Three Levels of SSL Trust — and When Each One Matters

You know your website needs HTTPS. The browser warning for non-SSL sites is enough to scare away visitors, and Google has been factoring SSL into search rankings since 2014. But when you go to purchase an SSL certificate, you’re suddenly faced with a menu of options: Domain Validated (DV), Organization Validated (OV), Extended Validation (EV), wildcards, multi-domain, single-site… and prices ranging from free to hundreds of dollars per year.

Which one do you actually need? And more importantly, which one will your customers trust?

We’ve helped thousands of Canadian businesses choose the right SSL certificate. The differences come down to how much identity verification stands behind the padlock icon.

What Is an SSL Certificate, Really?

An SSL (Secure Sockets Layer) certificate does three things:

  1. Encrypts data between your visitor’s browser and your server — passwords, credit cards, form submissions can’t be intercepted
  2. Proves identity — the certificate authority (CA) has verified something about who you are
  3. Enables HTTPS — the padlock icon and “Secure” label in browsers

Every SSL certificate provides the same level of encryption. A free Let’s Encrypt certificate uses the same AES-256 encryption as a $500 EV certificate. The difference isn’t security strength — it’s trust verification.

The Three SSL Types: What’s Different

Domain Validated (DV) Certificates

What it proves: You control the domain.

How verification works: The CA sends an email to admin@yourdomain.com, or asks you to add a DNS record, or place a file on your server. Automated, takes minutes.

What browsers show: Padlock icon, “Secure” label. No company name displayed.

Best for: Personal blogs, internal tools, test environments, sites that don’t collect sensitive data, anyone on a tight budget.

Price range: Free (Let’s Encrypt) to $50/year

Limitations: Anyone who controls a domain can get one — including phishing sites. No organization identity verification. For e-commerce or business sites, some visitors may wonder who’s behind the padlock.

Organization Validated (OV) Certificates

What it proves: You control the domain AND your organization is legitimate.

How verification works: The CA verifies your business registration, confirms your address, may call your listed phone number. Takes 1-3 business days.

What browsers show: Padlock icon, “Secure” label. Click the padlock ? View Certificate ? and you’ll see your registered organization name.

Best for: Business websites, e-commerce stores, any site where trust matters, organizations that want visitors to know they’re dealing with a real company.

Price range: $75-200/year

Limitations: More expensive than DV, requires documentation, takes longer to issue. But for most businesses, this is the sweet spot between cost and credibility.

Extended Validation (EV) Certificates

What it proves: You control the domain, your organization is legitimate, AND you’ve passed rigorous identity verification.

How verification works: Extensive vetting: verified business registration (must be at least 3 years old in some cases), confirmed physical address, verified phone number through independent directory, verification of legal name and registration number, authorization check that the requester can act on behalf of the organization. Takes 3-7 business days.

What browsers show: As of 2024, no major browser displays the organization name directly in the address bar. Chrome 77, Firefox 70, and Safari 12 all removed the green bar and organization name from the address bar starting in 2019. You can still see the verified organization by clicking the padlock icon and viewing certificate details. The visual browser difference between OV and EV has effectively disappeared, but EV still provides a stronger audit trail and higher warranty coverage.

Best for: Financial institutions, healthcare, high-value e-commerce, any site where maximum trust is worth the cost, organizations handling sensitive personal data. If your site handles health information subject to Canadian data residency and privacy requirements, EV provides the most thorough verification paper trail.

Price range: $150-500+/year

Limitations: Most expensive, longest verification process, requires significant documentation. Overkill for a personal blog or small brochure site.

SSL Types at a Glance

Feature DV Certificate OV Certificate EV Certificate
Encryption strength Same (AES-256) Same (AES-256) Same (AES-256)
Identity verified Domain only Organization Full legal entity
Verification time Minutes 1-3 days 3-7 days
Browser display Padlock only Padlock + org in cert details Padlock + org in cert details
Price range Free – $50/yr $75 – $200/yr $150 – $500+/yr
Trust level Basic Business Maximum

Which SSL Type Should You Choose?

Your Situation Recommended SSL Why
Personal blog or hobby site DV (free Let’s Encrypt) No need to prove business identity; encryption is all that matters
Small business brochure site OV Shows visitors you’re a real company without the EV cost
E-commerce store OV minimum, EV for high-value Customers entrusting credit cards need to see verified identity
Financial services / banking EV (often required) Regulatory requirements and maximum trust for sensitive transactions
Healthcare / PHIPA context EV Handling personal health information demands highest verification
Internal tools / staging sites DV (free) No public trust requirement; encryption for data in transit
Multiple subdomains Wildcard DV or OV One cert covers *.yourdomain.com — more cost-effective than multiple certs
Multiple different domains Multi-domain (SAN) cert One cert covers yourcompany.com, yourcompany.ca, yourcompany.net, etc.

Common SSL Questions

“Can I start with DV and upgrade later?”

Yes, but it’s not seamless. You’ll need to generate a new certificate signing request (CSR), go through OV or EV verification, install the new certificate, and potentially update any hard-coded HTTPS references. Most hosting providers (including Canadian Web Hosting) can handle the installation for you, but plan for 30-60 minutes of coordination.

“Is free Let’s Encrypt as secure as paid SSL?”

Yes, the encryption is identical. Let’s Encrypt is a legitimate certificate authority trusted by all major browsers. The trade-off is: 90-day certificate lifetime (auto-renewal required), DV only — no OV or EV options, no warranty or support included, no organization validation for trust building. For many sites, Let’s Encrypt is perfectly adequate. For business credibility, OV or EV adds value beyond encryption.

“Do I need a dedicated IP address for SSL?”

Not anymore. Server Name Indication (SNI) allows multiple SSL certificates on a single IP address, and all modern browsers support it. The only exception is if you need to support Windows XP or very old Android devices (less than 1% of traffic). Shared hosting plans include SSL without dedicated IP.

“What happens when my SSL expires?”

Browsers will show a full-page warning: “Your connection is not private.” Visitors will have to click through a scary warning to reach your site. Most will leave. Set calendar reminders 30 days before expiry, or use auto-renewal through your hosting provider. OV and EV certificates from CWH’s SSL certificates include expiry notifications.

“Can I get SSL for localhost or internal domains?”

For internal tools, use a self-signed certificate (browsers will warn “not trusted” but encryption still works), or a private CA like mkcert for development. Public CAs won’t issue certificates for localhost or internal-only domains.

Where CWH Fits

Canadian Web Hosting offers the full range of SSL certificates — from free Let’s Encrypt on all shared hosting plans to premium OV and EV certificates for businesses that need verified identity.

What makes the difference when you get SSL through CWH:

  • Canadian data residency — your SSL validation and support stay in Canada, not routed through US jurisdictions
  • Installation included — we handle the CSR generation, validation, and installation on your hosting account
  • Auto-renewal — never accidentally let a certificate expire
  • Wildcard and multi-domain options — simplify management for multiple sites
  • 24/7 support — if something goes wrong with your SSL, real humans are available to help
  • Managed WordPress plans — our Managed WordPress Hosting plans include free SSL certificates with automatic renewal, so your WordPress site is secured from day one without extra configuration

For most Canadian businesses, we recommend OV certificates as the best balance of cost, credibility, and verification. You get business identity validation without the extended vetting process of EV.

View CWH’s SSL certificate options ?

Quick Decision Guide

If you’re still unsure, use this flowchart:

  1. Is this a personal site or internal tool? ? Use free DV (Let’s Encrypt)
  2. Do you collect payments or sensitive data? ? OV minimum, consider EV
  3. Does your industry have compliance requirements? ? Check regulations (often EV required)
  4. Do you want visitors to see your company name in certificate details? ? OV or EV
  5. Do you have multiple subdomains? ? Wildcard certificate
  6. Do you have multiple domains? ? Multi-domain (SAN) certificate

Still not sure? Contact CWH support — we can evaluate your specific situation and recommend the right certificate type and hosting configuration.

Next Steps

  • Assess your site’s trust requirements — do visitors need to verify who you are?
  • Check your current SSL type (click the padlock ? Certificate ? look for Organization field)
  • If you need to upgrade, browse CWH’s SSL options or contact support for a recommendation
  • Set a renewal reminder if you’re not on auto-renewal
  • After installing, test with SSL Labs to verify proper configuration
  • Running WordPress? Read our guide on when to upgrade from shared to VPS hosting — SSL is just one piece of the performance puzzle
  • Concerned about server-level security beyond SSL? Our VPS security hardening guide covers firewall, SSH, and access controls

The right SSL certificate isn’t just about encryption — it’s about matching the level of trust your visitors expect.