Cyberattacks are rising. Compliance rules are tightening. And yet most public institutions and businesses still rely on SSL certificates that validate only domain ownership.
According to Francesco Basso, Head of SSL and Security Business Line, Actalis S.p.A. (Aruba Group),
“when a certificate proves only that someone owns a web address—but not who they are or whether they’re legitimate—we create a false sense of trust.”
In this interview with
Website Planet, Basso explains why basic Domain Validation (DV) certificates like SSL, while popular, fall far short of what modern organizations actually need (especially in high-stakes sectors like public services, finance, healthcare, and critical infrastructure) and why the problem isn’t just technical but rather cultural.
The Quiet Crisis of Digital Trust
SSL certificates were originally designed to establish both security and authenticity in digital interactions. But in practice, many organizations still treat them as afterthoughts—installed to tick a compliance box rather than as part of a broader trust strategy.
The result is a proliferation of websites that appear secure, but are managed by entities that can’t be verified; fragmented infrastructures managed across multiple vendors; and an overreliance on free tools that offer no human support, no transparency, and no real guarantees.
“Too many companies assume a green padlock means their door is protected. But when credentials aren’t tied to identity, the door is wide open to abuse,” Basso says.
The organizations most at risk are those handling sensitive data and operating in high-compliance environments, like public administrations managing identity systems and citizen-facing platforms, healthcare and financial institutions bound by strict regulatory frameworks, and digital agencies overseeing certificate lifecycles across multiple clients all face heightened exposure. Cloud and hosting providers, too, often resell SSL certificates as part of broader service bundles, but without proper assurance oversight.
For these sectors, mismanaged or insufficient trust frameworks don’t just invite technical vulnerabilities—they open the door to reputational damage, data breaches, and serious regulatory consequences.
Regulatory Pressure Meets Infrastructure Reality
Many organizations—particularly public agencies and B2B platforms—keep using DV certificates to secure sensitive portals, government systems, and enterprise workflows. That’s not nearly enough, according to Basso.
“Digital trust isn’t just about encryption. It’s about knowing who you’re dealing with, where your data lives, and how it’s being secured across its lifecycle.”
eIDAS is a crucial step forward in that direction—a
regulation from the European Union that is legally binding in every EU country and makes cross-border digital transactions easier and safer. A more secure, legally valid way to prove identity and sign documents online.
Before eIDAS, each country had its own rules for digital identity and signatures, making cross-border business complicated. eIDAS created one unified framework, so if you sign something in Italy, it’s legally valid in Germany, Spain, or France too.
So, what can security leaders do right now?
1. Stop Relying on Patchwork Security Tools
Many global vendors offer scalability but lack local certification or flexibility to meet EU-specific regulations like eIDAS. Others rely on basic certificates that only prove domain ownership, not the real-world identity of the organization behind it.
Basso warns. “Without a certified, integrated framework, there’s no way to guarantee end-to-end security — especially in mission-critical infrastructure.”
2. Upgrade to OV or EV Certificates for Real Identity Assurance
Unlike basic DV certificates, Organization Validation (OV) and Extended Validation (EV) certificates require verified, authenticated organizational identities in order to provide transparency and assurance that the entity you’re dealing with is legitimate — a vital step in building public trust online.
Actalis made these higher-assurance certificates a core part of their offering — delivered by a QTSP and fully aligned with European legal frameworks.
3. Use Trust Services That Are Customizable, Certified, and Sovereign
Actalis, for example, decided to focus not just on compliance, rather the combination of regulatory-grade security, full control over infrastructure, and the ability to tailor solutions to complex IT environments.
“We’re not just issuing certificates. We control the full chain — from certificate issuance to hosting — all within a sovereign European infrastructure backed by Aruba’s Tier IV data centers,” says Basso. “No third-party dependencies. No shortcuts.”
This vertical integration allows Actalis to serve both large-scale enterprises and digital professionals with services that are resilient, customizable, and local.
4. Choose Partners That Offer Local Support and REAL Expertise
Too many companies rely on overseas vendors or providers that don’t speak their language — literally and figuratively. Actalis invested in expert, free-of-charge support from a local Italian team, who understand the regulatory landscape and the technical challenges of integration.
Localized support means faster response times, tailored guidance, and higher confidence for clients navigating complex environments.
5. Pick Providers With a Proven Track Record — Not Just Promises
Actalis is the third-fastest growing Certification Authority in the world also thanks to its partnerships.
For example, their strategic collaboration with Tucows — the world’s largest wholesale domain registrar — has enabled global distribution of Actalis SSL certificates via the OpenSRS platform.
Looking ahead: Trust That Scales with You
Basso sees a shift coming—one that will force organizations to start treating trust certificates like SSL as strategic assets, not just utilities.
“Digital sovereignty isn’t a buzzword. It’s the future of cybersecurity,” he says. “And that starts with controlling how, where, and by whom your trust infrastructure is built and maintained.”
“Our mission is to simplify security without compromising on trust or compliance,” Basso says. “We want to make digital trust something that’s easy to integrate, scalable, and automatic — so that businesses of every size can grow confidently and truly securely.”
Want to connect with Actalis?
Linkedin: https://www.linkedin.com/company/actalis-s.p.a./
