CertSimple will be shutting down on January 30 2020. Read the announcement here.

Chrome will no longer show verification markers - CertSimple is shutting down.

Thanks for everything

By Mike on 14th Jun 2018

At the CABForum on June 12th 2019, Google announced that website verification markers will no longer be displayed in future versions of Chrome.

Verification for websites is performed using EV SSL/TLS certs. These involve checking the company's registration and operating status with the government, calling the phone number published on a specific set of trusted sites (CertSimple certs typically use Google My Business), verifying the person who ordered the certificate has the authority to do so, and potentially other steps dependent on the type of legal entity.

You'll see the verification markers now at your bank, GitHub, Apple, Steam and any number of high profile sites, particularly where they're concerned about phishing, unofficial sites, affiliates, proving a real world identity is behind a website, or linking to a known brand from an unusual domain. But in a few months time you won't see them in Chrome.

A short history of verification on the web

EV markers are a more modern version of the original SSL in the 90s, which required companies to fill out a certificate request (CSR) containing the company name and location, then prove their identities to a CA before a certificate is issued.

The original SSL process involved verifying all the fields in the certificate request before the certificate was issued

In 2003, GeoTrust removed identity checks and began issuing certs to anyone with a domain (DV SSL), saving themselves huge amounts of money, but also removing a great deal of trust about who you were connecting to when you visited a secure site. EV, created in 2007, re-added verification, standardised the process and added specific verification markers to browsers.

There have been a number of issues that have been affecting EV certs for a while:

What's happening now

CertSimple is a tiny player in the certificate space. We've been focusing on developing technology rather than trying to drive the industry. My CA partner DigiCert have been doing an excellent job trying to push identity on the web forward, but the wider CA industry is slow and it's difficult for a CA to act unilaterally. That slowness has made the web a little less trustworthy as a result - and now on September 10 Chrome 77 will remove verification markers. The feature isn't mentioned in Chrome's schedule, but you'll see it if you visit any EV site.

I hoped that the industry would have improved the effectiveness of verification markers, trust in the verification process and helping browser users understand who they're communicating with. That's not going to happen.

As a result, we'll be shutting down CertSimple on January 30th 2020.

CertSimple's been a labour of love for quite some time. As a system administrator, I remember finding out CAs had dropped verification back in the mid 2000s. At the beginning of 2015, frustrated with the process of GoDaddy taking months to verify a company, I started hacking on CertSimple.

I'm proud of what CertSimple has achieved:

And non-technically:

CertSimple will shut down on 30th January 2020

Over the next few days, we'll be contacting customers and sending them a migration plan. EV certificates are still useful in particular cases (Tor is an excellent example - Tor 'domain names' mean even less than regular domain names), and they'll still work in non-Chrome browsers, but it would be wrong to pretend that verification is not hugely diminished at this point.

Meanwhile, you can find me over at my new company BoomSaaS, where we're helping developers turn code into full-featured SAAS products instantly.

Thank you to all the amazing customers who have used CertSimple. Keep building amazing things.

Mike MacCana, founder at CertSimple.

CertSimple makes EV HTTPS fast and painless.

An EV HTTPS certificate verifies the company behind your website. But getting verified is a slow painful process. CertSimple provides EV HTTPS certificates 40x faster than other vendors. We check your company registration, network details, physical address and flag common errors before you pay us, provide verification steps specific for your company, update in realtime during the process, and even check your infrastructure to help you set up HTTPS securely.
Verify your site now!