Extended Validation SSL Certificates were created
in direct response to the rise in Internet fraud, eroding consumer confidence
in online transactions. In 2005, 84% of respondents to a Forrester Research
study said they don’t think retailers are doing enough to protect their
customers online and 24% did not make purchases online due to security
concerns.* Before customers share their confidential data online,
they want proof of identification from a trusted source. The Extended
Validation SSL Standard raises the bar on verification of SSL Certificates
and enables visual displays in high security browsers.
What
is Extended Validation SSL?
What
is the Extended Validation Standard?
How
will Extended Validation SSL increase consumer confidence?
What
are the benefits of Extended Validation SSL to Web site owners?
Who
is eligible to receive an EV SSL Certificate?
Where
can I buy an Extended Validation SSL Certificate?
What
type of additional documentation does VeriSign require?
Can
I renew SSL Certificates and add the Extended Validation Standard?
What
is EV Upgrader™ and how does it work?
What is Extended Validation
SSL?
Extended Validation SSL Certificates give high
security Web browsers information to clearly identify a Web site’s organizational
identity. For example, if you use Microsoft® Internet Explorer 7 to
go to a Web site secured with an SSL Certificate that meets the Extended
Validation Standard, IE7 will cause the URL address bar to turn green.
A display next to the green bar will toggle between the organization
name listed in the certificate and the Certificate Authority (VeriSign,
for example). Firefox and Opera have announced their intention to support
Extended Validation SSL in upcoming releases. Older browsers will display
Extended Validation SSL Certificates with the same security symbols
as existing SSL Certificates.
What is the Extended Validation
Standard?
In 2006, a group of leading SSL Certificate
Authorities (CAs) and browser vendors approved standard practices for
certificate validation and display called the Extended Validation Standard.
To issue an SSL Certificate that complies with the standard, a CA must
adopt the extended certificate validation practice and pass a Webtrust
audit. The validation process requires the CA to authenticate the certificate
applicant’s domain ownership and organizational identity, as well as
the individual approver’s employment with the applicant, and authority
to obtain the Extended Validation SSL Certificate. Our Certification
Practice Statement outlines our authentication and verification
processes.
How will Extended Validation
SSL increase consumer confidence?
As people use the Web for commerce, business,
and social activities, they share personal and confidential information.
High profile incidents of fraud and phishing scams have made Internet
users very concerned about identity theft. Before they enter sensitive
data, they want proof that the Web site can be trusted and their information
will be encrypted. Without it, they abandon their transaction and do
business elsewhere. High security browsers and Extended Validation SSL
Certificates provide third-party verification with a visual display
that gives consumers confidence and builds trust in e-commerce.
What are the benefits of Extended
Validation SSL to Web site owners?
An Extended Validation SSL Certificate helps
your visitors complete secure transactions with confidence and puts
your organization in a leadership position. If your site has the “green
bar” in IE 7 and your competitor’s site does not, you appear to be more
trusted and more legitimate. That’s a competitive advantage in the world
of e-commerce. For businesses with a high profile brand, using Extended
Validation SSL is the most effective defense against phishing scams.
When customers see the green bar and the name of your security vendor,
they can interact with you online, with confidence.
Who is eligible to receive
an EV SSL Certificate?
The CA/Browser Forum dictates what kinds of
entities are eligible to obtain EV Certificates. The following entities
are eligible provided they are currently registered with and approved
by an official registration agency in their jurisdiction. The resulting
charter, certificate, license or equivalent must be verifiable through
that registration agency.
- Government agencies
- Corporations
- General partnerships
- Unincorporated associations
- Sole proprietorships
The employment and authority of the person
placing the certificate order must be verifiable. These business entities
need to have a confirmable physical existence and business presence.
Any assumed business names should be verifiable. A principal individual
associated with the business must be validated and that person must
confirm agreement to the certificate subscriber agreement. The
entity cannot be located in a country where VeriSign is prohibited from
doing business or listed on any government prohibited list such an embargo
restriction.
Where can I buy an Extended
Validation SSL Certificate?
VeriSign offers Extended Validation SSL Certificates
for purchase as individual certificates and in multiple certificate
packs through our Managed PKI for SSL service for the enterprise. The
most secure and trusted option for SSL is a true 128-bit, Extended Validation
(EV) SSL Certificate. Look for Secure
Site Pro with EV or Managed
PKI for SSL Premium with EV.
What type of additional documentation
is required?
A legal opinion letter confirming that the
requestor has the authority to obtain an SSL Certificate on behalf of
the company must be submitted to VeriSign. The legal opinion letter
also may be used to confirm the organization registration, organization
address, telephone number, domain ownership, and that the organization is
conducting business. Once confirmed, the requestor may be able to purchase
additional SSL Certificates based on the original letter. If a legal
opinion letter cannot be obtained, Our Certification
Practice Statement outlines alternate authentication and
verification processes.
Can I renew SSL Certificates
and add the Extended Validation Standard?
When you renew individual SSL Certificates,
look for the upgrade to Extended Validation. Due to the additional steps
in the verification process, enrollment may take longer than traditional
SSL Certificates and the express guarantee for 2-day delivery does not
apply. Managed PKI for SSL accounts must be pre-qualified to request
Extended Validation SSL Certificates before traditional certificates
may be converted to EV. To upgrade SSL Certificates to Extended Validation,
contact VeriSign
sales.
What is EV Upgrader™ and how
does it work?
EV
Upgrader™ is the first ever technology that enables all IE7
on Windows Vista and XP client systems to display the green address
bar, organization name, and other Extended Validation interface conventions.
EV Upgrader works by prompting existing root update functionality in
IE7 for Windows XP on visiting client systems and therefore enabling
the IE7 client to "recognize" the SSL Certificate's EV status.
In the absence of the root update, no Windows XP client can ever see
the green bar on your site.
Once a given client system has a specific EV
SSL root installed (by way of EV Upgrader or manual installation, from
the Microsoft Web site, by the user) that client will experience "green
bar" behavior whenever connecting to a valid EV SSL Certificate
on that same root. Note that this root installation affects only the
root in question and does not enable that client for EV behavior with
any other root. Learn
more about EV Upgrader.
*Lauri Giesen, ”Hand-holding:
Fraud-weary consumers look for the seal of approval,” Internet Retailer,
March 2006.
Worldwide Sites
Podcast: