Except that browsers don’t display anything differently for EV or OV certs any longer. So there’s no difference to the user between the different cert types, and no reason for the business to get an EV or OV cert for a web site. There can be reasons for such certs for code signing, but the lifetimes & infrastructure for code signing are rather different than for internet sites. Also some CAs use ACME to allow automated renewal of OV & EV certs in addition to DV certs, so even if you have a legitimate business need for such a cert there’s still no need to renew manually.
Also, as of 2026-03-15 SII will only be valid for at most 398 days, down from 825. Max TLS cert lifetime will drop from 398 days to 200 days. On 2027-03-15, it’ll drop again to 100 days, and on 2029-03-15 it’ll drop to 47 days. Even for EV & OV certs. 47 days.
Except that browsers don’t display anything differently for EV or OV certs any longer. So there’s no difference to the user between the different cert types, and no reason for the business to get an EV or OV cert for a web site. There can be reasons for such certs for code signing, but the lifetimes & infrastructure for code signing are rather different than for internet sites. Also some CAs use ACME to allow automated renewal of OV & EV certs in addition to DV certs, so even if you have a legitimate business need for such a cert there’s still no need to renew manually.
Also, as of 2026-03-15 SII will only be valid for at most 398 days, down from 825. Max TLS cert lifetime will drop from 398 days to 200 days. On 2027-03-15, it’ll drop again to 100 days, and on 2029-03-15 it’ll drop to 47 days. Even for EV & OV certs. 47 days.