NEWS: Why you should automate S/MIME
News & Events

Seven steps to issuing EV SSL

by 8. May 2019

S SSL- Certificates create a secure communication tunnel by connecting between one Encrypt data sent by the client and a server or between two servers to prevent cyber criminals from changing data.

There are three standard types of SSL certificates that are issued by certification authorities: DV , OV and EV. Extended Validation (EV) SSL certificates offer the highest security that the domain is NOT one bad actor is assigned. When users see a green address bar or a company address bar next to the URL, they can see that they are in a trusted domain.

The process by which a certification authority (CA) issues an EV SSL certificate is stricter than that of DV or OV certificates. The certification body verifies that the requesting company is a legal entity and the validation requires sufficient disclosure of business information to perform this verification. There is an additional human intervention where the entity is contacted by phone to verify their identity. Processing can take several days, depending on the availability of the applicant during the telephone verification phase.

Before issuing an EV-SSL certificate, the certification body contacts the organization by phone to verify their identity.

Authentication process for EV certificates

EV shows users that the website has the best security measures in place to protect transactions and ensure compliance with standards and regulations.

Before issuing an Extended Validation Certificate, the certification body goes through a seven-step process based on the guidelines set by the CA / Browser Forum ,

  • EV registration: Checks whether the applicant is actually an employee of the company or organization and that he / she is authorized to continue this certificate purchase.
  • Organization Authentication: Checks government registration information to verify that the applicant organization is a legally registered entity and that it is active at the registered location.
  • Business existence: Checks whether the organization has been in existence for more than three years. Otherwise, additional documents may be required (to complicate the process for cybercriminals trying to increase shell companies to obtain EV certificates).
  • Physical address: Checks whether the organization has a real physical address in its registration country.
  • Phone Verification: Checks that the organization's phone is a working phone number.
  • Domain authentication: Checks whether the organization is the legal owner of the registering domain.
  • Last review call: CA calls the applicant organization's contact to review the EV application.

Given the care and disclosure of information associated with this, it is statistically far more likely that cybercriminals will apply for DV or OV certificates than they will undergo the verification process to acquire an EV certificate.

Während keine Zertifizierungsstelle die «Absicht» einer Organisation erkennen kann, die ein SSL-Zertifikat anfordert, ist der oben beschriebene Prozess bestrebt, die Legitimität und Authentizität der Domain zum Zeitpunkt der Ausstellung zu überprüfen. EV ist heute einer der besten (sichtbaren) Vertrauensindikatoren.

For more information on EV SSL certificates, contact info@secorio.com or your personal account manager at Secorio.

Tags: