Secure128 Encrypt for SSL & Web Security Knowledge

EV Validation Requirements for SSL Certificates


What is Extended Validation?

Extended Validation (EV) is the highest level of security available for a top level domain. This type of SSL certificate requires a company to comply with strict validation rules created by the CA/B Forum.

Steps to Obtain EV Authentication

  1. Select desired EV SSL product and place order within your secure128.com account portal.
  2. Provide the authentication requirements (Listed below.)

What Information is Required for an EV Certificate to be Issued?

The key to getting your certificate issued as soon as possible is consistency. The validation team looks for exact matches when verifying each requirement. In order for an EV SSL Certificate to be issued, these three fields must be satisfied:

1. Domain Validation

The validation team will need to verify the domain registration to insure that the organization listed on the order EXACTLY MATCHES what is listed within the domain’s WHOIS page. It is best to unblock private WHOIS pages so that the validation team can view the page easily.

Unable to Update Your WHOIS (Domain Registration Database) page to amend the Organization Name?

There are two alternatives to authenticate the domain:

  • A Domain Rights Confirmation Email can be used to authenticate the domain. An email will be sent to one or all of the five pre-approved email addresses:
    • admin@DomainName
    • administrator@DomainName,
    • hostmaster@DomainName,
    • webmaster@DomainName, and
    • postmaster@DomainName
  • Submit a Professional Opinion Letter
    • This document must be filled out then signed by an accountant or lawyer

WHOIS Page Private?

It is still possible to get a SSL certificate issued with a private WHOIS listing. A Domain Rights Confirmation Email can be used to authenticate the domain.

  • An email will be sent to one or all of the five pre-approved email addresses:
    • admin@DomainName
    • administrator@DomainName,
    • hostmaster@DomainName,
    • webmaster@DomainName, and
    • postmaster@DomainName
  • Professional Opinion Letter can be used to authenticate the domain’s ownership.

2. Organization Validation

The validation team must validate the organization to ensure the certificate is being issued to the organization listed on the order.

The following are acceptable sources that may be used to validate the organization’s legal existence:

  • Official government agency records (Such as the Secretary of State) must include:
      • The organization's registration number The organization's date of registration/incorporation The organization's registered address
  • A non-government data source (such as Dun & Bradstreet or Hoovers) must include the organization's place of business address and phone number

NOTE: If the organization has been registered for less than three years, confirmation of existence through one of the following means must be executed:

A. A non-government data source (such as Dun & Bradstreet or Hoover)

- or -

B. Professional Opinion Letter

Alternative Validation Methods

If you are unable to provide an official government agency record or non-government data source, a Professional Opinion Letter may be submitted to the validation team to authenticate the Organization’s existence. This document must be filled out then signed by an accountant or lawyer.

3. Organization's Certificate Approver Authentication Requirements

The Certificate Approver (the person who must completes the verification call with the Certificate Authority's Validation Team) identified in the certificate request must be employed by the requesting organization.

NOTE:

  • Employment and authorization cannot be verified through the organization's web site.
  • if the Certificate Approver identified in the certificate request is listed in government records as a corporate officer (such as Secretary, President, CEO, CFO, COO, CIO, CSO, Director, or equivalent), then organizational contact employment and authorization can be approved without verifying this information as described below.

Certificate Authorities must be able to confirm all of the following Certificate Approver requirements:

  • Certificate Approver's identity, title, and employment through an independent source.

    • Certificate Approver is authorized to obtain and approve EV certificates on behalf of the Organization. This can be verified through one of the following methods:

    • A Lawyer's Opinion Letter
    • A Corporate Resolution
    • Directly contacting the CEO, COO, or similar executive at the organization and confirming the authority of the organizational contact. If no public records are available regarding the CEO, COO, or other executive, GeoTrust will attempt to contact the organization’s Human Resources department for contact details.

    4. Verification Call

    After the domain and organization have been validated, the verification call is usually the final step. The verification call is performed by a validation representative calling a full-time employee of the organization. This person should be listed within the order as the “Admin Contact”. The validation representative will only call phone numbers that can be found within a public directory such as The Yellow Pages or Duns and Bradstreet. When placing your order, please list the Admin Contact’s telephone extension (If applicable).