Differences In PKI Class 3 Certificate Considerations

One of the more confusing aspects of SSL/TLS certificates is the use of different designations by different Certificate Authority and different groups that tends to create possible confusion.

Within the use of SSL/TLS (Secure Sockets Layer/Transport Layer Security) certs there are different classes. These classes are used to indicate the level of validation or verification that the Certificate Authority has to provide to be able to provide assurance and trust that the certificate is provided to a valid applicant.

There are several different levels or classes of certificates from one to PKI class 3 certificate products up to class five. These are known as the vendor defined classes and they are generally used consistently between the top Certificate Authorities in a very uniform and specific way.

The Classes

To provide some assistance, let's take a closer look at the different possible classes of certificates that Certificate Authorities will offer to their clients. Keep in mind that you should always verify exactly what is meant by the class of certificate if you are working with a new Certificate Authority or if your security or trust needs have changed for your website.

Class 1

This is typically considered the most basic type of validation or verification. These certificates are provided to individuals for encryption of email. Comodo offers free Personal Authentication Certificates for everyone, allowing you to send encrypted email and even complete digital signing without any cost at all. As this is basic validation all you need to provide is your name and email address and create a password to verify revocation of the certificate if you request.

For websites, the Class 1 certificates would include the basic domain validation level certs. These just require that the information on the request for the SSL/TLS product matches with the information on WHOIS for most cases. This a good option for those websites where there is a limited collection of any type of data and no exchange of more financial information.

Class 2

These are typically called the organization validated certs. In addition to verifying the applicant is the individual with authority or ownership of the domain this also looks deeper into the actual organization or business. This includes verifying that there is such a business or a person. This is typically done online through trusted and secure databases.

Additionally, theses can also be used for specific Enterprise types of Email or Client certificates. This allows the full use of the digital signature matching all standards and requirements for legally binding documents.

The PKI Class 3 Certificate

The PKI class 3 certificate is designed to allow for the highest level of online trust and assurance. This includes the use of the EV SSL or Extended Validation protocols. The CA not only verifies all of the information in the Class 1 and the Class 2 certs but also independently verifies information about the business or organization and the authority to make the request for the SSL/TLS product.

This is typically going to include the physical check for the address of the business as well as information on the corporation through other types of databases or required documents. As there may be different types of business records maintained in different countries the specific documents for validation may not be available online and they may need to be provided to the CA by hard copy.

Consumers can tell if they are on a PKI class 3 certificate site as they will see the iconic green address bar. In addition, in the address bar the legal name of the organization as well as the name of the CA, which is often Comodo with these EV SSL certs, will alternate.

Hovering the mouse over this information or clicking on the Comodo TrustLogo site seal on the website will show the full information of the cert in a small popup box. This will provide a complete list of information about the business that you will not find on certs issued at the organization and domain validation levels.

To learn more about the difference in options and the benefits of the PKI class 3 certificate, talk to our sales staff. We can provide you with an EV SSL product for a single domain or even for multiple domains, just let us know what you need.

For more information, give us a call today at +1 888 266 6361. We can also be reached through the live chat system at https://www.instantssl.com or through the contact us tab on the site.

Related Articles
Back to TOP