Buyers Guide to EV SSL

   Step 1: What is an EV SSL?
   Step 2: SSL vs. EV SSL
   Step 3: Merchant Benefits
   Step 4: EV SSL Validation Process
   Step 5: Buying An EV SSL Certificate


 EV SSL FAQs
   EV SSL Certificate FAQs
   SSL vs. EV SSL
   Certification Authority/Browser Forum
   Validating the Certificate Authority
   Benefits of EV SSL


 EV SSL Info
   EV SSL News
   EV SSL Polls


 Advertisement


ev ssl certificates
(Visit Buy SSL Certs for all SSL Certificates including EV SSL )


 EV SSL Polls


   View All Polls


Which brand of EV SSL are you considering purchasing or currently using?









View EV SSL Certificate Poll Results

A Guide to EV SSL: Certification Authority/Browser Forum

EV SSL certificates augment the current SSL certificate format, by providing a strict security component that ensures that the certificate holder is who they claim to be.

On June 12th, 2007, the CA/Browser forum officially ratified the first version of the Extended Validation (EV) SSL Guidelines, which take effect immediately. The formal approval successfully brings to a close more than two years of effort, and provides the infrastructure for trusted website identity on the Internet.

Much like the PCI Security Standards Council, The CA/Browser Forum is a consortium of more than 20 leading browser manufacturers and SSL providers, who have-together-created a standardized authentication process that any certificate authority (a third party company which issues digital certificates for use by other parties) must follow in order issue EV SSL certificates.

These CAs must obtain an independent audit as well to confirm compliance.

All leading Internet browser vendors support the EV SSL initiative, and either currently support or have announced plans to support the technology, which will allow the browser to display the verified identity of a website to a user.

The CA/Browser Forum began issuing EV SSL certificates in January of 2007,

The forum enforces the EV SSL standard on three fronts:
  • Website validation
  • CA validation
  • SSL validation or revocation
According to the CA/Browser Forum website, the main goals in creating and issuing an EV SSL certificate are as follows:

  • Identify business/organization/entity - Offers end-users assurance that the accessed website is controlled by a specific legal entity, identified in the EV SSL certificate by name, business address, incorporation and registration number, or other identifying information.
  • Enable encrypted communications - Assist the exchange of encryption keys, to ensure encrypted information is sent between the end-user and the website server.
  • Legitimize a business/organization/entity - An EV certificate should help an organization prove that they are legitimate by certifying its website, help address continuing problems such as phishing and other forms of identity fraud.
  • Enforce legal actions - Help law enforcement in investigations of phishing and other identity fraud, including contacting, investigating or taking legal action against the perpetrator.
Website Validation

The CA Browser Forum implements a strict set of requirements for entities to pass, before they can acquire an EV SSL Certificate.

For organizations that are legally registered, the requirements should be relatively easy to meet, but for fake entities and websites, EV SSL makes it harder for the online criminals who created the fake sites to, then, simulate the legitimate sites.

As of June 2007, the following entities are eligible for EV SSL certificates:
  • Private Organizations - A privately or publicly held, non-governmental legal entity. The organization must, on file, up-to-date incorporation papers, proving its jurisdiction and existence.
  • Government Entities - Government-operated political subdivisions within a country, such as federal, state, county or city entities. The entity, or entities must not be in any country where the CA is prohibited from doing business or issuing a certificate by the laws of the CA's jurisdiction.
  • Business Entities: Any entity that doesn't fall under the auspices of a Private or Government areas. This includes general partnerships, unincorporated associations and sole proprietorships.
Each of the above entities must have a valid charter, license or other document in an official registry in its area of jurisdiction, and it must be available through the registration bureau for that entity, such as a local Secretary of State.

Requestor Requirements

According to the CA Browser Forum, the actual requestor from the entity wishing to obtain an EV SSL certificate must be verified as legitimate by the entities chosen CA.

The CA has the duty of verifying, independently, the following about the requestor:
  • The requesting entity/organization is a legally established business or non-profit, registered or on record with the local government.
  • The Web domain and the organization match--the organization's ownership or right to use the Web domain in question.
  • The person making the request is employed by the entity/organization and that he/she has the authority to obtain SSL certificates.


ev ssl                      pci compliance asv


pci compliancePrint this page

| Home |  EV SSL FAQs |  Buyers Guide to EV SSL |  Where to Buy |  EV SSL News |    EV SSL Certificate Polls | 
© 2007 EV SSL Guide.com
   All right reserved - do not copy any material without written permission.



Visit Buy SSL Certs for all SSL Certificates