EV SSL certificate is dead, don’t buy anymore, waste money

The high-end EV SSL certificate which is trusted by businesses with the type of company name display in the browser address bar, look very cool, why do I say don’t buy anymore?

An EV SSL certificate (Extend Validated SSL) is the most advanced certificate for business entities or organizations licensed to operate. This means that EV SSL cannot grant to individuals or any legal entities that are not licensed by local authorities.

Up to now, I believe that customers who sign up for EV SSL use largely because the website using this certificate will be displayed by the browsers with more company names in the address bar. Customers who visit this website will think that this company is more reputable and trustworthy.

However, this will no longer be true in the future. Even now, the EV SSL certificate has not been able to promote its strength anymore.

About a year ago, the business name no longer appeared on the Safari browser on iOS, since the macOS Mojave version, Safari did the same thing.

Maybe you think this is only unilateral action by Apple, it has not affected much when Chrome browser is still dominating the Internet. Then read the recent official announcement from Google and Mozilla, which has put an end to the EV SSL certificate.

On HTTPS websites using EV certificates, Chrome currently displays an EV badge to the left of the URL bar. Starting in Version 77, Chrome will move this UI to Page Info, which is accessed by clicking the lock icon.

In desktop Firefox 70, we intend to remove Extended Validation (EV) indicators from the identity block (the left-hand side of the URL bar which is used to display security/privacy information).”

Chrome 77 is scheduled for release on September 10, while Firefox 70 is on October 22. So in just a few weeks, we will no longer see the clear difference between SSL certificates, all of which is just a uniform green padlock icon.

Of course detailed information about the certificate type, the business name is still displayed when clicking on the lock icon, but no one clicked on it to do anything except you and me?

According to the information I learned, it’s not natural that browsers, first of Apple, then come to Google and Mozilla unified the display of SSL certificates, all with its cause.

In the Chrome Security UX team announcement, the EV SSL-using website does not protect users as well as everyone thought, and even EV SSL certificates can be exploited to falsify fraud. As the example image is tested below:

A year ago, Apple said that the business name displayed in the browser address does not make sense when the domain name has done its part. Then leave.

–> Apple said that this changes was based on research and customer input. “Org name is not tied to users intended destination the same way that the domain name is”

So now what? EV SSL is expensive, when registering to verify complex, there is no difference in performance, are you still registering?

Leave a Reply

Your email address will not be published. Required fields are marked *