Российско Украинское cовместное предприятие

Контакты http://adgrafics.tel

FAQ. EV SSL Certificates

Extended Validation SSL (EV SSL Certificates) - Online Identity Assurance

Extended Validation SSL Certificates were created in direct response to the rise in Internet fraud, eroding consumer confidence in online transactions. In 2005, 84% of respondents to a Forrester Research study said they don’t think retailers are doing enough to protect their customers online and 24% did not make purchases online due to security concerns.* Before customers share their confidential data online, they want proof of identification from a trusted source. The Extended Validation SSL Standard raises the bar on verification of SSL Certificates and enables visual displays in high security browsers.

What is Extended Validation SSL? Extended Validation SSL Certificates give high security Web browsers information to clearly identify a Web site’s organizational identity. For example, if you use Microsoft® Internet Explorer 7 to go to a Web site secured with an SSL Certificate that meets the Extended Validation Standard, IE7 will cause the URL address bar to turn green. A display next to the green bar will toggle between the organization name listed in the certificate and the Certificate Authority (VeriSign, for example). Firefox and Opera have announced their intention to support Extended Validation SSL in upcoming releases. Older browsers will display Extended Validation SSL Certificates with the same security symbols as existing SSL Certificates.

What is the Extended Validation Standard?

In 2006, a group of leading SSL Certificate Authorities (CAs) and browser vendors approved standard practices for certificate validation and display called the Extended Validation Standard. To issue an SSL Certificate that complies with the standard, a CA must adopt the extended certificate validation practice and pass a Webtrust audit. The validation process requires the CA to authenticate the certificate applicant’s domain ownership and organizational identity, as well as the individual approver’s employment with the applicant, and authority to obtain the Extended Validation SSL Certificate. Our Certification Practice Statement outlines our authentication and verification processes.

How will Extended Validation SSL increase consumer confidence?

As people use the Web for commerce, business, and social activities, they share personal and confidential information. High profile incidents of fraud and phishing scams have made Internet users very concerned about identity theft. Before they enter sensitive data, they want proof that the Web site can be trusted and their information will be encrypted. Without it, they abandon their transaction and do business elsewhere. High security browsers and Extended Validation SSL Certificates provide third-party verification with a visual display that gives consumers confidence and builds trust in e-commerce.

What are the benefits of Extended Validation SSL to Web site owners?

An Extended Validation SSL Certificate helps your visitors complete secure transactions with confidence and puts your organization in a leadership position. If your site has the “green bar” in IE 7 and your competitor’s site does not, you appear to be more trusted and more legitimate. That’s a competitive advantage in the world of e-commerce. For businesses with a high profile brand, using Extended Validation SSL is the most effective defense against phishing scams. When customers see the green bar and the name of your security vendor, they can interact with you online, with confidence.

Who is eligible to receive an EV SSL Certificate?

The CA/Browser Forum dictates what kinds of entities are eligible to obtain EV Certificates. The following entities are eligible provided they are currently registered with and approved by an official registration agency in their jurisdiction. The resulting charter, certificate, license or equivalent must be verifiable through that registration agency.

• Government agencies
• Corporations
• General partnerships
• Unincorporated associations
• Sole proprietorships

The employment and authority of the person placing the certificate order must be verifiable. These business entities need to have a confirmable physical existence and business presence. Any assumed business names should be verifiable. A principal individual associated with the business must be validated and that person must confirm agreement to the certificate subscriber agreement. The entity cannot be located in a country where VeriSign is prohibited from doing business or listed on any government prohibited list such an embargo restriction.

Where can I buy an Extended Validation SSL Certificate?

VeriSign offers Extended Validation SSL Certificates for purchase as individual certificates and in multiple certificate packs through our Managed PKI for SSL service for the enterprise. The most secure and trusted option for SSL is a true 128-bit, Extended Validation (EV) SSL Certificate. Look for Secure Site Pro with EV or Managed PKI for SSL Premium with EV.

What type of additional documentation is required?

A legal opinion letter confirming that the requestor has the authority to obtain an SSL Certificate on behalf of the company must be submitted to VeriSign. The legal opinion letter also may be used to confirm the organization registration, organization address, telephone number, domain ownership, and that the organization is conducting business. Once confirmed, the requestor may be able to purchase additional SSL Certificates based on the original letter. If a legal opinion letter cannot be obtained, Our Certification Practice Statement outlines alternate authentication and verification processes.

Can I renew SSL Certificates and add the Extended Validation Standard?

When you renew individual SSL Certificates, look for the upgrade to Extended Validation. Due to the additional steps in the verification process, enrollment may take longer than traditional SSL Certificates and the express guarantee for 2-day delivery does not apply. Managed PKI for SSL accounts must be pre-qualified to request Extended Validation SSL Certificates before traditional certificates may be converted to EV. To upgrade SSL Certificates to Extended Validation, contact VeriSign sales.

What is EV Upgrader™ and how does it work?

EV Upgrader™ is the first ever technology that enables all IE7 on Windows Vista and XP client systems to display the green address bar, organization name, and other Extended Validation interface conventions. EV Upgrader works by prompting existing root update functionality in IE7 for Windows XP on visiting client systems and therefore enabling the IE7 client to "recognize" the SSL Certificate's EV status. In the absence of the root update, no Windows XP client can ever see the green bar on your site.

Once a given client system has a specific EV SSL root installed (by way of EV Upgrader or manual installation, from the Microsoft Web site, by the user) that client will experience "green bar" behavior whenever connecting to a valid EV SSL Certificate on that same root. Note that this root installation affects only the root in question and does not enable that client for EV behavior with any other root.

Automatically upgrades Internet Explorer 7 on Windows XP to see Extended Validation (EV) SSL "green bar" interface EV Upgrader, created by VeriSign, is the first technology to enable all Internet Explorer 7 on Windows XP client systems to display all of the interface conventions offered by the new EV SSL Certificates, such as the green address bar, organization name, and issuing Certificate Authority. Without EV Upgrader, only Windows Vista client systems are sure to see the green bar.

Benefits:

• More end users see the “green bar” and security status bar
• Seamless and invisible to clients
• Effortless to install

Features:

• Automatic upgrade for all IE7 users running Windows XP
• Built into the VeriSign Secured™ Seal
• Provided at no charge with the purchase of a VeriSign EV SSL Certificate

Why wouldn’t an IE7 browser recognize EV? A browser identifies an SSL Certificate as authentic by checking to see if the certificate matches a valid SSL root resident on the client machine. To make sure as many browser clients as possible recognize the VeriSign EV SSL Certificate as authentic, VeriSign has signed each EV Certificate with two roots: an EV root and a traditional SSL root. However, an IE7 client browser may recognize the traditional SSL root instead of the EV root simply because the automatic search for a root will find the traditional root before finding the EV root. EV Upgrader solves this problem. IE7 is the first browser to implement the EV enhancements. IE7 on Vista automatically updates the root store on a weekly basis so these systems should always be able to recognize an EV Certificate and display it accordingly. However IE7 clients on Windows XP do not perform this automatic update. Instead if these systems do not find a known root when they visit a Web server, they will automatically go to the Microsoft root store to see if they can download a matching root. Windows XP systems, developed before the EV standard was created, will not have the EV root locally resident unless their root storage has been manually updated or somehow the system has already been triggered to update the local root store. This is where EV Upgrader steps in to fill the gap.

How does EV Upgrader work? The first time an IE7 client on Windows XP visits a Web site with a VeriSign Secured Seal and EV Upgrader the client browser will be triggered to contact a Microsoft root store service and seamlessly install the VeriSign EV root. Once a client system has a specific EV SSL root installed that client will experience "green bar" behavior whenever connecting to a valid EV SSL Certificate on that same root.