Правила выпуска зеленых EV SSL сертификатов
для верификации владельца и защиты сайта

Контакты
☎ +380672576220

Проверка
SSL

Установка
SSL

Цепочка
SSL

Seal
SSL

CSR
pKey

Экспорт-Импорт
Конвертер

Code Sign
сертификаты

Email Smime
сертификаты

PDF и Word
сертификаты

База
знаний

Купить
SSL

Правила EV SSL сертификатов

Помощь

Index

1. Scope (6)

2. Purpose (6)
2.1 Purpose of EV Certificates (6)
2.1 Purpose of EV Certificates (6)
2.1.1 Primary Purposes (6)
2.1.2 Secondary Purposes (6)
2.1.3 Excluded Purposes (7)

3. References (7)

4. Definitions (7)

5. Abbreviations and Acronyms (10)

6. Conventions (11)

7. Certificate Warranties and Representations (11)
7.1 EV Certificate Warranties (11)
7.2 By the Applicant (12)

8. Community and Applicability (12)
8.1 Issuance of EV Certificates (12)
8.2 EV Policies (12)
8.2.1 Implementation (12)
8.2.2 Disclosure (12)
8.3 Commitment to Comply with Recommendations (12)
8.4 Insurance (12)
8.5 Obtaining EV Certificates (13)
8.5.1 General (13)
8.5.2 Private Organization Subjects (13)
8.5.3 Government Entity Subjects (13)
8.5.4 Business Entity Subjects (13)
8.5.5 Non-Commercial Entity Subjects (14)

9. EV Certificate Content and Profile (14)
9.1 Issuer Information (14)
9.2 Subject Information (14)
9.2.1 Subject Organization Name Field (14)
9.2.2 Subject Alternative Name Extension (15)
9.2.3 Subject Common Name Field (15)
9.2.4 Subject Business Category Field (15)
9.2.5 Subject Jurisdiction of Incorporation or Registration Field (15)
9.2.6 Subject Registration Number Field (16)
9.2.7 Subject Physical Address of Place of Business Field (16)
9.2.8 Other Subject Attributes (16)
9.3 Certificate Policy Identification (17)
9.3.1 EV Certificate Policy Identification Requirements (17)
9.3.2 EV Subscriber Certificates (17)
9.3.3 Root CA Certificates (17)
9.3.4 EV Subordinate CA Certificates (17)
9.3.5 Subscriber Certificates (17)
9.4 Maximum Validity Period For EV Certificate (17)
9.5 Subscriber Public Key (17)
9.6 Certificate Serial Number (17)
9.7 Additional Technical Requirements for EV Certificates (17)

10. EV Certificate Request Requirements (18)
10.1 General Requirements (18)
10.1.1 Documentation Requirements (18)
10.1.2 Role Requirements (18)
10.2 EV Certificate Request Requirements (18)
10.3 Requirements for Subscriber Agreement and Terms of Use (19)

11. Verification Requirements (19)
11.1 General Overview (19)
11.1.1 Verification Requirements - Overview (19)
11.1.2 Acceptable Methods of Verification Overview (19)
11.2 Verification of Applicant’s Legal Existence and Identity (19)
11.2.1 Verification Requirements (19)
11.2.2 Acceptable Method of Verification (20)
11.3 Verification of Applicant’s Legal Existence and Identity - Assumed Name (22)
11.3.1 Verification Requirements (22)
11.3.2 Acceptable Method of Verification (23)
11.4 Verification of Applicant’s Physical Existence (23)
11.4.1 Address of Applicant’s Place of Business (23)
11.4.2 Telephone Number for Applicant’s Place of Business (24)
11.5 Verification of Applicant’s Operational Existence (24)
11.5.1 Verification Requirements (24)
11.5.2 Acceptable Methods of Verification (24)
11.6 Verification of Applicant’s Domain Name (24)
11.6.1 Verification Requirements (24)
11.6.2 Acceptable Methods of Verification (25)
11.7 Verification of Name, Title, and Authority of Contract Signer and Certificate Approver (26)
11.7.1 Verification Requirements (26)
11.7.2 Acceptable Methods of Verification Name, Title and Agency (26)
11.7.3 Acceptable Methods of Verification Authority (27)
11.7.4 Pre-Authorized Certificate Approver (28)
11.8 Verification of Signature on Subscriber Agreement and EV Certificate Requests (28)
11.8.1 Verification Requirements (28)
11.8.2 Acceptable Methods of Signature Verification (29)
11.9 Verification of Approval of EV Certificate Request (29)
11.9.1 Verification Requirements (29)
11.9.2 Acceptable Methods of Verification (29)
11.10 Verification of Certain Information Sources (29)
11.10.1 Verified Legal Opinion (29)
11.10.2 Verified Accountant Letter (30)
11.10.3 Face-to-Face Validation (31)
11.10.4 Independent Confirmation From Applicant (31)
11.10.5 Qualified Independent Information Source (33)
11.10.6 Qualified Government Information Source (33)
11.10.7 Qualified Government Tax Information Source (33)
11.11 Other Verification Requirements (33)
11.11.1 High Risk Status (33)
11.11.2 Denied Lists and Other Legal Black Lists (33)
11.11.3 Parent/Subsidiary/Affiliate Relationship (34)
11.12 Final Cross-Correlation and Due Diligence (34)
11.13 Requirements for Re-use of Existing Documentation (35)
11.13.1 For Validated Data (35)
11.13.2 Validation for Existing Subscribers (36)
11.13.3 Exceptions (36)
11.13.4 Validation of Re-issuance Requests (36)

12. Certificate Issuance by a Root CA (36)

13. Certificate Revocation and Status Checking (37)

14. Employee and third party issues (37)
14.1 Trustworthiness and Competence (37)
14.1.1 Identity and Background Verification (37)
14.1.2 Training and Skills Level (37)
14.1.3 Separation of Duties (37)
14.2 Delegation of Functions to Registration Authorities and Subcontractors (38)
14.2.1 General (38)
14.2.2 Enterprise RAs (38)
14.2.3 Guidelines Compliance Obligation (38)
14.2.4 Allocation of Liability (38)

15. Data Records (38)

16. Data Security (38)

17. Audit (39)
17.1 Eligible Aud it Schemes (39)
17.2 Audit Period (39)
17.3 Audit Record (39)
17.4 Pre-Issuance Readiness Audit (39)
17.5 Regular Self Audits (39)
17.6 Auditor Qualification (39)
17.7 Root CA Key Pair Generation (40)

18. Liability and Indemnification (40)

Appendix A - User Agent Verification (Normative) (41)

Appendix B - Sample Legal Opinion Confirming Specified Information (Informative) (42)

Appendix C - Sample Accountant Letters Confirming Specified Information (Informative) (44)

Appendix D - Country-Specific Interpretative Guidelines (Normative) (48)

Appendix E - Sample Contract Signer's Representation/Warranty (Informative) (50)

CA/Browser Forum
Guidelines For The Issuance And Management Of
Extended Validation Certificates

Verbatim copying and distribution of this entire document is permitted in any medium without royalty, provided this notice is preserved.

Upon request, the CA / Browser Forum may grant permission to make a translation of these guidelines into a language other than English. In such circumstance, copyright in the translation remains with the CA / Browser Forum. In the event that a discrepancy arises between interpretations of a translated version and the original English version, the original English version shall govern. A translated version of the guidelines must prominently display the following statement in the language of the translation:-

This document is a translation of the original English version. In the event that a discrepancy arises between interpretations of this version and the original English version, the original English version shall govern.'

A request to make a translated version of these Guidelines should be submitted to questions@cabforum.org.

Guidelines for the Issuance and Management of Extended Validation Certificates

Version 1.4, as adopted by the CA/Browser Forum on 29 May 2012. These Guidelines supersede Version 1.3.

The Guidelines describe an integrated set of technologies, protocols, identity proofing, lifecycle management, and auditing practices specifying the minimum requirements that must be met in order to issue and maintain Extended Validation Certificates (“EV Certificates”) concerning an organization. Subject Organization information from valid EV Certificates can then be used in a special manner by certain relying-party software applications (e.g., browser software) in order to provide users with a trustworthy confirmation of the identity of the entity that controls the Web site or other services they are accessing. Although initially intended for use in establishing Web-based data communication conduits via TLS/SSL protocols, extensions are envisioned for S/MIME, time-stamping, VoIP, IM, Web services, etc.

The primary purposes of Extended Validation Certificates are to: 1) identify the legal entity that controls a Web or service site, and 2) enable encrypted communications with that site. The secondary purposes include significantly enhancing cybersecurity by helping establish the legitimacy of an organization claiming to operate a Web site, and providing a vehicle that can be used to assist in addressing problems related to distributing malware, phishing, identity theft, and diverse forms of online fraud.

Notice to Readers

The Guidelines for the Issuance and Management of Extended Validation Certificates present criteria established by the CA/Browser Forum for use by certification authorities when issuing, maintaining, and revoking certain digital certificates for use in Internet Web site commerce. These Guidelines may be revised from time to time, as appropriate, in accordance with procedures adopted by the CA/Browser Forum. Questions or suggestions concerning these guidelines may be directed to the CA/Browser Forum at questions@cabforum.org.

The CA/Browser Forum

The CA/Browser Forum is a voluntary open organization of certification authorities and suppliers of Internet browsers and other relying-party software applications. Membership is listed in the Baseline Requirements.

 DV OV EV WC SAN PRO CodeSign Email PDF Wi-Fi IoT ALL Купить сертификат

NO russia - мы не осблуживаем резидентов из россии

Правила выпуска зеленых EV SSL сертификатовдля верификации владельца и защиты сайта

CA/Browser Forum Guidelines For The Issuance And Management Of Extended Validation Certificates

Guidelines for the Issuance and Management of Extended Validation Certificates

Notice to Readers

The CA/Browser Forum

Правила выпуска зеленых EV SSL сертификатов
для верификации владельца и защиты сайта

CA/Browser Forum
Guidelines For The Issuance And Management Of
Extended Validation Certificates