Do EV certificates provide better encryption than non-EV certificates?
No, EV certificates do not provide better encryption.
July 12, 2021
No, they don't. EV certificates verify a different subject from non-EV certs. That subject is the physical and legal existence of your business, rather than a non-EV certificate which typically is focused on the domain name.
While EV have some higher requirements than DV certs (2048 bit RSA and mandatory Certificate Transparency to protect against compromised CAs) - those are also implementable, but not mandatory, on DV certs.
The encyption strength of a certificate is seperate from the validation process. A typical non-EV certificate shows that someone owns a domain: a DV certificate for https://yourcompany.com only proves you have the domain yourcompany.com, but doesn't actually prove who you are. Someone else could get the DV certificate for https://yourcompany.com.fraud.ru and, seeing as they run fraud.ru and there's no proof of identity either, it would look almost identical.
How can I see the subject difference between an EV cert and a non-EV cert in the browser?
Obviosuly, an EV cert shows the identity with a green bar. But you can also see the full subject. In Chrome, click the green bar (EV) or the lock (non-EV) and then Connections, then Certificate Information.
Here's the subject in a non-EV certificate:
Here's the subject in an EV certificate:
How can I see the subject difference between an EV cert and a non-EV cert on the command line?
openssl x509 -in example.com.crt -noout -text | grep Subject
Subject: OU=Domain Control Validated, CN=billing.example.com
DNS:billing.example.com, DNS:www.billing.example.com
openssl x509 -in example.com.crt -noout -text | grep Subject
Subject: jurisdictionOfIncorporationCountryName=GB/businessCategory=Private Organization/serialNumber=09378892, C=GB, ST=City of London, L=London, O=example Limited, CN=billing.example.com, DNS:billing.example.com, DNS:www.billing.example.com
serialNumber=07875247
is a registered company serial number in the country. In this case, it's a UK certificate, so it matches a Companies House entry where the company was registered with the UK national government.