What is an EV SSL Certificate?
EV (Extended Validation) SSL is the most trusted web security certificate in SSL industry. An EV SSL Certificate turns the website URL into green address bar. It also displays a green pad lock along with organization name in browser URL field. This earns users confidence & customers, upon seeing this, feel safer sharing their sensitive information.
A website which processes financial transactions, (such as credit/debit card, net banking, etc…) or a social website where users share personal communication & information requires higher security so the sensitive information and communication shared remains safe and attackers won’t be able to breach or tamper with it. EV SSL Certificate gives high level of security with its 256-bit encryption strength and complex cryptography technology which is impossible to crack.
Documents Required for EV SSL Certificate Validation
If any Organization purchases an EV SSL certificate from a trusted Certificate authority they must then verify their identity. Each certificate authority asks for several documents including issuance, revocation & renewal of SSL certificate to verify the organization’s details are correct and prove it is a legitimate business not a fraudulent brand.
Leading Certificate authorities (such as Comodo™, Symantec™, Thawte™ and GeoTrust®) provide EV SSL Certificates. The documentation required by these CAs will be different in accordance to their EV SSL Terms and Guidelines. on’s details are correct and prove it is a legitimate business not a fraudulent brand.
Documents Required by Comodo™
After purchasing an EV SSL certificate, Comodo™ will ask for the following documents from the organization to start the validation process:
(1) Legal Status of Applicant: This validation process finishes up directly with the organization and this process will vary depending on the type of organization.
(I) For Private Organization, they must have corporate entities including any of these suffixes such as LLC, INC., LTD., PTY., GmBh, AS, etc…
(II) For Government Entities, they must provide government approved documents whether it is a public/state school/ university or a local government.
(III)For Non Commercial Entities, such as NATO, they have to submit their legal status.
(IV) For Business Entities, legal documents are required for business entities that are filing using government entities. General and limited partnership companies, Business entities, and a few sole proprietors fall into this category.
(2) Phone Number and Domain Ownership: Comodo™ verifies phone number by telecom provider or using third party database. For domain ownership Comodo ™asks for domain registrar information. If the domain registrar information is hidden Comodo™ will cancel the issuance request.
Note: Domain privacy may be suspended until the domain ownership verification process is completed.
(3) Contact Signer’s Name, Title, Contact Signer’s authority:
(I) If contact signer’s name is listed on registration documents then Comodo™ will not ask for future verification.
(II) If Contact signer’s name/Title is not in the registration documents then further verification processes must be fulfilled. The organization’s human resource department or any of the key persons listed can be the contact signer and will be responsible for verifying his name and title via phone call.
Note: Comodo™ will ask for the authorization of certificate’s approver/requester to contact the signer via phone call. To speed up the certificate issuance process make sure the contact signer, certificate requester & approver are the same person.
(4) Trade Name/DBA: Comodo may ask some organizations to verify their trade name/DBA with the use of third party database systems.
(5) Physical & Operational Existence:
(I) Physical Existence of the certificate issuer will be verified by the use of a third party database system such as D&B (Dun & Brad Street).
(II) Operation Existence will only be required if the business is new or registered for less than 3 years. It will be verified using Bank letter, in this case an organization must have a deposit account with a regulated financial institution.
(6) Flagship Verification: Flagship verification is the most important factor for certificate issuance, organization will be cross verified against anti-phishing work group. As per the US Treasury Dept. rule: If an organization or person is found to be a flagged entity, Comodo will deny issuing the EV SSL certificate.
(7) Signature Approval – contact signer will have to verify the signature using with a phone call.
Documents Required by Symantec™
Symantec™ asks for the following list of legal documents to verify the issuer and Organization’s identity:
(1) Business License: A license issued by a government agency to conduct business within the government’s geographical area.
(2) Certificate of Formation
(3) Trade Name Registration Document
(4) Charter Documents
(5) Partnership Documents: If a business runs by two or more partners it will be asked to submit their partnership documents.
(6) Merchant/Vendor/Reseller License: If the registered organization is a merchant or vendor or reseller of other organization legal license a contract paper will be needed.
(7) Fictitious Name Statement: If an organization transacts business under a legal operating name a Fictitious Name Statement is required.
(8) Articles of Incorporation or Certificate of Incorporation: Articles of Incorporation (A set of some formal documents filed with a government body), including business name, address, agent for service of process, etc…
Before Submitting Documents please mark following points
(I) Verify Business Name: Your business name must be same as the name you have mentioned while ordering Symantec™ EV SSL.
If the business name does not match Symantec™ will not issue your SSL Certificate.
(II) Verify Business Address: Symantec™ also checks for correct physical address of the business before issuing the SSL certificate. It is important to enter the correct business address while ordering SSL Certificate.
(III) Verify Government/Legal document details: Verify all the legal government documents and match them with the details you have provided while purchasing the SSL certificate.
Documents Required by GeoTrust®
To approve an EV SSL certificate request GeoTrust® requires multiple identification information from its approver and Organization.
Submit Acknowledgement of Agreement Form: When a user requests an issuance of an EV SSL certificate, he must fill out the Acknowledgement of Agreement Form and send it to GeoTrust.
As EV SSL certificate issuance requires a high level of authentication. GeoTrust has described list of entities which can apply for EV SSL certificates.
- Government Agencies
- Unincorporated Associations
- Sole Proprietorships
- General partnerships
The following Authentication documents are required:
(1) Business/Organization authentication
GeoTrust will asks for the following list of organization documents:
- Government Agencies/organization: Official government agency records including the Organization’s registration number, date of registration and address.
- If the organization that is applying for the EV SSL is registered for less than 3 years, GeoTrust verifies its identity by following documents:
- Verifying via a non-government data source (e.g., Dun & Bradstreet information).
- By checking the organization’s demand deposit account directly through the financial institution or via a lawyer’s opinion letter.
- Approver also needs to include non-government data sources such as the organization’s address
(2) Domain Authentication
To issue an EV SSL certificate GeoTrust needs the domain registrar details. The registered domain name must match the domain name which the user wishes to secure with the EV SSL certificate.
(I) GeoTrust only approves a domain name which is registered with ICANN or IANA registrar.
(II) The domain name which the user wishes to secure with the EV SSL certificate must match with the domain name entered while generating CSR.
(III) If the domain registrar details are kept private by the admin, he will need to unblock it.
(3) Approver’s Authentication
The EV SSL certificate approver must be an authorized person of the organization and he/she must have the authority to manage and obtain the EV SSL Certificate on behalf of the organization.
GeoTrust will normally ask for following list of documents to verify the approver’s identity:
(I) The EV SSL certificate approver’s Name, Title and employment details via an independent source.
(II) Lawyer’s Opinion letter & Approver’s corporate resolution.
GeoTrust directly contacts the CEO or COO for the approver’s identity. If there is no record available for company’s CEO and COO, GeoTrust will contact The Human Resource department.
Documents Required by Thawte™
Thawte asks for following list of documents from EV SSL Certificate issuer & organization:
(1) Thawte™ EV SSL Agreement Form – The issuer will need to submit the Thawte EV SSL Certificate agreement form. Thawte will provide it during the process of making the order.
(2) Lawyer’s Opinion Letter – For quick order verification a Lawyer’s Opinion letter including Organization and the issuer’s information will be required.
(3) Business/Organization Authentication:
Thawte will verify the following list of documents for the Organization’s authentication.
(I) An Organization’s Government Agency Document: The Government agency document of the organization must be verified, including registration number, date of registration and address.
(II) Non-Governmental Data source: The organization’s legal information from any non-government data source (e.g. ‘Dun & Bradstreet’)
(III) If the organization has been registered for less than 3 years, Thawte™ verifies its identity by either checking its financial institution records or by way of a Lawyer’s opinion letter.
(4) Domain Authentication: Thawte will verify the following list of documents for Domain Authentication.
(I) The organization’s domain name must be registered from the ICANN or IANA registrar.
(II) The domain name the user wishes to secure with EV SSL certificate must match with the domain name entered while generating CSR.
(III) If the domain’s registration details are hidden, the organization has to make it public.
(5) EV SSL Certificate Approver’s Authentication: Thawte will verify following list of documents for Approver’s authentication:
(I) Approver’s Name, Title and employment details via an independent source.
(II) Lawyer’s Opinion letter & Approver’s corporate resolution.
(III) Thawte directly contacts the CEO or COO for approver’s identity, if there is no record available for company’s CEO and COO Thawte will contact the Human Resource department.
(6) Order Verification Documents
For EV SSL certificate order verification Thawte™ do telephonic conversation with the approver. Thawte obtain the telephone number from Lawyer’s Opinion letter, by searching global telephone directory data or by visiting the Organization’s official website.
During Telephonic conversation Thawte™ verify following details
(I) The name and role of the EV SSL certificate approver
(II) Approver’s knowledge about the organization’s ownership
(III) Verification of approver’s signature on Thawte EV SSL Agreement Form.
Conclusion: An EV SSL certificate issuance requires the highest authentication in the industry. The organization and approver must submit all the documents described above. None of the SSL certificate authorities will accept improper documents or information.