CA/Browser Forum
Home » Working Groups » Server Cert WG » Extended Validation » EV Guidelines for TLS Server Certificates

EV Guidelines for TLS Server Certificates

Current Version

EV TLS Server Certificate Guidelines 2.0.2 – (redlined) - adopted by Ballot SC95

Previous Versions

EV TLS Server Certificate Guidelines 2.0.1 – (redlined) - adopted by Ballot SC72

EV TLS Server Certificate Guidelines 2.0.0 – (redlined) - adopted by Ballot SC65

EV TLS Server Certificate Guidelines 1.8.1 – (redlined) – adopted by Ballot SC68

EV TLS Server Certificate Guidelines 1.8.0 – (redlined) – adopted by Ballot SC56

EV SSL Certificate Guidelines 1.7.9 – (redlined) – adopted by Ballot SC54

EV SSL Certificate Guidelines 1.7.8 – (redlined) – adopted by Ballot SC48

EV SSL Certificate Guidelines 1.7.7 – (redlined) – adopted by Ballot SC47

EV SSL Certificate Guidelines 1.7.6 – (redlined) – adopted by Ballot SC42

EV SSL Certificate Guidelines 1.7.5 – (redlined) – adopted by Ballot SC41

EV SSL Certificate Guidelines 1.7.4 – (redlined) – adopted by Ballot SC35

EV SSL Certificate Guidelines 1.7.3 – (redlined) – adopted by Ballots SC30 and SC31

EV SSL Certificate Guidelines 1.7.2 – (redlined) – adopted by Ballot SC27

EV SSL Certificate Guidelines 1.7.1 – (redlined) – adopted by Ballot SC24

EV SSL Certificate Guidelines 1.7.0 – (redlined) – adopted by Ballot SC17

EV SSL Certificate Guidelines 1.6.9 – (redlined) – adopted by Ballot SC16

EV SSL Certificate Guidelines 1.6.8 – (redlined) – adopted by Ballot 217

EV SSL Certificate Guidelines 1.6.7 – (redlined) – adopted by Ballot 207

EV SSL Certificate Guidelines 1.6.6 – (redlined) – adopted by Ballot 192

EV SSL Certificate Guidelines 1.6.5 – (redlined) – adopted by Ballot 201

EV SSL Certificate Guidelines 1.6.4 – (redlined) – adopted by Ballot 191

EV SSL Certificate Guidelines 1.6.3 – (redlined) – (declared invalid)

EV SSL Certificate Guidelines 1.6.2 – (redlined) – adopted by Ballot 193 on 17 March 2017

EV SSL Certificate Guidelines 1.6.1 – (redlined) – adopted by Ballot 180 on 7 January 2017

EV SSL Certificate Guidelines 1.6.0 – (redlined) – adopted by Ballot 171 on 1 July 2016

EV SSL Certificate Guidelines 1.5.9 – (redlined) – adopted by Ballot 163

EV SSL Certificate Guidelines 1.5.8 – (redlined) – adopted by Ballot 162

EV SSL Certificate Guidelines 1.5.7 – (redlined) – adopted by Ballot 151

EV SSL Certificate Guidelines 1.5.6 – (redlined) – adopted by Ballot 147

EV SSL Certificate Guidelines 1.5.5 – (redlined) – adopted by Ballot 145 and Ballot 146

EV SSL Certificate Guidelines 1.5.4 – (redlined) – adopted by Ballot 146 on 16 April 2015 which reformatted the Baseline Requirements and created CAB Forum BR 1.3.0.

EV SSL Certificate Guidelines 1.5.3 – (redlined) – adopted by Ballot 144 on 18 February 2015

EV SSL Certificate Guidelines 1.5.2 – (redlined) – adopted by Ballot 123 on 16 October 2014

EV SSL Certificate Guidelines 1.5.1 – (redlined) – adopted by Ballot 131 on 12 September 2014

EV SSL Certificate Guidelines 1.5.0 – (redlined) – adopted by Ballot 126 on 24 July 2014

EV SSL Certificate Guidelines 1.4.9 – (redlined) – adopted by Ballot 127 on 17 July 2014

EV SSL Certificate Guidelines 1.4.8 – (redlined) – adopted by Ballot 124 on 5 June 2014

EV SSL Certificate Guidelines 1.4.7 – (redlined) – adopted by Ballot 120 on 5 June 2014

EV SSL Certificate Guidelines 1.4.6 – (redlined) – adopted on 24 March 2014

EV SSL Certificate Guidelines 1.4.5 – (redlined) – adopted on 28 January 2014

EV SSL Certificate Guidelines 1.4.4 – (redlined) – adopted on 13 January 2014

EV SSL Certificate Guidelines 1.4.3 – (redlined) – 9 July 2013 – 13 January 2014

EV SSL Certificate Guidelines 1.4.2 – (redlined) – effective May 31, 2013

EV SSL Certificate Guidelines 1.4.1 – None (see version 1.1 of the Baseline Requirements) (There was not a version 1.4.1 of the EV Guidelines because the change for Ballot 75 only addressed a provision in the Baseline Requirements.)

EV SSL Certificate Guidelines 1.4 – effective May 29, 2012

Errata 1.4 EV SSL Certificate Guidelines 1.3 – effective November 20, 2010

Errata 1.3 EV SSL Certificate Guidelines 1.2 – effective October 1, 2009

Errata 1.2 EV SSL Certificate Guidelines 1.1 – effective April 10, 2008

Errata 1.1 EV SSL Certificate Guidelines 1.0 – effective June 12, 2007 – April 11, 2008

Erratum to Guidelines 1 EV SSL Certificate Guidelines Draft 11 – valid through June 11, 2007

Extended Validation
Latest releases
Server Certificate Requirements
SC099: Improve Recording of Validation Methods - May 19, 2026

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.14 - Ballot SMC016 - May 5, 2026

This ballot maintains consistency between the S/MIME Baseline Requirements and the TLS Baseline Requirements with changes introduced by Ballots SC096 and SC097. Specifically, this ballot: Creates a carve-out of the logging requirements for DNSSEC specifically, stating these are not in scope. For audit purposes, change management logging is able to confirm if the appropriate controls are in effect or not. Sunsets all remaining use of SHA-1 signatures in Certificates and CRLs. It is noted that most uses of SHA-1 signatures are already deprecated by SC097. With this ballot, all unexpired Subordinate CA Certificates issuing S/MIME containing the SHA-1 signature algorithm must be revoked. This proposal does not prohibit the use of SHA-1 to generate issuerKeyHash or issuerNameHash values as currently required by RFC 5019. Includes minor formatting corrections.

Network and Certificate System Security Requirements
Version 2.0.5 (Ballot NS-008) - Jul 9, 2025

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).