Extended Validation SSL Certificates are the most recent innovation in SSL Certificates. EV SSL certificates combat online threats that erode trust online. They provide a new way for merchants to prove that their site has been verified as an authenticated business. EV SSL Certificates are designed to provide visitors with the green “good to go” browser indicator when visitors go to a secure page.
In Internet Explorer, an EV SSL Certificate will turn your customer’s address bar green and display the name of your business next to your web address.
All major browsers (e.g. Microsoft, Mozilla, Opera etc) are integrating new displays in order to provide consumer’s with a visual indicator of a website’s security. Visitors of an EV SSL Certificate-protected website can receive quick and easy assurance that the site is a safe place to shop.
THE EV SSL CERTIFICATE VALIDATION PROCESS
The EV SSL Certificate process validates the requestor’s domain control and verifies the requesting entity’s legal existence and identity. The EV SSL validation process is the most extensive and rigorous in the Industry. This process ensures that only trustworthy and non-fraudulent websites receive the green trust indicator.
Unlike other validation processes in the SSL industry, a certification authority issuing EV SSL Certificates cannot rely on any kind of self-reported data (such as address and phone numbers) during the validation process. All data provided by a company hoping to obtain an EV SSL Certificate will be checked against reliable third-party sources.
Before a company can receive an EV SSL certificate, the EV SSL Certificate vendor needs to perform three important steps.
- Confirm the existence of the Company through 3rd party source
- Verify that the request has been made on behalf of the company
- Obtain mutual confirmation of the request between the Certificate Authority and the requesting party
Typically this is a contract that will be sent at the end of the validation process to the requesting party. The contract must be signed by an authorized person.
For all three steps listed above, special guidelines outline in detail what background checks should be performed by all Certificate Authorities issuing EV SSL Certificates.
A customer wishing to obtain an EV SSL Certificate must own and control the domain name that will utilize the EV SSL Certificate. A Certificate Authority will check website registration records (Whois database) or may ask the customer to make a change to the website under the domain name.
The Certification Authority must verify that the individual requesting the certificate is acting as a legitimate agent for the requesting company. One way that a Certificate Authority may verify this data is by contacting the requesting company’s human resource department.
The Certificate Authority will also verify the identity of the contract signer (in most cases this will be a C level management person). Usually this is verified with written documentation.
LEGAL EXISTENCE AND IDENTITY
A Certificate Authority will check to make sure that the business is legally recognized and that the formal name matches the official Government records. In cases where a trading name is used, the Certificate Authority must verify any alternative names that differ from the legal name of the customer in qualified databases.
The Certification Authority is required to cross-check the address listed in the certificate application against a qualified government database.
If the listed address cannot be verified by consulting the government database, an on-site visit may be necessary to investigate the discrepancy. Investigators may need to take photos of business operations or speak with company personal.
The Certificate Authority will confirm that the telephone number listed on the certificate application is the primary telephone number for the requesting organization. This is accomplished by calling the number directly or by checking phone directory listings.