The END of EV SSL certificates
EV SSL certificates have now become rather obsolete due to the fact that free alternatives have started to appear and because of the reason that most browsers began removing the green padlock from the address URL bar back in 2019.
What are EV SSL certificates?
EV (Extended Validation Certificate) SSL certificates were introduced back in 2007 by Comodo (now Sectigo) with the intention of improving online security. This was done by having companies validate their identity after which a green lock in the address bar on the top of the website would appear.
This was done in order to validate that the owner of the website was a legitimate source, which in turn served as a way for users to distinguish between the original, legal entity and phishing/fraud, maliciously developed, copycat websites.
EV SSL certificate exploits
However, users rarely paid much attention to the search bar and proceeded to go about their business as usual, which was quickly becoming a problem.
Additionally, there was another loophole that could be exploited. It was really easy to register a company with the same name but in another jurisdiction and essentially capitalize on the SSL validation feature.
This was really trivial in principle as was proven by Ian Carroll who registered a company with the name Stripe Inc - the same as that of the payment processor. He did this in a different state, then launched a website with EV SSL certificate with the green padlock in the search bar:
Consequently, this proved that the idea behind the EV SSL validation was not the most optimal solution and rather than helping, it turned to work in favor of other companies and fraud businesses, allowing them to leech money from the originals. Additionally, certificate issuing authorities were also targeted, especially with the price of SSL insurance having been around $100 those years, which made it not so affordable for a number of businesses.
This resulted in the EV SSL certificates being utilized mostly by fintech companies such as PayPal and also by site owners wanting to improve their overall presentation, outlook and business image by promoting their authority to their visitors.
The decision to remove the EV SSL certificate visualization
In 2019 Google Chrome and Firefox both removed the green lock from the search bar for sites with an EV SSL certificate and made changes to browsers’ UI interfaces. These changes made it so that the SSL verification would be shown in the same way, regardless of the certificate used. This then led to certificates such as the free Let’s Encrypt being displayed in a similar way inside of the browser, which was just another reason for website owners and administrators to start using such free alternatives.
And how it looks now:
This does in a way make the EV SSL certificate obsolete, due to the fact that there are now many free alternatives such as Let’s Encrypt, which also has the same benefits that much of the premium certificates can provide.