EV SSL Authentication Requirements

Overview of Extended Validation Requirements

Extended Validation (EV) SSL Certificates help achieve the highest level of consumer trust through the strictest authentication standards. Extended Validation authentication guidelines require to get and verifying multiple pieces of identifying information about EV Certificate applicants. To ensure your EV SSL Certificate request is processed quickly, review and provide the authentication documents described below.

Organization Authentication Requirements

The following entities are eligible to receive Extended Validation SSL Certificates provided they are currently registered and approved by an official registration agency in their jurisdiction. The resulting charter, certificate, license or equivalent must be verifiable through that registration agency.

• Government agencies
• Corporations
• General partnerships
• Unincorporated associations
• Sole proprietorships (except in countries where there are no requirements for proprietors to register, for example, the United Kingdom)

We must be able to confirm all of the following organizational registration requirements:

• Official government agency records must include:
  • The organization’s registration number or date of registration/incorporation.
  • The organization’s registered address (or the address of the organization’s registered agent).
• A non-government data source (such as Dun & Bradstreet) must include the organization’s place of business address, telephone number and Officer/Director information (as identified in the order).
• If the organization has been registered for less than three years, we must verify operational existence through one of the following means:
  • A non-governmental data source (such as Dun & Bradstreet) or
  • By verifying, the organization has an active demand deposit account (such as a current account) with a regulated financial institution through a Lawyer’s Opinion or Accountant’s Opinion letter or directly with the financial institution.

Domain Authentication Requirements

To qualify for an Extended Validation SSL Certificate, domain registration details must reflect the full organization name as included on the certificate request.

• The domain must be registered with ICANN or IANA registrar (for CCTLDs).
• Where domain registration is not updated to reflect the organization name as identified on the certificate, the organization’s exclusive right to use the domain name may be verified directly with the registered domain contact.
• The organization’s certificate approver must confirm knowledge of the organization’s domain ownership during the verification call.

Organizational Contact Authentication Requirements

To qualify for an Extended Validation SSL Certificate, the Organizational Contact identified in the certificate request must be employed by the requesting organization and have appropriate authority to obtain and delegate Extended Validation Certificate responsibilities.

Note: employment and authorization cannot be verified through the organization’s Web site.

Note: if the Organizational Contact identified in the certificate request is listed in government records as a corporate officer (such as Secretary, President, Managing Director, CFO, COO, CIO, CSO, Director, or equivalent), then the Organizational Contact’s employment and authorization are deemed approved.

We must be able to confirm all of the following Organizational Contact requirements:

• Organizational Contact’s identity, title and employment through the Organization’s human resources department or an independent source.
• The Organizational Contact is authorized to obtain and approve EV Certificates on behalf of the Organization and to delegate this authority to others. This can be verified through one of the following methods:
  • A Lawyer’s Opinion or Accountant’s Opinion letter
  • A Corporate Resolution letter
  • Contacting the Managing Director, COO or similar executive at the Organization, including persons named to be in the direct line of management, to confirm the authority of the Organizational Contact. If no public records are available regarding the Managing Director, COO or other executive, we will contact the Organization’s human resources department for contact details.

Alternative Authentication Steps

If we are unable to verify any of the required information on your certificate application, we may request that you provide a professional opinion from a lawyer or accountant to verify that information.

Order Verification Requirements

As part of processing an Extended Validation SSL Certificate, we must verify the certificate request and all certificate details with the Organizational Contact identified in the certificate request. We must contact the Organizational Contact using an independently obtained telephone number for the organization’s verified address (not the telephone number provided in the order).

We will get the telephone number through one of the following methods:

• By researching qualified telephone databases to find a telephone number. Ensure your Organization’s primary telephone number is listed in a public telephone directory.
• As provided in a Lawyer’s Opinion or Accountant’s Opinion letter.
• As confirmed during a site visit conducted by us.

During the verification call, we must verify the following with the Organizational Contact:

• The name of the technical contact identified in the certificate request and his or her authority to obtain the Extended Validation Certificate on behalf of the Organization.
• Knowledge of the Organization’s ownership and right to use the domain identified in the certificate request.
• Approval of the Extended Validation SSL Certificate request.

Acceptance of Agreement

During the verification call, we will provide the Organizational Contact with a verification code to use when accepting the online EV Acknowledgement of Agreement. we will also e-mail a direct link to the Agreement.