SSL证书必知必会之SSL证书类型
一般的CA机构提供三种类型的SSL证书:域名型SSL(DV SSL),企业型SSL(OV SSL)以及增强型SSL(EV SSL)证书。
1.EV SSL证书 - 扩展验证型SSL证书
EV SSL是 Extended Validation SSL 的缩写,指遵循全球统一的严格身份验证标准颁发的SSL证书,是目前业界最高安全级别的SSL证书。用户访问部署了EV SSL证书的网站,不仅浏览器地址栏会显示安全锁标志,而且浏览器地址栏会变成绿色。
Extended Validation SSL Certificate, 简称为:EV SSL证书,意思是:遵循全球统一的严格身份验证标准颁发的 SSL 证书 。 EV SSL证书的诞生是为了对付日益猖獗的网上欺诈犯罪,意在恢复并增强人们对网上在线交易的信心。
为了解决出现的在线欺诈泛滥问题,全球著名的数字证书颁发机构联合主流浏览器开发商创立了数字证书和浏览器论坛,拟在开发一个解决方案来解决网上信任危机和有效地防止在线欺诈犯罪。 EV SSL证书就是第一个开发成果来保护用户不与没有经过严格身份验证的网上商户从事在线交易,所有颁发 EV SSL证书的数字证书颁发机构必须按照统一标准来对申请者进行严格的身份验证,而浏览器能识别出 EV SSL证书而使得地址栏变成绿色,这样,在线消费者就能非常清楚地知道他们/她们正在与谁做生意。
2.OV SSL证书 - 机构验证型SSL证书
标准型 SSL证书就是OV SSL证书(Organization Validation SSL)。
OV SSL是 Organization Validation SSL 的缩写,指需要验证网站所有单位的真实身份的标准型SSL证书,此类证书也就是正常的SSL证书,不仅能起到网站机密信息加密的作用,而且能向用户证明网站的真实身份。所以,推荐在所有电子商务网站使用,因为电子商务需要的是在线信任和在线安全。
点击安全锁标志,“查看证书”就能此类证书的 “ 详细信息 ” – “ 主题 ”, 主题中显示 O 字段 (O 就是 Organization , O 字段用于显示单位名称 )
如果看到证书主题信息中没有“O=”,或 “O=”不是公司名称,而是网站域名,则都不是OV SSL证书。
3.DV SSL证书 - 域名验证型SSL证书
DV SSL 是 Domain Validation SSL 的缩写,指只验证网站域名所有权的简易型SSL证书,此类证书仅能起到网站机密信息加密的作用,无法向用户证明网站的真实身份。所以,不推荐在电子商务网站部署 DV SSL证书,因为电子商务首先需要的是在线信任,其次才是在线安全。
DV SSL证书仅适合于个人网站或非电子商务网站,此类只验证域名所有权的低端SSL证书已经被国外各种欺诈网站滥用。
DV SSL是完全自动的只验证域名所有权的 SSL 证书,无需人工干预(无需人工做身份验证)而大大降低了成本,价格非常便宜,并且无需等待 3-5 天, 10 分钟就自助颁发而得到证书。
点击安全锁标志,“查看证书”就能此类证书的 “ 详细信息 ” – “ 主题 ” ,就能发现:主题中没有 O 字段 (O 就是 Organization , O 字段用于显示单位名称 ) ,或 O 字段显示不是公司名称,而是网站域名
4.IV SSL证书
IV SSL 是 Individuals Validation SSL 的缩写,指需要验证网站经营者(个人)的真实身份的专业级(Class 2级)SSL证书,不仅能起到网站机密信息加密的作用,而且能向用户证明网站的真实身份。
点击安全锁标志,在WIN7 系统中,点“查看证书”就能看到此类证书的 “ 详细信息 ” – “ 使用者 ”, 使用者中显示 O 字段 (显示网站经营者的姓名 )
扩展阅读:
Several different types of SSL certificates are available. We’re going to go over them so that you have a better understanding of which one is going to be best for your particular needs. While SSL may seem hard to understand at first, all it takes is a little time and studying to learn the differences between the different types of certificate’s available.
DV (domain validation)
Domain validation or DV certificates are verified according to the domain name. Typically, this is done by sending an email to an address listed in the WHOIS record from the domain. This is similar to an AV certificate, which is listed next, but it’s different in that a DV cert is intended to be used by SSL/TLS-enabled websites.
AV (address validation)
AV, email address validation, is similar to DV certificates, but Mozilla and others in the industry think it deserves its own classification because it deals only with the fact that a person has control of an email address from a particular domain. This type of certificate is used for S/MIME email.
OV (organization validation)
Next up is an OV SSL certificate, which refers to organization validation. For this type, the certificate authority will verify the actual business that is attempting to get the certificate. This is usually used by corporations, governments and others for SSL/TLS-enabled websites, code signing, as well as other uses.
EV (extended validation)
With EV (extended validation) a Certificate Authority is going to use the “EV SSL Certificate Guidelines” that can be found in the CA/Browser Forum. While similar to an OV (organizational validation) certificate, this is separate and distinct from an OV SSL certificate. See EV SSL Requirements for more about EV SSL.
IV (individual / identity validation)
An IV (individual validation or identity validation) SSL certificate verifies the identity of an individual and is typically used for email, SSL/TLS client authentication, and various other uses. A person’s email is also going to be validated before this type of SSL certificate is issued.
Other SSL Certificates
While we’ve gone over the major types usually issued, in a future post, we’ll go over Shared Certificates, Wildcard Certificates, and Multi-Domain Certificates. All of these act like a standard SSL certificate, but they also offer features. If you have any questions, be sure to leave a comment below so that we can give you the answers you need. Thanks.