Worldwide Sites
Where can I buy an Extended Validation SSL Certificate?
Why were Extended Validation SSL (EV SSL Certificates) created?
What is Extended Validation SSL?
What is a high-security browser?
What is the Extended Validation Standard?
How will Extended Validation SSL increase consumer confidence?
What are the benefits of Extended Validation SSL to Web site owners?
Who is eligible to receive an EV SSL Certificate?
What type of additional documentation does VeriSign require?
Can I renew SSL Certificates and add the Extended Validation Standard?
Why wouldn’t an IE7 browser recognise EV?
How does VeriSign EV Upgrader™ enable all IE7 browsers to recognise EV?
When will most Windows XP users have updated root stores?
Where can I buy an Extended Validation SSL Certificate?
VeriSign offers Extended Validation SSL Certificates for purchase as individual certificates and with volume discounts
for multiple certificate purchases. The most secure and trusted option for SSL is a True 128-bit, Extended Validation (EV) SSL Certificate. Look for Secure Site Pro with EV
or Managed PKI for SSL Premium with EV.
Back to Top
Why were Extended Validation SSL (EV SSL Certificates) created?
Extended Validation SSL Certificates were created in direct response to the rise in Internet fraud, eroding consumer confidence in online transactions. In 2005, 84% of respondents to a Forrester Research study said they didn’t think retailers were doing enough to protect their customers online and 24 per cent did not make purchases online due to security concerns. (Lauri Giesen, "Hand-holding: Fraud-weary consumers look for the seal of approval," Internet Retailer, March 2006.) Before customers share their confidential data online, they want proof of identification from a trusted source. The Extended Validation SSL Standard raises the bar on verification of SSL Certificates and enables visual displays in high-security browsers.
Back to Top
What is Extended Validation SSL?
Extended Validation SSL Certificates give high-security Web browsers information to clearly identify a Web site’s organisational identity. For example, if you use Microsoft® Internet Explorer 7 to go to a Web site secured with an SSL Certificate that meets the Extended Validation Standard, IE7 will cause the URL address bar to turn green. A display next to the green bar will toggle between the organisation name listed in the certificate and the Certificate Authority (VeriSign, for example). Firefox 3 and Opera 9.5 also supports Extended Validation SSL. Other browsers are expected to offer Extended Validation visibility in upcoming releases. Older browsers will display Extended Validation SSL Certificates with the same security symbols as existing SSL Certificates.
Back to Top
What is a high-security browser?
Web browsers that were developed to recognise EV SSL Certificates are considered high-security browsers. They are designed to trigger unique visual cues to indicate the presence of an EV SSL Certificate. For instance, Internet Explorer 7 shows a green address bar and displays the name of the organisation listed in the certificate as well as the certificate’s security vendor. These displays make it easier for Web site visitors to quickly establish trust with the Web sites they visit. Microsoft® Internet Explorer 7 and Firefox 3 are examples of high-security browsers.
Back to Top
What is the Extended Validation Standard?
In 2006, a group of leading SSL Certificate Authorities (CAs) and browser vendors approved standard practices for certificate validation and display called the Extended Validation Standard. To issue an SSL Certificate that complies with the standard, a CA must adopt the extended certificate validation practice and pass a Webtrust audit. The validation process requires the CA to authenticate the certificate applicant’s domain ownership and organisational identity, as well as the individual approver’s employment with the applicant, and authority to obtain the Extended Validation SSL Certificate. Our Certification Practice Statement
outlines our authentication and verification processes.
Back to Top
How will Extended Validation SSL increase consumer confidence?
As people use the Web for commerce, business and social activities, they share personal and confidential information. High profile incidents of fraud and phishing scams have made Internet users very concerned about identity theft. Before they enter sensitive data, they want proof that the Web site can be trusted and their information will be encrypted. Without it, they may abandon their shopping cart/basket or other transaction and do business elsewhere. High-security browsers and Extended Validation SSL Certificates provide third-party verification with a visual display that gives consumers confidence and builds trust in online business.
Back to Top
What are the benefits of Extended Validation SSL to Web site owners?
An Extended Validation SSL Certificate helps your visitors complete secure transactions with confidence and puts your organisation in a leadership position. If your site has the “green bar” and your competitor’s site does not, you appear to be more trustworthy. That’s a competitive advantage in the world of e-commerce. For businesses with a high profile brand, using Extended Validation SSL is the most effective defence against phishing scams. When customers see the green bar and the name of your security vendor, they can interact with you online, with confidence.
Back to Top
Who is eligible to receive an EV SSL Certificate?
The CA/Browser Forum dictates what kinds of entities are eligible to obtain EV Certificates. The following entities are eligible provided they are currently registered with and approved by an official registration agency in their jurisdiction. The resulting charter, certificate, licence or equivalent must be verifiable through that registration agency.
- Government agencies
- Corporations
- General partnerships
- Unincorporated associations
- Sole proprietorships
The employment and authority of the person placing the certificate order must be verifiable. These business entities need to have a confirmable physical existence and business presence. Any assumed business names should be verifiable. A principal individual associated with the business must be validated and that person must confirm agreement to the certificate subscriber agreement. The entity cannot be located in a country where VeriSign is prohibited from doing business or listed on any government prohibited list such an embargo restriction.
In addition to the requirements described above, a legal opinion letter may be required to confirm that the requestor has the authority to obtain SSL Certificate(s) on behalf of the company. The legal opinion letter also may be used to confirm the organisation registration, organisation address, telephone number, domain ownership and the organisation’s business status. The physical address may, alternatively, be confirmed by a physical site visit. Once confirmed, the requestor may be able to purchase additional SSL Certificates based on the original letter. If a legal opinion letter cannot be obtained, our Certification Practice Statement
outlines alternate authentication and verification processes.
Back to Top
What type of additional documentation does VeriSign require?
A legal opinion letter confirming that the requestor has the authority to obtain an SSL Certificate on behalf of the company must be submitted to VeriSign. The legal opinion letter also may be used to confirm the organisation registration, organisation address, telephone number, domain ownership and that the organisation is conducting business. Once confirmed, the requestor may be able to purchase additional SSL Certificates based on the original letter. If a legal opinion letter cannot be obtained, our Certification Practice Statement
outlines alternate authentication and verification processes.
Back to Top
Can I renew SSL Certificates and add the Extended Validation Standard?
When you renew individual SSL Certificates, look for the upgrade to Extended Validation. Due to the additional steps in the verification process, enrolment may take longer than traditional SSL Certificates and the express guarantee for two-day delivery does not apply. Managed PKI for SSL accounts must be pre-qualified to request Extended Validation SSL Certificates before traditional certificates may be converted to EV. To upgrade SSL Certificates to Extended Validation, contact VeriSign sales.
Back to Top
Why wouldn’t an IE7 browser recognise EV?
A browser identifies an SSL Certificate as authentic by checking to see if the certificate matches a valid SSL root resident on the client machine. VeriSign signs every EV SSL Certificate with two roots: an EV root and a traditional SSL root. With two roots, every browser will identify a valid SSL root, even older browsers that do not yet recognise EV. IE7 is designed to recognise Extended Validation, but may not correctly display in Windows XP because the traditional SSL root is matched rather than the EV root. Internet Windows XP systems do not automatically update the root store. Developed before the EV standard existed, Windows XP systems do not have the EV root locally resident unless it has been manually updated and, because the browser recognises the traditional SSL root, it has no trigger to update the root store. VeriSign EV Upgrader technology, built directly into the VeriSign Secured® Seal, will trigger this manual update. Explorer 7 on Vista is designed to automatically update the root store on a weekly basis and should always recognise an EV Certificate and display it appropriately.
Back to Top
How does VeriSign EV Upgrader™ enable all IE7 browsers to recognise EV?
VeriSign EV Upgrader technology is built directly into the VeriSign Secured® Seal. The first time an IE7 client on Windows XP visits a Web site with a VeriSign Secured Seal and EV Upgrader the client browser will contact a Microsoft root store service and seamlessly install the VeriSign EV root. Once the EV root is stored, it will verify VeriSign EV SSL Certificates on any Web site and display green bar and organisation name appropriately. The update happens in the background and without prompting from the user.
Back to Top
When will most Windows XP users have updated root stores?
Over 90,000 domains in 145 countries display the VeriSign Secured Seal. EV Upgrader has helped quickly update root stores for Windows XP IE7 users worldwide. VeriSign recommends that you install the VeriSign Secured Seal on your home page to ensure a prompt update and the display of the green address bar on transactional pages of Windows XP users.
Back to Top
