Obtaining an EV SSL (Extended Validation SSL) certificate is a rigorous process that provides the highest level of trust and security for websites. The requirements for obtaining an EV SSL certificate are more comprehensive than those for DV (Domain Validated) or OV (Organization Validated) SSL certificates.
Here are the requirements for obtaining an EV SSL certificate:
- Legal existence: The organization must be a legal entity, such as a corporation, partnership, or sole proprietorship.
- Operational existence: The organization must be actively conducting business, with a website and email address associated with the domain name.
- Business registration: The organization must be a registered business, with a valid business license or registration documents. The registration must be verifiable through public records.
- Physical address: The organization must have a physical address that can be verified through a trusted third-party source, such as a government agency.
- Telephone verification: The organization must provide a working telephone number that can be verified by the SSL certificate issuer. This is typically done by a phone call to the organization’s listed phone number.
- Identity verification: The SSL certificate issuer will require additional documentation to verify the identity of the organization’s representative, such as a government-issued ID or passport.
(note: personal data of the organization’s representative will NOT be included in the certificate, but will be registered only in the archives of the Certification Authority that issues the certificate).
- Authorization: The organization must provide proof of authorization for requesting the SSL certificate, such as a legal opinion or board resolution.
- Extended Validation: The SSL certificate issuer must complete a rigorous validation process to verify the legal and physical existence of the organization, as well as its identity and authority to request the certificate.
This process includes verifying the legal name and address of the organization, checking public records to ensure that the organization is registered and active, and verifying the identity of the organization’s representative.
Once the SSL certificate issuer has completed the validation process and verified that the organization meets all the requirements, the EV SSL certificate will be issued.
The certificate includes information about the organization, such as the name, address, and other details that help visitors verify the legitimacy of the website.
Websites that use EV SSL certificates display a green address bar on some browsers, indicating that the website has been authenticated and providing users with the added assurance of its legitimacy.
EV SSL certificates are typically used by financial institutions, e-commerce sites, and organizations that handle sensitive data.