• Home
• CA/Browser Forum
• EV SSL Certificates
• Objectives
• Vetting Process
• Certificate Contents
• FAQ

Extended Validation Certificates Add Verified Identity to SSL

The CA/Browser Forum, a voluntary organization of leading certification authorities (CAs) and Relying-Party Application Software Suppliers has updated its guidelines for issuance and management of Extended Validation (EV) certificates, which include standardized procedures for verifying and expressing the identity of the certificate holder.

Extended Validation SSL (EV SSL) Certificates build on the existing SSL certificate format, but provide an additional layer of protection in a strictly defined issuance process created to ensure that the certificate holder is who they claim to be. To ensure the ongoing integrity of the process, revocation measures are specified that allow for the quick and effective revocation of improperly issued or misused certificates. Leading Relying-Party Application Software Suppliers support EV SSL, which allows the browser to display the verified identity of the Web site owner to the user.

On June 12th, 2007, the CA/Browser Forum officially ratified the first version of the Extended Validation (EV) SSL Guidelines, which took effect immediately. The formal approval successfully brought to a close more than two years of effort, and provided the infrastructure for trusted Web site identity on the Internet. Then, in April of 2008, the Forum announced version 1.1 of the Guidelines, building on the practical experience of its member CAs and Relying-Party Application Software Suppliers gained in the months since the first version was approved for use.

On 1 October 2009, the Forum approved version 1.2 of the EV Guidelines. This version represents a further streamlining of the requirements for issuing and managing EV certificates, while avoiding any diminution of the level of assurance they provide in the identity of the Web site owner.

"Determining the identity of the Web sites they visit has always been a challenge for Internet users," said Markellos Diorinos, Security Product Manager for Internet Explorer at Microsoft. "With Extended Validation SSL Certificates, which allow Internet Explorer 7 to display verified identity information for Web sites, users are now able to make better trust decisions online."

"Mozilla is excited to see the new Extended Validation Guidelines that have resulted from collaboration between Certification Authorities," said Window Snyder, Chief Security Officer for the makers of the Firefox Web browser. "EV SSL will make it easier for Firefox to tell users who is behind the Web site they're seeing, which is an important factor in making trust decisions."

"We welcome this move to create common guidelines for implementation of Extended Validation Certificates," said Christen Krogh, President of Engineering for Opera Software ASA. "We have always placed user security as our first priority and these certificates will improve digital identity assurance for users of compliant browsers."

"The KDE project is thrilled to take part in this initiative," said Sebastien Kugler of the KDE Project. "It's a great opportunity to make the Internet more secure and a friendlier place, something that is fully in line with the goals of KDE. We look forward to implementing Extended Validation SSL Certificates in our Web browsing component."

Extended Validation Guidelines
The issuance and management processes of EV Certificates is strictly defined in the EV Guidelines, that specify all the steps required for a Certification Authority (CA) before issuing a certificate, and includes:

• Verifying the legal, physical and operational existence of the entity
• Verifying that the identity of the entity matches official records
• Verifying that the entity has exclusive right to use the domain specified in the EV Certificate
• Verifying that the entity has properly authorized the issuance of the EV Certificate

EV Certificates are available for all types of businesses, including government entities and both incorporated and unincorporated businesses. A second set of guidelines, the EV Audit Guidelines, specify the criteria under which a CA needs to be successfully audited before it may issue EV Certificates. The audits are repeated annually to ensure the ongoing integrity of the process.

CA/Browser Forum Members
The CA/Browser forum (http://www.cabforum.org) is a voluntary organization of leading Certificate Authorities and suppliers of Internet browser software.

The participating Certificate Authorities are:

A-Trust Gmbh
AC Camerfirma SA
Buypass AS
Certum
Comodo CA Ltd
Cybertrust
D-TRUST GmbH
DanID A/S
DigiCert, Inc.
DigiNotar
Echoworx Corporation
Entrust, Inc.
GeoTrust, Inc.
Getronics PinkRoccade
GlobalSign
GoDaddy.com, Inc.
IdenTrust, Inc.
ipsCA, IPS Certification Authority s.l.
Izenpe S.A.
Japan Certification Services, Inc.
KEYNECTIS
Network Solutions, LLC
QuoVadis Ltd.
RSA Security, Inc.
SECOM Trust Systems CO., Ltd.
Skaitmeninio sertifikavimo centras
Starfield Technologies, Inc.
StartCom Certification Authority
Swisscom Digital Certificate Service
SwissSign AG
T-Systems Enterprise Services GmbH.
TC TrustCenter GmbH
Thawte, Inc.
Trustis Limited
Trustwave
TWCA Corporation
VeriSign, Inc.
Wells Fargo Bank, N.A.

The participating Relying-Party Application Software Suppliers are:

Apple
Google Inc.
KDE
Microsoft Corporation
Opera Software ASA
Research in Motion Limited
The Mozilla Foundation

Home ¦ CA/Browser Forum ¦ EV SSL Certificates ¦ Objectives ¦ Vetting Process ¦ Certificate Contents¦ Documents
Contact CA/B Forum
Copyright © 2006-2008 All rights reserved.