EV certificate indicators being removed from browsers

When signing in to sites like your bank or www.oderland.se you’ve been able to see the company name next to the url in the address bar. This was made possible by a specific kind of certificate, so called EV (Extended Validation), which included a manual verification process.

In the September update for Google’s browser Chrome the EV indicator in the address bar has been removed. The quality of the encryption between the server and visitor is in no way different in respect to the kind of validation a certificate authority has performed before issuing the certificate.

Other browsers, like Safari and Firefox, has already removed or are going to remove the same visual indicator in the address bar. The change is a result of no notible change in user behaviour depending on the certificate, provided of course that no warnings are presented to the user.

Our website www.oderland.se is at the time of writing using an EV certificate and has been doing so for a long time. After updating your browser it’s very likely that our company name will no longer be present in the address bar due to the reason above. See the example image below for comparison:

Due to this change, we’ve hidden EV certificates from our order pages, meaning that ordering new EV certificates will require contact with our support first. As usual, we can provide various types of certificates, contact our support with any needs you might have.

Already active certificates will be renewed as usual but can be canceled and replaced with free certificates from Let’s Encrypt for our webhosting or Managed Server customers, or any of our other certificates, which also works with external websites.

More information about the change and the factors behind the decision can be found in this blog post by security expert Troy Hunt.