In order to obtain an EV SSL certificate, an organization must provide its certificate authority (CA) with much more proof than that required for a standard certificate (which is usually as simple as verifying your WHOIS registration and doing a simple check that you have some piece of paper from the government with your business name on it). The CA/Browser Forum's EV Guidelines (pdf) specify that the CA must verify:
- The physical existence of the organization
- The legal existence of the organization
- The operational existence of the organization
- That the identity of the organization matches legal records
- That the organization has exclusive use of the domain name in the certificate subject
- That the organization authorized the issuance of the EV certificate
Dig deeper on PKI and Digital Certificates
Related Q&A from Mike Chapple, Enterprise Compliance
The HHS security risk assessment tool is designed to help healthcare providers meet the HIPAA security requirement. Expert Mike Chapple explains how ...continue reading
PCI DSS requirement 6.6 demands application security compliance through one of two options: an application firewall or a code review. Expert Mike ...continue reading
Are HIPAA-compliant hosting services a better option for compliance than a secure storage API? Expert Mike Chapple analyzes.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.