The SSL certificate green bar was once a premium and exclusive feature of Extended Validation certificates. It displayed the company’s official name next to the URL, providing users instant assurance about the site’s authenticity. But as with everything online, advancements and progress in HTTPS adoption caught up with the green bar and forced industry decision-makers to discount it.
This article reveals the reasons behind the green bar’s removal and answers whether it will ever come back or not. You will also discover why EV SSL certificates are still popular and what other changes may affect them moving forward.
Table of Contents
- What Was the SSL Green Bar?
- Why Does the SSL Certificate Green Bar No Longer Exist?
- Will the Green Bar Ever Come Back?
- What’s Next for Extended Validation Certificates?
- Final Thoughts
What Was the SSL Green Bar?
The SSL certificate green bar was a visual cue displayed in web browsers indicating the official name of the company behind the website. It offered enhanced trust and assurance to website visitors that the website’s identity had been thoroughly verified by the Certificate Authority (CA) issuing the SSL certificate.
Extended Validation certificates require a more rigorous validation process compared to other types. The CA verifies the legal identity, physical existence, and operational status of the entity requesting the certificate. This verification process involves extensive documentation and communication with the organization, ensuring that only legitimate and trustworthy organizations receive an EV certificate.
The green bar, displayed in the browser’s address bar, served as a prominent indicator of the website’s extended validation status.
Why Does the SSL Certificate Green Bar No Longer Exist?
Guidelines in 2007, EV certificates have been of great benefit to e-stores, financial institutions, enterprises, and even smaller companies. The SSL green address bar was specifically designed next to the URL to highlight the official company’s name. The CAs thought it would offer the highest level of assurance to visitors.
Fast forward a decade, and the leading browsers began to question the address bar’s efficiency in conveying information about a website’s security and authenticity. According to Google’s research, and a survey of prior academic work, the EV UI does not protect users as intended. Here’s what Google thinks:
“Users do not appear to make secure choices (such as not entering password or credit card information) when the UI is altered or removed, as would be necessary for EV UI to provide meaningful protection. Further, the EV badge takes up valuable screen real estate, can present actively confusing company names in prominent UI.’’
Both Google and Mozilla removed the HTTPS green bar in Chrome 77 and Firefox 70. However, this move didn’t spell the end for EV certificates. You can still access the additional EV information by clicking the padlock icon. Here are the thoughts of Mozilla’s Johann Hofmann:
“We will add additional EV information to the identity panel instead, effectively reducing the exposure of EV information to users while keeping it easily accessible.”
With over 95% of the traffic across Google encrypted, the HTTPS protocol has become the new standard. To emphasize the importance of encryption, browsers used colorful padlocks and address bars. Now, when we’re fast approaching the 100% figure, the tendency is towards a more neutral approach.
Chrome’s padlock is not even green but gray, in line with the URL text color. Google’s end goal is to remove the padlock altogether and issue a security warning for unencrypted websites.
Will the Green Bar Ever Come Back?
The era of the green bar, once a symbol of trust and security on websites, has ended, and it’s unlikely we’ll ever see it come back. It lost its significance with the widespread adoption of SSL certificates that made it more relevant to alert users when a website lacked SSL protection rather than when it had it. Google Chrome initiated the change by removing the green color from the EV indicators in September 2018 with Chrome 69.
Later, in the fall of 2019, all browsers followed suit and eliminated the green bar and associated company information from their interfaces. This shift aimed to align with evolving security practices and user expectations.
While the SSL green address bar may be gone, it doesn’t mean that company information is no longer accessible. Browsers now require users to click the padlock symbol to view the SSL certificate details and website ownership. Some outdated articles and websites may still mention the green bar, but it is essential to recognize that it was phased out in late 2019.
Although the green bar’s removal may have reduced their prominence, EV certificates remain beneficial for businesses, enterprises, and financial institutions. Moreover, some industries even require EV certs to comply with online transaction and security standards.
What’s Next for Extended Validation Certificates?
The relegation of EV information from the HTTPS green bar to the certificate panel doesn’t impact the overall benefits of EV SSL. E-commerce platforms and organizations still need to verify their legal identity and attain the highest level of customer trust.
EV certificates are much more than just the visible address bar, and there are more reasons why companies pay a premium price to pass Extended Validation. EV SSL improves conversion rates, and on top of that, protects websites from phishing attacks.
In the end, it doesn’t matter whether the company’s official name is in the address bar or the info panel. What’s imperative is the thorough validation process. To issue an extended validation certificate, a CA requires verification of the requesting entity’s identity and its operational status with its control over the domain name and hosting server. To the customers, whether they’re aware of it or not, it’s a safe way to share their sensitive credentials.
Of course, the change in browser behavior has led to discussions and debates within the industry regarding the future of EV certificates. One proposal by the CA/Browser Forum, the organization responsible for setting industry standards, was to introduce a new type of certificate called an “Authenticated Identity” or “Identity Assurance” certificate. These certificates would aim to address the shortcomings of EV certificates while still providing a means to verify the identity of website owners.
However, proposals and discussions may not always translate into immediate implementation. The decision-making process within the industry involves multiple stakeholders, including CAs, browser vendors, and security experts, and it may take time to reach a consensus on the future direction of EV certificates.
Final Thoughts
As the Web evolves, so do the critical elements that keep it functioning. SSL certificates have come a long way since their inception. The cryptographic protocols that ensure encryption are ultra-secure and impossible to compromise. On top of that, the CAs have perfected their validation process, providing the ultimate assurance that the website is genuine and belongs to a legitimate company operating in good faith.
Once an indispensable element of EV certs and a premium feature, the SSL Certificate green bar was an excellent addition in the early stages of HTTPS adoption. It helped raise awareness about Web encryption and transparency when sharing sensitive data and processing payments online.
Save 10% on SSL Certificates when ordering from SSL Dragon today!
Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10