Product 02-21-2014

How the Green Bar in Extended Validation SSL Was Born

Flavio Martins

DigiCert is one of the original founding members of the CA/Browser Forum industry working group working to advance the requirements and guidelines for secure operations by Certificate Authorities around the world.

Guidelines set by the CA/Browser Forum are enforceable by globally accepted auditing organizations and the browser and operating system root store operators. DigiCert participates in this working group along with PKI professionals from Apple, Google, Microsoft, Mozilla, Opera, and other Certificate Authorities.

One of the industry changing developments in SSL security is the creation of Extended Validation guidelines (45 pages technical and operational processes) for EV SSL Certificates and the DigiCert Multi-domain EV SSL Certificate that secures multiple websites with one EV certificate.

When the Extended Validation guidelines were first proposed, there were no universally accepted standards for how validation of identity should be done for an SSL certificate. How each individual browsers displayed the SSL secured padlock only added to the confusion of users looking for the trust indicators for online security.

The problem with cheap SSL Certificates

Although users can get encryption from free or cheap Domain-only Validated (DV) certificates, these type of certificates offer no verification of the identity of the certificate holder. DV certificates are processed with automated systems that don't require human interaction for security or identity verification. Requesters of these certificate respond to an email and an SSL Certificate is issued.

Certificates with no identity assurance are frequently exploited by scammers and are often used for questionable purposes.

High Assurance Trusted SSL Certificates

The high assurance, fully trusted SSL Certificates that DigiCert issues all include full identity verification. These Organization Validation (OV) certificates require organizations to undergo a background verification of their organization and web site.

With the number of SSL providers available, many users often ask why choose DigiCert? DigiCert validation processes streamlined the identity verification process so that full high assurance  is performed in a matter of minutes, but the verification practices can often differ among the various SSL providers.

In our efforts to create Extended Validation, DigiCert set out to ensure that all SSL Certificates online provide the three basic security services that all Internet users deserve:

  1. Trust that all SSL providers offer the same level of confidentiality
  2. Assurance of data integrity in communication
  3. Verification of the identity an SSL Certificate owner

With Extended Validation, secure Internet transactions and communications really can be safe for users as they ensure that the people you connect with online really are who they claim to be. Extended Validation-level verification prevents bad actors from being able to trick innocent Internet uses.

Enterprise Benefits of Extended Validation

EV SSL Certificates ensure that users can communicate securely with a web site. Websites using an EV SSL Certificate gain immediate trust in the eyes of users as it reassures that data secure and the organization receiving the data is a reputable entity.

Since technical requirements prevent EV SSL Certificates from being forged, large enterprises especially benefit from using Extended Validation SSL Certificates as an easy anti-phishing indicator or that data being secured cannot be intercepted (man-in-the-middle) by a malicious 3rd party.

Extended Validation SSL Certificates adds an instant green bar as a visual indicator of trust online. Green is good, and EV is a site you can trust.

UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

07-03-2024

What is a CA’s Role in delivering digital trust?

National Cybersecurity Awareness Month:
October 2024

09-19-2024

The high opportunity cost of legacy PKI