Overview of the Extended Validation SSL Vetting Process
Per the guidelines defined by the CA/Browser Forum, Certification Authorities (CAs) may issue Extended Validation (EV) SSL Certificates to Private Organizations, Government Entities, and Business Entities that satisfy the requirements specified below:
** Private Organizations**
The CA may issue EV Certificates to Private Organizations that meet the following requirements:
- The Private Organization must be a legally recognized entity whose existence was created by a filing with (or an act of) the Incorporating or Registration Agency in its Jurisdiction of Incorporation or Registration (e.g., by issuance of a certificate of incorporation) or is an entity that is chartered by a state or federal regulatory agency;
- The Private Organization must have designated with the Incorporating or Registration Agency either a Registered Agent, or a Registered Office (as required under the laws of the Jurisdiction of Incorporation or Registration) or an equivalent facility;
- The Private Organization must not be designated on the records of the Incorporating or Registration Agency by labels such as “inactive,” “invalid,” “not current,” or the equivalent;
- The Private organization must have a verifiable physical existence and business presence;
- The Private Organization’s Jurisdiction of Incorporation, Registration, Charter, or License, and/or its Place of Business must not be in any country where the CA is prohibited from doing business or issuing a certificate by the laws of the CA’s jurisdiction; and
- The Private Organization must not be listed on any government denial list or prohibited list (e.g., trade embargo) under the laws of the CA’s jurisdiction.
** Government Entities**
The CA may issue EV Certificates to Government Entities that satisfy the following requirements:
- The legal existence of the Government Entity must be established by the political subdivision in which such Government Entity operates;
- (The Government Entity must not be in any country where the CA is prohibited from doing business or issuing a certificate by the laws of the CA’s jurisdiction;
- The Government Entity must not be listed on any government denial list or prohibited list (e.g., trade embargo) under the laws of the CA’s jurisdiction.
** Business Entities**
The CA may issue EV Certificates to Business Entities that do not qualify under the criteria listed for Private Organizations above but that do satisfy the following requirements:
- The Business Entity must be a legally recognized entity whose formation included the filing of certain forms with the Registration Agency in its Jurisdiction, the issuance or approval by such Registration Agency of a charter, certificate, or license, and whose existence can be verified with that Registration Agency;
- The Business Entity must have a verifiable physical existence and business presence;
- At least one Principal Individual associated with the Business Entity must be identified and validated;
- The identified Principal Individual must attest to the representations made in the Subscriber Agreement;
- Where the Business Entity represents itself under an assumed name, the CA must verify the Business Entity’s use of the assumed name pursuant to the requirements of Section 15 herein;
- The Business Entity and the identified Principal Individual associated with the Business Entity must not be located or residing in any country where the CA is prohibited from doing business or issuing a certificate by the laws of the CA’s jurisdiction;
- The Business Entity and the identified Principal Individual associated with the Business Entity must not be listed on any government denial list or prohibited list (e.g., trade embargo) under the laws of the CA’s jurisdiction.