Q

What is most misunderstood about EV SSL certificates?

Are there any calculators to help estimate log generation based on number of devices and best practices?

Are there any calculators to help estimate log generation based on number of devices and best practices?
Extended Validation (EV) SSL certificates provide users with a high degree of assurance that they are indeed dealing with the business they think is on the other end of the transaction. The most misunderstood fact about this technology is that it does not add more security to a transaction than a standard certificate. EV SSL uses the same cryptographic technology as standard SSL certificates and does not add any confidentiality controls to the communication between a user and a website.

In order to obtain an EV SSL certificate, an organization must provide its certificate authority (CA) with much

more proof than that required for a standard certificate (which is usually as simple as verifying your WHOIS registration and doing a simple check that you have some piece of paper from the government with your business name on it). The CA/Browser Forum's EV Guidelines (pdf) specify that the CA must verify:

  • The physical existence of the organization
  • The legal existence of the organization
  • The operational existence of the organization
  • That the identity of the organization matches legal records
  • That the organization has exclusive use of the domain name in the certificate subject
  • That the organization authorized the issuance of the EV certificate
The bottom line is that consumers can place a higher degree of trust in EV SSL certificates, confident that the organization receiving the certificate underwent a rigorous background investigation.

More information:

  • Some researchers say EV SSL certificates won't stop phishers.
  • Read a chapter from The Shortcut Guide to Extended Validation SSL Certificates.
  • This was first published in February 2009

    Dig deeper on PKI and Digital Certificates

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close