CA/Browser Forum
Home » Working Groups » Server Cert WG » Extended Validation » Overview of the Extended Validation SSL Vetting Process

Overview of the Extended Validation SSL Vetting Process

Per the guidelines defined by the CA/Browser Forum, Certification Authorities (CAs) may issue Extended Validation (EV) SSL Certificates to Private Organizations, Government Entities, and Business Entities that satisfy the requirements specified below:

** Private Organizations**

The CA may issue EV Certificates to Private Organizations that meet the following requirements:

  1. The Private Organization must be a legally recognized entity whose existence was created by a filing with (or an act of) the Incorporating or Registration Agency in its Jurisdiction of Incorporation or Registration (e.g., by issuance of a certificate of incorporation) or is an entity that is chartered by a state or federal regulatory agency;
  2. The Private Organization must have designated with the Incorporating or Registration Agency either a Registered Agent, or a Registered Office (as required under the laws of the Jurisdiction of Incorporation or Registration) or an equivalent facility;
  3. The Private Organization must not be designated on the records of the Incorporating or Registration Agency by labels such as “inactive,” “invalid,” “not current,” or the equivalent;
  4. The Private organization must have a verifiable physical existence and business presence;
  5. The Private Organization’s Jurisdiction of Incorporation, Registration, Charter, or License, and/or its Place of Business must not be in any country where the CA is prohibited from doing business or issuing a certificate by the laws of the CA’s jurisdiction; and
  6. The Private Organization must not be listed on any government denial list or prohibited list (e.g., trade embargo) under the laws of the CA’s jurisdiction.

** Government Entities**

The CA may issue EV Certificates to Government Entities that satisfy the following requirements:

  1. The legal existence of the Government Entity must be established by the political subdivision in which such Government Entity operates;
  2. (The Government Entity must not be in any country where the CA is prohibited from doing business or issuing a certificate by the laws of the CA’s jurisdiction;
  3. The Government Entity must not be listed on any government denial list or prohibited list (e.g., trade embargo) under the laws of the CA’s jurisdiction.

** Business Entities**

The CA may issue EV Certificates to Business Entities that do not qualify under the criteria listed for Private Organizations above but that do satisfy the following requirements:

  1. The Business Entity must be a legally recognized entity whose formation included the filing of certain forms with the Registration Agency in its Jurisdiction, the issuance or approval by such Registration Agency of a charter, certificate, or license, and whose existence can be verified with that Registration Agency;
  2. The Business Entity must have a verifiable physical existence and business presence;
  3. At least one Principal Individual associated with the Business Entity must be identified and validated;
  4. The identified Principal Individual must attest to the representations made in the Subscriber Agreement;
  5. Where the Business Entity represents itself under an assumed name, the CA must verify the Business Entity’s use of the assumed name pursuant to the requirements of Section 15 herein;
  6. The Business Entity and the identified Principal Individual associated with the Business Entity must not be located or residing in any country where the CA is prohibited from doing business or issuing a certificate by the laws of the CA’s jurisdiction;
  7. The Business Entity and the identified Principal Individual associated with the Business Entity must not be listed on any government denial list or prohibited list (e.g., trade embargo) under the laws of the CA’s jurisdiction.
Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).