Edge uses a hollow gray lock for domain validated SSL

New security indicators in Microsoft Edge

July 12, 2021
We're Expedited Security. We help SAAS applications prevent and recover from attack, overcome regulatory or integration security requirements or just stop "weird" traffic before it becomes a problem.

Microsoft's new browser Edge has a significantly different UI for identifying sites, particularly around certificate validation levels.

The results below were from Edge 20.10240.16384.0 on Windows 10 build 10240.

Extended validation SSL in Microsoft Edge

Extended validation certificates have the following UI:

  • The validated subject (eg, the company name) is shown before the origin (eg, the domain name).
  • The lock is solid.
  • The lock is green.

Domain validated SSL in Microsoft Edge

For all non-EV certificates, including both domain validated and organization validated certificates, the UI appears as follows:

  • No certificate subject is shown. This makes sense, since in a DV certificate the subject is similar to, but may not exactly match (eg, wildcards), the domain.
  • The lock is hollow.
  • The lock is grey specifically #616161 - the lock is much lighter than the essential parts of the domain (#000 is used for the domain directly underneath the CCTLD) but not as pale as the non-essential parts of the domain (#a0a0a0).

Identity in Edge compared to IE11

The Edge design is significantly less cramped than IE11. IE tried to fit the identity bar beside the tabs, truncating both the origin and the certificate subject.

Here's EV and OV displayed in Edge and IE11 to compare:

Changes to identity UI in Edge (top) vs IE11 (bottom).