The END of EV SSL certificates

EV SSL are now obsolete after most browsers removed the green bar from the address bar in 2019.

EV (Extended Validation Certificate) SSL certificates were introduced in 2007 by Comodo (now Sectigo) hoping to improve online security by having companies validate their identity and browsers showing a green bar in the address bar of the website.

The main idea is to validate who is the owner of the domain and website to protect from phishing and fraudsters by showing the name of the legal entity in the green bar.

However people rarely paid attention to the green bar and whether it is present. Not only that but it is easy to register a company with the same name in another jurisdiction and attack this security mechanism - it is really trivial and was proven by Ian Carroll who registered a company with the name Stripe Inc - the same as the payment processor but in a different state, then launched a website with EV SSL displaying it with green bar:

 

Skrill SSL impersonator

 

This proved that the idea behind EV SSL is really not working and was only shilled by companies that made money from it - certificate authorities that issue SSLs. Especially with the price of around $100 for a year of issuance. Therefore the EV SSL was mostly used in the past by fintech companies such as PayPal and also by site owners wanting to improve their image to the visitors.

So in 2019 Google Chrome and Firefox removed the green bar from sites with EV SSL and made changes to the UI interfaces so that the SSL is shown exactly the same no matter the type of SSL certificate used. This means that even with Let's Encrypt free SSL the address bar looks the same as an expensive EV SSL.

Here is how EV SSL looked before the change:

green bar address  

 

And how it looks now:

no green bar address

 

This makes EV SSL really obsolete and kind of pointless, probably the end of it as companies would go for cheaper domain validation SSLs. Or even the free Let's Encrypt SSL which has most of the benefits of the paid SSL certificates.

Read more about why Let’s Encrypt is the most popular choice of SSL nowadays.

Found a mistake? Report it to us by selecting the wrong word/s and press CTRL + ALT + M. Thank you!
Latest posts
What is a DDoS Attack?
VPSBG uses AMD EPYC CPU for the KVM VPS hosting
Advanced web server security with Imunify360