How to obtain an extended validation standard SSL certificate, the highest level of SSL certification available.
Extended validation standard SSL certification
Extended validation (EV) SSL achieves the highest level of consumer trust through the strictest authentication standards of any SSL certificate. EV verification guidelines require the Certificate Authority (CA) to obtain and verify multiple pieces of identifying information about EV Certificate Approver.
Nexcess is a certificate reseller of GeoTrust True BusinessID with EV certificates.
To decrease processing time, complete the following tasks:
- Sign up for the standard EV SSL certificate.
- The Organization's Approver, identified in the EV certificate order, must sign and submit the Acknowledgement of Agreement Form (PDF).
Corporate and organizational validation requirements
Following the submission of the Acknowledgement of Agreement Form, observe the following authentication requirements to expedite processing time:
A. Organizational authentication requirements
The following entities are eligible to receive an EV Certificate, provided they are currently registered with an official registration agency in their jurisdiction. The resulting charter, certificate, license, or equivalent must be verifiable through that registration agency.
The list of official registration agencies includes the following:
- Government agencies
- General partnerships
- Unincorporated associations
- Sole proprietorships
The Certificate Authority will confirm:
- Official government agency records include the organization's registration number, date of registration or incorporation, and registered address.
- A non-government data source (such as Dun & Bradstreet) includes the organization's place of business address if it is not included in the Government agency records.
- If the organization has been registered for less than three years, verification of the organization’s operational existence by one of the following two methods:
- By using a non-government data source.
- By verifying the organization has an active demand deposit account (such as a checking account) with a regulated financial institution. This requires either a legal opinion letter or direct confirmation from the financial institution.
B. Domain authentication requirements
To qualify for an Extended Validation SSL Certificate, domain registration details must reflect the full organization name in the certificate request. If domain registration does not reflect the organization name, then the registered domain administrator or legal opinion letter must demonstrate the organization's exclusive right to use the domain name.
In addition, the domain registration details must adhere to the following stipulations:
- The domain must be registered with ICANN. Domain registration details must reflect the organization name on the certificate request.
- If domain registration is private, the domain registrar must unblock the privacy feature.
- The organization's certificate approver must confirm knowledge of the organization's domain ownership during the verification call.
C. Organization's Certificate Approver authentication requirements
To qualify for an EV SSL Certificate, the Certificate Approver identified in the certificate request must be employed by the requesting organization and have appropriate authority to obtain and delegate EV certificate responsibilities.
ATTENTION: Employment and authorization cannot be verified through the organization's web site.
ATTENTION: If the Certificate Approver identified in the certificate request is listed in government records as a corporate officer, then organizational contact employment and authorization can be approved without verifying this information as described below.
The Certificate Authority will confirm the following Certificate Approver requirements:
- The Certificate Approver's identity, title, and employment through a third-party
- The Certificate Approver’s authorization obtain and approve EV certificates on the organization’s behalf. This can be verified through one of the following methods:
- A legal opinion letter
- A corporate resolution
- Direct confirmation of the authority of the organizational contact with the CEO, COO, or similar executive at the organization. If no public records are available regarding the CEO, COO, or other executive, then the Certificate Authority will contact the organization’s Human Resources department for these records.
D. Order verification requirements
The Certificate Authority must verify the certificate request and all certificate details with the Certificate Approver identified in the certificate request. The Certificate Authority must contact the Certificate Approver using an independently verified telephone number.
This telephone number is obtained by one of the following methods:
- Research of qualified telephone databases; verify your organization’s primary telephone number is listed in a public telephone directory
- A legal opinion letter
- A site visit conducted by the Certificate Authority
During the verification call, the Certificate Authority must verify the following with the Certificate Approver:
- The name of the Certificate Requestor identified in the certificate request and his or her authority to obtain the EV certificate on the organization’s behalf
- Knowledge of the company's ownership and right to use the domain identified in the certificate request
- Approval of the EV SSL Certificate request
- Acknowledgement of signature of GeoTrust SSL Certificate Subscriber Agreement that includes all EV terms and conditions
E. Additional verification requirements
If the Certificate Authority cannot verify the required information on your certificate application, the Certificate Authority may require a lawyer’s or accountant’s professional opinion to verify the information.