In the Safari browser, both iPhone and Mac desktop browsers, the padlock (Mac desktop) and entire URL (iPhone) used to show as green when DNS was pointed to our server directly. Since moving to CloudFlare, and Upgrading to their optional Edge Certificate, I’m still seeing no green in either instance. We have other subdomains that are NOT “Proxied” that show the green padlock and URL as they used to, but the subdomains and root domains that are “Proxied” no longer show the green.
Extended Validation certificates are theoretically ‘better’ than domain validation certificates. They are supposed to verify the organisation behind the site, not just the domain name. There is no difference in the strength of the encryption etc.
EV relies on the visitor making a decision whether to trust the site in the presence or absence of the indicator. The indicator has now been made far less prominent in most major browsers, and users generally don’t notice the difference!
This is explained in more detail in the post linked to above and in
It is up to you, you need both a Cloudflare and a server side certificate to secure the connection. If you want the EV cert in Cloudflare, you will need the business plan, though
EV Certs offer not just a green padlock but also color the beginning of the web address green to identify sites that paid too much $$$ for a level of protection that truly is no better than a cert one may obtain for free from, e.g., Let’s Encrypt. Now, there are those that include “insurance” up to a certain limit and under a limited set of circumstances. Most don’t offer anywhere near the money needed to pay a fine for data breaches, if any. The final difference is the application process, which will actually be simplified within the year as per CA’s recent voting on certain measures. Ofc they’d want it simplified since extended certs are, generally, outrageously expensive. They also voted against a reduction in cert lifetimes, which is needed, but that’s another subject entirely. For now, one has to “prove” you exist as a business, from multinationals to sole proprietors DBA [business name]. So in that regard, anyone can get en extended cert since the process of turning one’s self into a business (whether actual or not) is very simple. A Social Security Number is all you need to do it.
Good reading from Troy. @dzyner Think of it this way if you do want extended certificates - if Mozilla Firefox shows green, Google Chrome & Chromium show green, but Apple’s Safari does not nor do browsers on iOS iPadOS and MacOS due to the WebKit only rule imposed by Apple, is your extended cert actually no longer an extended cert?