Validating the Certificate Authority

The CA/Browser Forum has a stringent set of standards and requirements that certification authorities must follow, in order to keep their EV SSL certification.

With the WebTrust audit process, the CA/Browser Forum is able to guarantee the reliability of the EV SSL certificate authentication requirements for all CAs.

Administered annually, the audit consists of a lengthy requirement checklists-some of which are covered previously in this article-which can be found in its entirety, at the CA/Browser Forum website.

WebTrust Audit Guidelines

If a CA passes the audit, not only can the CA confirm that they are validated to distribute certificates, a separate, WebTrust for Certification Authorities can also be applied.

If the CA fails the WebTrust audit, that CA may lose the EV status in the selected browser manufacturers' Trusted Root Store.

As well, if a CA does not pass the annual audit, all of the EV SSL Certificates will be revoked. Then, anytime the websites are accessed, the address bar and status bar will turn red, instead of green, and the EV SSL status will be downgraded to the traditional SSL. End-users that visit the non-EV SSL sites will do so at their own risk, as the site will no longer be recognized as EV SSL compliant.

The CAs maintains a list of revoked certificates that is checked on the spot, every time an end user visits an EV-secured web site.

IE 7.0, Firefox and Opera are currently working and implementing technologies to help an end-user know whether the certificate has been revoked.

All of the above browsers offer anti-phishing filters, which can facilitate a way to know whether the EV SSL certificate is valid, or whether the site is dangerous to the end-user, or whether the site is suspicious.

• Green Address Bar-Valid EV SSL certificate
• Yellow Address Bar-Suspicious site, use caution.
• Red Address Bar-Dangerous site, do not proceed with sending any sensitive material.

                    

Print this page