EmailSharePrint

FAQ: Extended Validation SSL

Questions:

Where can I buy an Extended Validation SSL Certificate?
Why were Extended Validation SSL (EV SSL Certificates) created?
What is Extended Validation SSL?
What is a high-security browser?
What is the Extended Validation Standard?
How will Extended Validation SSL increase consumer confidence?
What are the benefits of Extended Validation SSL to Web site owners?
Who is eligible to receive an EV SSL Certificate?
What type of additional documentation does VeriSign require?
Can I renew SSL Certificates and add the Extended Validation Standard?
Why wouldn’t an IE7 browser recognise EV?
How does VeriSign EV Upgrader™ enable all IE7 browsers to recognise EV?
When will most Windows XP users have updated root stores?

Answers:

Where can I buy an Extended Validation SSL Certificate?
VeriSign offers Extended Validation SSL Certificates for purchase as individual certificates. The most secure and trusted option for SSL is a True 128-bit, Extended Validation (EV) SSL Certificate. Look for Secure Site Pro with EV or Managed PKI for SSL Premium with EV.

Back to Top

Why were Extended Validation SSL (EV SSL Certificates) created?
Extended Validation SSL Certificates were created in direct response to the rise in Internet fraud, eroding consumer confidence in online transactions. In 2005, 84 per cent of respondents to a Forrester Research study said they did not think retailers were doing enough to protect their customers online and 24 per cent did not make purchases online due to security concerns. (Lauri Giesen, "Hand-holding: Fraud-weary consumers look for the seal of approval," Internet Retailer, March 2006.) Before customers share their confidential data online, they want proof of identification from a trusted source. The Extended Validation SSL Standard raises the bar on verification of SSL Certificates and enables visual displays in high-security browsers.

Back to Top

What is Extended Validation SSL?
Extended Validation SSL Certificates give high-security Web browsers information to clearly identify a Web site organisational identity. For example, if you use Microsoft® Internet Explorer 7 to go to a Web site secured with an SSL Certificate that meets the Extended Validation Standard, IE7 will cause the URL address bar to turn green. A display next to the green bar will toggle between the organisation name listed in the certificate and the Certificate Authority (VeriSign, for example). Firefox 3 also supports Extended Validation SSL. Other browsers are expected to offer Extended Validation visibility in upcoming releases. Older browsers will display Extended Validation SSL Certificates with the same security symbols as existing SSL Certificates. For more information about EV SSL, we invite you to view our data sheet, How Extended Validation SSL can help to increase online transactions and improve customer confidence (PDF)

Green Bar Diagram

Back to Top

What is a high-security browser?
Web browsers that were developed to recognise EV SSL Certificates are considered high-security browsers. They are designed to trigger unique visual cues to indicate the presence of an EV SSL Certificate. For instance, Internet Explorer 7 shows a green address bar and displays the name of the organisation listed in the certificate as well as the certificate’s security vendor. These displays make it easier for Web site visitors to quickly establish trust with the Web sites they visit. As of March of 2009, 70% of browsers in use worldwide were high-security and EV-enabled including Microsoft® Internet Explorer 7 and 8, Firefox 3, Opera 9.5, Safari 3.2, Google Chrome and Flock 2.0. (Market Share by Net Applications, March 2009, http://marketshare.hitslink.com).

Back to Top

What is the Extended Validation Standard?
In 2006, a group of leading SSL Certificate Authorities (CAs) and browser vendors approved standard practices for certificate validation and display called the Extended Validation Standard. To issue an SSL Certificate that complies with the standard, a CA must adopt the extended certificate validation practice and pass a Webtrust audit. The validation process requires the CA to authenticate the certificate applicant’s domain ownership and organisational identity, as well as the individual approver’s employment with the applicant, and authority to obtain the Extended Validation SSL Certificate. Our Certification Practice Statement outlines our authentication and verification processes.

Back to Top

How will Extended Validation SSL increase consumer confidence?
As people use the Web for commerce, business and social activities, they share personal and confidential information. High profile incidents of fraud and phishing scams have made Internet users very concerned about identity theft. Before they enter sensitive data, they want proof that the Web site can be trusted and their information will be encrypted. Without it, they may abandon their shopping cart/basket or other transaction and do business elsewhere. High-security browsers and Extended Validation SSL Certificates provide third-party verification with a visual display that gives consumers confidence and builds trust in online business.

Back to Top

What are the benefits of Extended Validation SSL to Web site owners?
An Extended Validation SSL Certificate helps your visitors complete secure transactions with confidence and puts your organisation in a leadership position. If your site has the “green bar” and your competitor’s site does not, you appear to be more trustworthy. That’s a competitive advantage in the world of e-commerce. For businesses with a high profile brand, using Extended Validation SSL is the most effective defence against phishing scams. When customers see the green bar and the name of your security vendor, they can interact with you online, with confidence.

Back to Top

Who is eligible to receive an EV SSL Certificate?
The CA/Browser Forum dictates what kinds of entities are eligible to obtain EV Certificates. The following entities are eligible, provided they are currently registered with and approved by an official registration agency in their jurisdiction. The resulting charter, certificate, licence or equivalent must be verifiable through that registration agency.

  • Government agencies
  • Corporations
  • General partnerships
  • Unincorporated associations
  • Sole proprietorships

The employment and authority of the person placing the certificate order must be verifiable. These business entities need to have a confirmable physical existence and business presence. Any assumed business names should be verifiable. A principal individual associated with the business must be validated and that person must confirm agreement to the certificate subscriber agreement. The entity cannot be located in a country where VeriSign is prohibited from doing business or listed on any government prohibited list such an embargo restriction.

Back to Top

In addition to the requirements described above, a legal opinion letter may be required to confirm that the requester has the authority to obtain SSL Certificate(s) on behalf of the company. The legal opinion letter also may be used to confirm the organisation registration, organisation address, telephone number, domain ownership and the organisation’s business status. The physical address may, alternatively, be confirmed by a physical site visit. Once confirmed, the requester may be able to purchase additional SSL Certificates based on the original letter. If a legal opinion letter cannot be obtained, our Certification Practice Statement outlines alternative authentication and verification processes.

Back to Top

What type of additional documentation does VeriSign require?
A legal opinion letter confirming that the requester has the authority to obtain an SSL Certificate on behalf of the company must be submitted to VeriSign. The legal opinion letter also may be used to confirm the organisation registration, organisation address, telephone number, domain ownership and that the organisation is conducting business. Once confirmed, the requester may be able to purchase additional SSL Certificates based on the original letter. If a legal opinion letter cannot be obtained, our Certification Practice Statement outlines alternative authentication and verification processes.

Back to Top

Can I renew SSL Certificates and add the Extended Validation Standard?
When you renew individual SSL Certificates, look for the upgrade to Extended Validation. Due to the additional steps in the verification process, enrolment may take longer than traditional SSL Certificates and the express guarantee for two-day delivery does not apply. Managed PKI for SSL accounts must be pre-qualified to request Extended Validation SSL Certificates before traditional certificates may be converted to EV. To upgrade SSL Certificates to Extended Validation, contact VeriSign sales.

Back to Top

Why wouldn’t an IE7 browser recognise EV?
A browser identifies an SSL Certificate as authentic by checking to see if the certificate matches a valid SSL root resident on the client machine. VeriSign signs every EV SSL Certificate with two roots: an EV root and a traditional SSL root. With two roots, every browser will identify a valid SSL root, even older browsers that do not yet recognise EV. IE7 is designed to recognise Extended Validation, but may not correctly display in Windows XP because the traditional SSL root is matched rather than the EV root. Internet Windows XP systems do not automatically update the root store. Developed before the EV standard existed, Windows XP systems do not have the EV root locally resident unless it has been manually updated and, because the browser recognises the traditional SSL root, it has no trigger to update the root store. VeriSign EV Upgrader technology, built directly into the VeriSign Secured® Seal, will trigger this manual update. Explorer 7 on Vista is designed to automatically update the root store on a weekly basis and should always recognise an EV Certificate and display it appropriately.

Back to Top

How does VeriSign EV Upgrader™ enable all IE7 browsers to recognise EV?
VeriSign EV Upgrader technology is built directly into the VeriSign Secured® Seal. The first time an IE7 client on Windows XP visits a Web site with a VeriSign Seal and EV Upgrader, the client browser will contact a Microsoft root store service and seamlessly install the VeriSign EV root. Once the EV root is stored, it will verify VeriSign EV SSL Certificates on any Web site and display green bar and organisation name appropriately. The update happens in the background and without prompting from the user.

Back to Top

When will most Windows XP users have updated root stores?
Over 100,000 domains in 165 countries display the VeriSign Seal. EV Upgrader has helped quickly update root stores for Windows XP IE7 users worldwide. VeriSign recommends that you install the VeriSign Seal on your home page to ensure a prompt update and the display of the green address bar on transactional pages of Windows XP users.

Back to Top

Learn More
Need More Info?
Call 30 114 683 Submit an enquiry online
  • VeriSign Trust Centre

  • Sign in to VeriSign Trust Centre

Try a free VeriSign SSL Certificate for 30 days.
Quote

Deployment of the VeriSign seal and EV SSL Certificates was an easy decision. We're ecstatic with the ease of implementation and the subsequent decrease in shopping cart abandonment. case study


Geoff Atkinson,
Marketing Chief of Staff,
Overstock.com