Buyers Guide to EV SSL

   Step 1: What is an EV SSL?
   Step 2: SSL vs. EV SSL
   Step 3: Merchant Benefits
   Step 4: EV SSL Validation Process
   Step 5: Buying An EV SSL Certificate


 EV SSL FAQs
   EV SSL Certificate FAQs
   SSL vs. EV SSL
   Certification Authority/Browser Forum
   Validating the Certificate Authority
   Benefits of EV SSL


 EV SSL Info
   EV SSL News
   EV SSL Polls


 Advertisement


ev ssl certificates
(Visit Buy SSL Certs for all SSL Certificates including EV SSL )


 EV SSL Polls


   View All Polls


Which brand of EV SSL are you considering purchasing or currently using?









View EV SSL Certificate Poll Results

SSL vs. EV SSL

Extended Validation Secure Socket Layer (EV SSL) is the next step in maintaining secure communication between web browsers and merchant web sites/servers.

Unlike traditional SSL security, EV SSL offers end-users a way to verify that the web site that they are is truly the real web site of the merchant/company.

Gone are the days of just trusting that the little "lock" icon at the top or bottom of a supposedly secure "https" Web site, meant secure 128 bit encryption.

With SSL, any website could get an SSL certificate, even if the website was a fake, and once the certificate matched the website, the little lock went up in the corner, just like a legitimate website.

Moreover, SSL certificates have different levels and they are issued in various ways. Even with encryption for each kind of SSL certificate, and with the visual clues in the URL address browser like the lock icon or the "https" prefix, there is no way to know the credibility of the certificate and it's owner.

There are four different SSL certificates:

  • Self-validated SSL certificates - The company or online merchant issues the certificates to themselves, with no oversight from a third-party.

  • Class 2 SSL certificates - A Certificate Authority (CA): a third party-only checks the applicants URL against the WHOIS database-the domain registry for websites.

  • Class 3 certificates - These certificates are also known as organizationally validated SSL certificates. CAs go one step past the Class 2 checks, by trying to establish the operational existence of the website in question, however this varies from CA to CA, and, previously, there is no way to check the operational existence of the website.

  • Extended Validation SSL Certificates - With these certificates, a CA validates not only domain name registration, but it covers operational existence, legal existence and the company/website's physical existence. EV SSL certificates not only offer "https" prefixes, or the lock icon, they also change the URL browser address to a different color.
Until now, the availability of both high authentication certificates and low authentication certificates was/is rampant.

The typical end-user only sees the "https" and lock icon, and is unaware that online criminals can obtain a low authentication SSL certificate for their spoofed website, and it will look just like another "secure" site.

As in the case of Fast Flux, SSL encryption and validation can be cracked by an adept phisher or phishers, and more and more end-users are losing faith and confidence that making online transactions is a smart thing to do.

With EV SSL certificates end-users/consumers can verify a website owner's identity and the browser interface makes it easier for end-users/consumers to identify the website as legitimate or when it is not legitimate.

ev ssl                      pci compliance asv


pci compliancePrint this page

| Home |  EV SSL FAQs |  Buyers Guide to EV SSL |  Where to Buy |  EV SSL News |    EV SSL Certificate Polls | 
© 2007 EV SSL Guide.com
   All right reserved - do not copy any material without written permission.



Visit Buy SSL Certs for all SSL Certificates