• Home
• CA/Browser Forum
• EV SSL Certificates
• Objectives
• Vetting Process
• Certificate Contents
• FAQ

Guidelines for Extended Validation Certificates Add Verified Identity to SSL

The formal approval brings to the successful close more than two years of effort by over 25 companies and marks the dawn of a new era of identity on the Internet.

Version 1.0 of EV Certificate Guidelines ratified by leading certification authorities and vendors of Internet browser software.

The CA/Browser Forum, a voluntary organization of leading certification authorities (CAs) and Internet browser software vendors has released a set of guidelines for a new type of Extended Validation (EV) certificate, including standardized procedures for verifying and ensuring the identity of the certificate holder.

Extended Validation SSL (EV SSL) Certificates build on the existing SSL certificate format, but provide an additional layer of protection in a strictly defined issuance process created to ensure that the certificate holder is who they claim to be. To ensure the integrity of the process, revocation measures are specified that allow for the quick and effective revocation of improperly issued or used certificates. All leading Internet browser vendors have stated their support for EV SSL, and either currently support or have announced plans to support the technology, which will allow the browser to display the verified identity of a website to a user.

On June 12th, 2007, the CA/Browser forum officially ratified the first version of the Extended Validation (EV) SSL Guidelines, which take effect immediately. The formal approval successfully brings to a close more than two years of effort, and provides the infrastructure for trusted website identity on the Internet.

Vendors of Internet browsers all voiced support and enthusiasm for the new EV SSL Guidelines.

"Determining the identity of the websites they visit has always been a challenge for internet users," said Markellos Diorinos, Security Product Manager for Internet Explorer at Microsoft. "With Extended Validation SSL Certificates, which allow Internet Explorer 7 to display verified identity information for websites, users are now able to make better trust decisions online."

"Mozilla is excited to see the new Extended Validation Guidelines that have resulted from collaboration between Certificate Authorities," said Window Snyder, Chief Security Officer for the makers of the Firefox web browser. "EV SSL will make it easier for Firefox to tell users who is behind the website they're seeing, which is an important factor in making trust decisions."

"We welcome this move to create common guidelines for implementation of Extended Validation Certificates," said Christen Krogh, President of Engineering for Opera Software ASA. "We have always placed user security as our first priority and these certificates will improve digital identity assurance for users of compliant browsers."

"The KDE project is thrilled to take part in this initiative," said Sebastien Kugler of the KDE Project. "It's a great opportunity to make the Internet more secure and a friendlier place, something that is fully in line with the goals of KDE. We look forward to implementing Extended Validation SSL Certificates in our web browsing component."

Extended Validation Guidelines
The issuance process of EV Certificates is strictly defined in the EV Guidelines, that specify all the steps required for a Certification Authority (CA) before issuing a certificate, and includes:

• Verifying the legal, physical and operational existence of the entity
• Verifying that the identity of the entity matches official records
• Verifying that the entity has exclusive right to use the domain specified in the EV Certificate
• Verifying that the entity has properly authorized the issuance of the EV Certificate

EV Certificates are available for all types of businesses, including government entities and both incorporated and unincorporated businesses. A second set of guidelines, the EV Audit Guidelines, specify the criteria under which a CA needs to be successfully audited before issuing EV Certificates. The audits are repeated yearly to ensure the integrity of the issuance process.

CA/Browser Forum Members
The CA/Browser forum (http://www.cabforum.org) is a voluntary organization of leading Certificate Authorities and vendors of Internet browser software.

The participating Certificate Authorities are:

A-Trust Gmbh
Trustwave
Certum
Comodo CA Ltd
Cybertrust
DigiCert, Inc.
DigiNotar
Echoworx Corporation
Entrust, Inc.
GeoTrust, Inc.
GlobalSign
GoDaddy.com, Inc.
IdenTrust, Inc.
ipsCA, IPS Certification Authority s.l.
Izenpe S.A.
Network Solutions, LLC
QuoVadis Ltd.
RSA Security, Inc.
SECOM Trust Systems CO., Ltd.
Starfield Technologies, Inc.
Swisscom Digital Certificate Service
SwissSign AG
TDC Certification Authority
Thawte, Inc.
Trustis Limited
VeriSign, Inc.
Wells Fargo Bank, N.A.

The participating Internet Browser Vendors are:

KDE
Microsoft Corporation
Mozilla Foundation
Opera Software ASA

Home ¦ CA/Browser Forum ¦ EV SSL Certificates ¦ Objectives ¦ Vetting Process ¦ Certificate Contents¦ Documents
Contact CA/B Forum
Copyright © 2006-2008 All rights reserved.