV certificates reflecting the low trust impact resulting from their use.

Related Resources

Extended Validation SSL Certificates

Always On SSL (HSTS everywhere)

Migrating from SHA-1 to SHA-2 (Symantec)

Symantec White Paper (Registration Required)

Certificate Authority Best Practices

Test Your  SSL Infastructure (Qualys SSL Labs)

SSL Server Testing Tool (High-Tech Brdige SA)