|
Support Overview
CSR Generation
SSL Certificate Installation
Site Seals
Reissuance/Replacement
|
|
|
|
Frequently Asked Questions
Extended Validation SSL Certificates were created in direct response to the rise in Internet fraud, eroding consumer confidence in online transactions. In 2005, 84% of respondents to a Forrester Research study said they don’t think retailers are doing enough to protect their customers online and 24% did not make purchases online due to security concerns.* Before customers share their confidential data online, they want proof of identification from a trusted source. The Extended Validation SSL Standard raises the bar on verification of SSL Certificates and enables visual displays in next generation browsers.
What is Extended Validation SSL?
Extended Validation SSL Certificates give next generation Web browsers information to clearly identify a Web site’s organizational identity. For example, if you use Microsoft® Internet Explorer 7 to go to a Web site secured with an SSL Certificate that meets the Extended Validation Standard, IE7 will cause the URL address bar to turn green. A display next to the green bar will toggle between the organization name listed in the certificate and the Certificate Authority (GeoTrust, for example). Older browsers will display Extended Validation SSL Certificates with the same security symbols as existing SSL Certificates.
What is the Extended Validation Standard?
In 2006, a group of leading SSL Certificate Authorities (CAs) and browser vendors approved standard practices for certificate validation and display called the Extended Validation Standard (known during development as “High Assurance”). To issue an SSL Certificate that complies with the standard, a CA must adopt the extended certificate validation practice and pass a WebTrust audit. The validation process requires the CA to authenticate the certificate applicant’s domain ownership and organizational identity, as well as the individual approver’s employment with the applicant, and authority to obtain the Extended Validation SSL Certificate. View our authentication and verification processes at: http://www.geotrustaustralia.com/ev/index.html.
How will Extended Validation SSL increase consumer confidence?
As people use the Web for commerce, business, and social activities, they share personal and confidential information. High profile incidents of fraud and phishing scams have made Internet users very concerned about identity theft. Before they enter sensitive data, they want proof that the Web site can be trusted and their information will be encrypted. Without it, they abandon their transaction and do business elsewhere next generation browsers and Extended Validation SSL Certificates provide third-party verification with a visual display that gives consumers confidence and builds trust in e-commerce.
What are the benefits of Extended Validation SSL to Web site owners?
An Extended Validation SSL Certificate helps your visitors complete secure transactions with confidence and puts your organization in a leadership position. If your site has the “green bar” in IE 7 and your competitor’s site does not, you appear to be more trusted and more legitimate. That’s a competitive advantage in the world of e-commerce. For businesses with a high profile brand, using Extended Validation SSL is the most effective defense against phishing scams. When customers see the green bar and the name of your security vendor, they can interact with you online, with confidence.
Where can I buy an Extended Validation SSL Certificate?
True BusinessID® with EV comes with Extended Validation (EV) SSL, the latest standard and highest level of Web site authentication available, the GeoTrust True Site® site seal, and up to 256-bit encryption. True BusinessID with EV also comes with EV Upgrader™, the first technology to automatically enable all Windows XP clients to “upgrade” their Web browsers to turn their address bar green when they visit EV GeoTrust certified Web sites.
What is EV Upgrader™ and how does it work?
EV Upgrader is the first technology that enables all IE7 on Windows™ Vista and XP client systems to display the green address bar, organization name, and other Extended Validation interface conventions. EV Upgrader works by prompting existing root update functionality in IE7 for Windows XP on visiting client systems and therefore enabling the IE7 client to "see" the SSL Certificate's EV status. In the absence of EV Upgrader, only Windows Vista clients have native enablement to detect EV SSL Certificates.
Once a given client system has a specific EV SSL root installed (by way of EV Upgrader or manual installation, from the Microsoft® Web site, by the user) that client will experience "green bar" behavior whenever connecting to a valid EV SSL Certificate on that same root. Note that this root installation affects only the root in question and does not enable that client for EV behavior with any other root.
What type of additional documentation does GeoTrust® require?
A legal opinion letter confirming that the requestor has the authority to obtain an SSL Certificate on behalf of the company must be submitted to VeriSign. The legal opinion letter also may be used to confirm the organization registration, organization address, telephone number, domain ownership, and that the organization is conducting business. Once confirmed, the requestor may be able to purchase additional SSL Certificates based on the original letter. If a legal opinion letter cannot be obtained, read our authentication and verification processes in our CPS for alternate processes.
Who can get EV SSL Certificates?
To qualify for an EV SSL Certificate, the organization requesting the certificate must be registered as a corporation or equivalent with the appropriate government agency in its country of jurisdiction. GeoTrust must be able to confirm all of the following organizational registration requirements:
- Official government agency records must include:
- The organization’s registration number.
- The organization’s date of registration/incorporation.
- The organization’s registered address (or the address of the organization’s registered agent).
- A non-government data source (such as Dun & Bradstreet) must include the organization’s place of business address.
- Of the organization has been registered for less than 3 years, GeoTrust must verify operational existence through one of the following means:
- Through a non-government data source (such as Dun & Bradstreet) or,
- By verifying the organization has an active demand deposit account (such as a checking account) with a regulated financial institution through a Lawyer’s Opinion Letter or directly with the financial institution.
|
|
|
