An Extended Validation (EV) Secure Socket Layer (SSL) Certificate allows web browsers with high security the capability to identify a website’s organizational identity. The EV certificate is signed by a certificate authority (CA), which web browsers already trust. The reason for the verification is so that you can check whether the site you are sending your very important information on, such as bank account or credit card numbers is really a secure site. If you are a webmaster you can purchase these certificates from the CA, which verifies the webmaster’s identity to varying degrees.
If you are concerned about EV certification technicality then you need to understand that this does not need an increase in encryption or additional key length security to set up from your end. However, you need to make some technical changes to accommodate the addition of an EV policy information object identifier (OID) which is inside the certificate itself. This policy OID is explained by the CA on their root certificate used for signing all EV certificate requests.
To give a good example, when you use Microsoft Internet Explorer 7 a secured website with an SSL certificate that has the EV standard, Internet Explorer 7 will cause the URL address bar to turn green. The display will show you the organization’s name (in green color) and the CA who supports the EV SSL. Phishing scams and online fraud have created a sense of fear and doubt among consumers who transact online. Phishing is an attack in the form of an email sent or a communication from a supposedly valid website asking for your personal information to share with them. These were designed by hackers to bypass SSL’s capabilities. The result is a negative effect on the consumer’s mind regarding their personal information’s safety.
To establish the eroded consumer trust, website owners find a way to show their consumers that their transactions were secured and that their website is legitimate hence, the development of Extended Validation (EV) standard for SSL certificates. If your site has this “green bar” and your competitor’s site does not, who do you think people will trust more?
The CA browser forum establishes the kinds of entities that can avail of EV certificates. You must be currently registered with and approved by an official registration agency that has jurisdiction over your place of business. The resulting certification, license or its equivalent must be verified through the previously mentioned registration agency. These are the entities mentioned here:
• Government agencies
• Unincorporated Associations
• Single or Sole Proprietorships
These mentioned entities should have a fixed business name and physical address. A principal individual who is affiliated or connected with the business must be validated too and have him or her confirm their agreement to the certificate subscriber contract. The entity should not be located in a country that is prohibited from doing business with VeriSign. A legal opinion letter is also required from the requestor who has the authority to obtain the SSL certification on behalf of their company. All the information supplied by the requestor such as the business registration, address, contact numbers, domain ownership, business status as well as physical site visit is needed before they can purchase the SSL certificates.
If in case a legal opinion letter is not possible to be obtained there is another option that can be done as an alternative as stated in the Certification Practice Statement (CPS). CPS is a public statement describing the practices that a Certification Authority uses for issuing, renewing, revoking and validating digital certificates and for supporting reliance on such certificates. A CPS should be comprehensive expounding on the technical and procedure aspect of how the operation of the supporting infrastructure works.
You can renew your individual SSL certificates by searching for the upgrade to Extended Validation. The verification process takes a longer time to do than the traditional application for SSL certificates which usually takes two days to deliver. Managed Public Key Infrastructure (PKI) specifically for SSL accounts must be pre-qualified to request Extended Validation SSL certificates before this traditional certificates can be converted to EV. For those who are confused what a PKI is, this is not an authentication method but an infrastructure that uses digital certificates as an authentication mechanism to help in building better managed certificates and their associated keys. A Digital Certificate is a reliable way of establishing the identity of the user or the computer that they use.
Explorer 7 or Vista is designed to automatically update the root store on a weekly basis and can easily recognize an EV certificate, thus displaying it accordingly. Windows XP system on the other hand does not have the EV root locally resident unless it was manually updated since the browser only recognizes the traditional SSL root; it has no trigger to update the root store. VeriSign EV Upgrader technology has allowed this update to be triggered manually.
Finally, having an extended validation certificate will help foster consumer confidence and trust in the services that you offer. Without this you can be sure that consumers will abandon their shopping cart or any other transactions with you and do their business elsewhere.