Why do some websites show the company name next to the URL?

81

17

Some websites show the company name next to the URL (in Chrome) and some don't.

How do I set this up for my website? Is there a reason why or why I wouldn't want to do this?

enter image description here enter image description here enter image description here

William Entriken

Posted 2013-03-13T18:04:23.927

Reputation: 2 014

4The acls.net certificate will also contain the name of the company if you look in the subject field of the certificate. It's just a commercial trick to not show it in the address bar with the green background. Extended validation validates nothing more than the websites abilities to pay money to those greedy certificate authorities. – billc.cn – 2013-03-14T01:00:47.093

Answers

89

This is only for websites that use Extended Validation SSL encryption. The name is the name the certificate is issued to. It is a security feature put in place to verify that the website is actually served by the company it claims to be from. Simply put, it works like this:

  • Company X decides it wants to secure (e.g. by encryption) communications with the website and the one who requests it.
  • Company X asks a trusted third party to verify the owner and to issue a digital certificate.
  • The third party checks the applicant and then issues a certificate, vouching for the identity of the website. So you know Github is actually Github, and not some malicious website.
  • Your browser sees that Company X uses EV SSL-encryption and queries the certificate. This shows to be issued by a trusted third party to Company X. Your browser then displays the name of the company the certificate was issued to. If it is the same, it will turn green (like in your screen shot) if it does not, the browser will warn you that the website might not be the website it says to be and turn red.

You need a couple of things to set this up, most notably:

  • An EV SSL certificate (Like from Godaddy, but there are many more issuers out there. Google this for yourself.)
  • A host that supports the use of SSL (inquire with your host on how to set this up for your domain)

Certificates generally don't come cheap, and it is really a matter of whether you really need it. Admittedly, it looks cool, but it might be unnecessary for you.

You can find more detailed information about this from other sources, like its Wikipedia page.

BloodPhilia

Posted 2013-03-13T18:04:23.927

Reputation: 27 374

But if i bought a normal certificate (DV) it will turn the green bar? – Arnold Roa – 2016-11-12T22:32:36.620

Does anyone know why sometimes the company name disappears? Mostly when in my CMS I add a title for the page? – Tina – 2019-06-15T09:46:15.270

What, exactly, does the browser check? I thought all it checked was that the certificate presented was issued by a trusted CA, and that it matches the URL you typed in. I thought the company name was so that the user could check that it's who they expect. – cpast – 2013-03-13T22:32:52.327

2@cpast It does match the domain to the domain on the certificate. However, because the certificate is approved, the name on the certificate will also be ok. The company name is purely informative for the user. However, since the OP doesn't seem to have extensive knowledge about certificates, I quite simplified the process description to be more descriptive than technical. – BloodPhilia – 2013-03-13T22:37:16.650

It checks user credentials/after installing certificates and matches it with servers in mutual handshake. TO justify the user authenticity/ as well as on client side justify the server authenticity.

For Example: change date and time to older in your PC and try yo log in to gmail, or Gtalk. you will see what happens :) – MarmiK – 2013-03-14T05:13:45.377

Great, thank you. Just for reference, normal SSL is $70/yr with GoDaddy and EV SSL is $100/yr. I'm sure other options are cheaper. The extra branding alone makes this valuable for my business. – William Entriken – 2013-03-15T15:39:00.440

@FullDecent You're very welcome! – BloodPhilia – 2013-03-15T15:54:32.803

@BloodPhilia, hmm do you happen to know why Google and Facebook don't use EV but simply use a basic padlock? – Pacerier – 2013-08-13T19:22:28.900

@Pacerier Probably because it really doesn't add a lot of value security wise. – BloodPhilia – 2013-08-14T00:02:42.963

@BloodPhilia, but surely it doesn't cost alot as well. With their revenue, it's practically free. So why do you reckon Google and Facebook don't use EV even when it is free? – Pacerier – 2013-08-15T03:31:45.733

@Pacerier There are plenty of arguments against EV-SSL you can find if you google it. Not the least one is the issue of incompatibility with older/low-end devices and software. – BloodPhilia – 2013-08-15T15:04:51.537

21

That's a result of using an Extended Validation certificate - extended validation, or EV certificates require additional validation before the certificate is issued. The idea is that there is better proof that the company really is applying for the certificate, so you should be able to have some more confidence that you really are talking to who you think you are.

Adam Caudill

Posted 2013-03-13T18:04:23.927

Reputation: 551

So, we have the normal certificate, the green certificate and the green EV? – Arnold Roa – 2016-11-12T22:19:14.347

Asked: 2013-03-13T18:04:23.927

Viewed: 45 053 times

Active: 2017-10-04T22:07:35.070