Профиль Поля и содержание сертификата Документ описывающий Правила выпуска EV SSL сертификатов зеленых Украина ☎ +380672576220 

☎ +380443834054
☎ +380672576220
Ukrainian Symantec Partner
Ukrainian DigiCert Partner
Контакты
Правила выпуска зеленых EV SSL сертификатов
для верификации владельца и защиты сайта

Переход на сайт по продаже сертификатов SSL и подписи кода документов почты CSR
pKey
Установка
SSL
Цепочка
SSL
Проверка
SSL
Seal
SSL
Экспорт-Импорт
Конвертер
Code Sign
сертификаты
Email Smime
сертификаты
PDF и Word
сертификаты
База
знаний

Правила EV SSL сертификатов
Помощь
Index
1. Scope (6)
2. Purpose (6)
2.1 Purpose of EV Certificates (6)
2.1 Purpose of EV Certificates (6)
2.1.1 Primary Purposes (6)
2.1.2 Secondary Purposes (6)
2.1.3 Excluded Purposes (7)
3. References (7)
4. Definitions (7)
5. Abbreviations and Acronyms (10)
6. Conventions (11)
7. Certificate Warranties and Representations (11)
7.1 EV Certificate Warranties (11)
7.2 By the Applicant (12)
8. Community and Applicability (12)
8.1 Issuance of EV Certificates (12)
8.2 EV Policies (12)
8.2.1 Implementation (12)
8.2.2 Disclosure (12)
8.3 Commitment to Comply with Recommendations (12)
8.4 Insurance (12)
8.5 Obtaining EV Certificates (13)
8.5.1 General (13)
8.5.2 Private Organization Subjects (13)
8.5.3 Government Entity Subjects (13)
8.5.4 Business Entity Subjects (13)
8.5.5 Non-Commercial Entity Subjects (14)
9. EV Certificate Content and Profile (14)
9.1 Issuer Information (14)
9.2 Subject Information (14)
9.2.1 Subject Organization Name Field (14)
9.2.2 Subject Alternative Name Extension (15)
9.2.3 Subject Common Name Field (15)
9.2.4 Subject Business Category Field (15)
9.2.5 Subject Jurisdiction of Incorporation or Registration Field (15)
9.2.6 Subject Registration Number Field (16)
9.2.7 Subject Physical Address of Place of Business Field (16)
9.2.8 Other Subject Attributes (16)
9.3 Certificate Policy Identification (17)
9.3.1 EV Certificate Policy Identification Requirements (17)
9.3.2 EV Subscriber Certificates (17)
9.3.3 Root CA Certificates (17)
9.3.4 EV Subordinate CA Certificates (17)
9.3.5 Subscriber Certificates (17)
9.4 Maximum Validity Period For EV Certificate (17)
9.5 Subscriber Public Key (17)
9.6 Certificate Serial Number (17)
9.7 Additional Technical Requirements for EV Certificates (17)
10. EV Certificate Request Requirements (18)
10.1 General Requirements (18)
10.1.1 Documentation Requirements (18)
10.1.2 Role Requirements (18)
10.2 EV Certificate Request Requirements (18)
10.3 Requirements for Subscriber Agreement and Terms of Use (19)
11. Verification Requirements (19)
11.1 General Overview (19)
11.1.1 Verification Requirements - Overview (19)
11.1.2 Acceptable Methods of Verification Overview (19)
11.2 Verification of Applicant’s Legal Existence and Identity (19)
11.2.1 Verification Requirements (19)
11.2.2 Acceptable Method of Verification (20)
11.3 Verification of Applicant’s Legal Existence and Identity - Assumed Name (22)
11.3.1 Verification Requirements (22)
11.3.2 Acceptable Method of Verification (23)
11.4 Verification of Applicant’s Physical Existence (23)
11.4.1 Address of Applicant’s Place of Business (23)
11.4.2 Telephone Number for Applicant’s Place of Business (24)
11.5 Verification of Applicant’s Operational Existence (24)
11.5.1 Verification Requirements (24)
11.5.2 Acceptable Methods of Verification (24)
11.6 Verification of Applicant’s Domain Name (24)
11.6.1 Verification Requirements (24)
11.6.2 Acceptable Methods of Verification (25)
11.7 Verification of Name, Title, and Authority of Contract Signer and Certificate Approver (26)
11.7.1 Verification Requirements (26)
11.7.2 Acceptable Methods of Verification Name, Title and Agency (26)
11.7.3 Acceptable Methods of Verification Authority (27)
11.7.4 Pre-Authorized Certificate Approver (28)
11.8 Verification of Signature on Subscriber Agreement and EV Certificate Requests (28)
11.8.1 Verification Requirements (28)
11.8.2 Acceptable Methods of Signature Verification (29)
11.9 Verification of Approval of EV Certificate Request (29)
11.9.1 Verification Requirements (29)
11.9.2 Acceptable Methods of Verification (29)
11.10 Verification of Certain Information Sources (29)
11.10.1 Verified Legal Opinion (29)
11.10.2 Verified Accountant Letter (30)
11.10.3 Face-to-Face Validation (31)
11.10.4 Independent Confirmation From Applicant (31)
11.10.5 Qualified Independent Information Source (33)
11.10.6 Qualified Government Information Source (33)
11.10.7 Qualified Government Tax Information Source (33)
11.11 Other Verification Requirements (33)
11.11.1 High Risk Status (33)
11.11.2 Denied Lists and Other Legal Black Lists (33)
11.11.3 Parent/Subsidiary/Affiliate Relationship (34)
11.12 Final Cross-Correlation and Due Diligence (34)
11.13 Requirements for Re-use of Existing Documentation (35)
11.13.1 For Validated Data (35)
11.13.2 Validation for Existing Subscribers (36)
11.13.3 Exceptions (36)
11.13.4 Validation of Re-issuance Requests (36)
12. Certificate Issuance by a Root CA (36)
13. Certificate Revocation and Status Checking (37)
14. Employee and third party issues (37)
14.1 Trustworthiness and Competence (37)
14.1.1 Identity and Background Verification (37)
14.1.2 Training and Skills Level (37)
14.1.3 Separation of Duties (37)
14.2 Delegation of Functions to Registration Authorities and Subcontractors (38)
14.2.1 General (38)
14.2.2 Enterprise RAs (38)
14.2.3 Guidelines Compliance Obligation (38)
14.2.4 Allocation of Liability (38)
15. Data Records (38)
16. Data Security (38)
17. Audit (39)
17.1 Eligible Aud it Schemes (39)
17.2 Audit Period (39)
17.3 Audit Record (39)
17.4 Pre-Issuance Readiness Audit (39)
17.5 Regular Self Audits (39)
17.6 Auditor Qualification (39)
17.7 Root CA Key Pair Generation (40)
18. Liability and Indemnification (40)
Appendix A - User Agent Verification (Normative) (41)
Appendix B - Sample Legal Opinion Confirming Specified Information (Informative) (42)
Appendix C - Sample Accountant Letters Confirming Specified Information (Informative) (44)
Appendix D - Country-Specific Interpretative Guidelines (Normative) (48)
Appendix E - Sample Contract Signer's Representation/Warranty (Informative) (50)

We are an Authorized Reseller for DigiCert™ SSL a WebTrust Certified
SSL Certificate Authority.

Руководство по выпуску и управлению EV SSL сертификатов с расширенной валидацией

9 EV Certificate Content and Profile

This section sets forth minimum requirements for the content of the EV Certificate as they relate to the identity of the CA and the Subject of the EV Certificate.

9.1 Issuer Information

Issuer Information listed in an EV Certificate MUST comply with Section 9.1 of the Baseline Requirements.

9.2 Subject Information

Subject to the requirements of these Guidelines, the EV Certificate and certificates issued to Subordinate CAs that are not controlled by the same entity as the CA MUST include the following information about the Subject organization in the fields listed:

9.2.1 Subject Organization Name Field
Certificate field: subject:organizationName (OID 2.5.4.10 )
Required/Optional: Required
Contents: This field MUST contain the Subject’s full legal organization name as listed in the official records of the Incorporating or Registration Agency in the Subject’s Jurisdiction of Incorporation or Registration or as otherwise verified by the CA as provided herein. A CA MAY abbreviate the organization prefixes or suffixes in the organization name, e.g., if the official record shows “Company Name Incorporated” the CA MAY include “Company Name, Inc.” When abbreviating a Subject’s full legal name as allowed by this subsection, the CA MUST use abbreviations that are not misleading in the Jurisdiction of Incorporation or Registration. In addition, an assumed name or DBA name used by the Subject MAY be included at the beginning of this field, provided that it is followed by the full legal organization name in parenthesis. If the combination of names or the organization name by itself exceeds 64 characters, the CA MAY abbreviate parts of the organization name, and/or omit non-material words in the organization name in such a way that the text in this field does not exceed the 64-character limit; provided that the CA checks this field in accordance with section 10.11.1 and a Relying Party will not be misled into thinking that they are dealing with a different organization. In cases where this is not possible, the CA MUST NOT issue the EV Certificate.

9.2.2 Subject Alternative Name Extension
Certificate field: subjectAltName:dNSName
Required/Optional: Required
Contents: This extenstion MUST contain one or more host Domain Name(s) owned or controlled by the Subject and to be associated with the Subject’s server. Such server MAY be owned and operated by the Subject or another entity (e.g., a hosting service). Wildcard certificates are not allowed for EV Certificates.

9.2.3 Subject Common Name Field
Certificate field: subject:commonName (OID: 2.5.4.3)
Required/Optional: Deprecated (Discouraged, but not prohibited)
Contents: If present, this field MUST contain a single Domain Name(s) owned or controlled by the Subject and to be associated with the Subject’s server. Such server MAY be owned and operated by the Subject or another entity (e.g., a hosting service). Wildcard certificates are not allowed for EV Certificates.

9.2.4 Subject Business Category Field
Certificate field: subject:businessCategory (OID: 2.5.4.15)
Required/Optional: Required
Contents: This field MUST contain one of the following strings: \"Private Organization\", \"Government Entity\", \"Business Entity\", or \"Non-Commercial Entity\" depending upon whether the Subject qualifies under the terms of Section 8.2.2, 8.2.3, 8.2.4 or 8.2.5 of these Guidelines, respectively.

9.2.5 Subject Jurisdiction of Incorporation or Registration Field

Certificate fields:
Locality (if required):
subject:jurisdictionOfIncorporationLocalityName (OID: 1.3.6.1.4.1.311.60.2.1.1)
ASN.1 - X520LocalityName as specified in RFC 5280
State or province (if required):
subject:jurisdictionOfIncorporationStateOrProvinceName (OID: 1.3.6.1.4.1.311.60.2.1.2)
ASN.1 - X520StateOrProvinceName as specified in RFC 5280

Country:
subject:jurisdictionOfIncorporationCountryName (OID: 1.3.6.1.4.1.311.60.2.1.3)
ASN.1 – X520countryName as specified in RFC 5280
Required/Optional: Required
Contents: These fields MUST NOT contain information that is not relevant to the level of the Incorporating Agency or Registration Agency. For example, the Jurisdiction of Incorporation for an Incorporating Agency or Jurisdiction of Registration for a Registration Agency that operates at the country level MUST include the country information but MUST NOT include the state or province or locality information. Similarly, the jurisdiction for the applicable Incorporating Agency or Registration Agency at the state or province level MUST include both country and state or province information, but MUST NOT include locality information. And, the jurisdiction for the applicable Incorporating Agency or Registration Agency at the locality level MUST include the country and state or province information, where the state or province regulates the registration of the entities at the locality level, as well as the locality information. Country information MUST be specified using the applicable ISO country code. State or province or locality information (where applicable) for the Subject’s Jurisdiction of Incorporation or Registration MUST be specified using the full name of the applicable jurisdiction.

9.2.6 Subject Registration Number Field
Certificate field: Subject:serialNumber (OID: 2.5.4.5)
Required/Optional: Required
Contents: For Private Organizations, this field MUST contain the Registration (or similar) Number assigned to the Subject by the Incorporating or Registration Agency in its Jurisdiction of Incorporation or Registration, as appropriate. If the Jurisdiction of Incorporation or Registration does not provide a Registration Number, then the date of Incorporation or Registration SHALL be entered into this field in any one of the common date formats.

For Government Entities that do not have a Registration Number or readily verifiable date of creation, the CA SHALL enter appropriate language to indicate that the Subject is a Government Entity.

For Business Entities, the Registration Number that was received by the Business Entity upon government registration SHALL be entered in this field. For those Business Entities that register with an Incorporating Agency or Registration Agency in a jurisdiction that does not issue numbers pursuant to government registration, the date of the registration SHALL be entered into this field in any one of the common date formats.

9.2.7 Subject Physical Address of Place of Business Field

Certificate fields:
Number and street: subject:streetAddress (OID: 2.5.4.9)
City or town: subject:localityName (OID: 2.5.4.7)
State or province (where applicable): subject:stateOrProvinceName (OID: 2.5.4.8)
Country: subject:countryName (OID: 2.5.4.6)
Postal code: subject:postalCode (OID: 2.5.4.17)
Required/Optional: City, state, and country – Required; Street and postal code – Optional
Contents: This field MUST contain the address of the physical location of the Subject’s Place of Business.

9.2.8 Other Subject Attributes

All other optional attributes, when present within the subject field, MUST contain information that has been verified by the CA. CAs SHALL NOT include Fully-Qualified Domain Names in Subject attributes except as specified in Sections 9.2.1 and SHALL NOT include any Subject Organization Information except as specified in Section 9.2. Optional subfields within the Subject field MUST either contain information verified by the CA or MUST be left empty. Metadata such as ‘.’, ‘-‘, and ‘ ‘ characters, and/or any other indication that the field is empty, absent or incomplete, MUST not be used.

9.3 Certificate Policy Identification

9.3.1 EV Certificate Policy Identification Requirements

This section sets forth minimum requirements for the contents of EV Certificates as they relate to the identification of EV Certificate Policy.

9.3.2 EV Subscriber Certificates

Each EV Certificate issued by the CA to a Subscriber MUST contain a policy identifier defined by the CA in the certificate’s certificatePolicies extension that: (i) indicates which CA policy statement relates to that Certificate, (ii) asserts the CA’s adherence to and compliance with these Guidelines, and (iii), by pre-agreement with the Application Software Supplier, marks the Certificate as being an EV Certificate.

9.3.3 Root CA Certificates

The Application Software Supplier identifies Root CAs that are approved to issue EV Certificates by storing EV policy identifiers in metadata associated with Root CA Certificates.

9.3.4 EV Subordinate CA Certificates
(1) Certificates issued to Subordinate CAs that are not controlled by the issuing CA MUST contain one or more policy identifiers defined by the issuing CA that explicitly identify the EV Policies that are implemented by the Subordinate CA.
(2) Certificates issued to Subordinate CAs that are controlled by the Root CA MAY contain the special anyPolicy identifier (OID: 2.5.29.32.0).

9.3.5 Subscriber Certificates

A Certificate issued to a Subscriber MUST contain one or more policy identifier(s), defined by the Issuing CA, in the Certificate’s certificatePolicies extension that indicates adherence to and compliance with these Guidelines. Each CA SHALL document in its Certificate Policy or Certification Practice Statement that the Certificates it issues containing the specified policy identifier(s) are managed in accordance with these Guidelines.

9.4 Maximum Validity Period For EV Certificate

The validity period for an EV Certificate SHALL NOT exceed twenty seven months. It is RECOMMENDED that EV Subscriber Certificates have a maximum validity period of twelve months.

9.5 Subscriber Public Key

The requirements in Section 9.5 of the Baseline requirements apply equally to EV Certificates.

9.6 Certificate Serial Number

The requirements in Section 9.6 of the Baseline requirements apply equally to EV Certificates.

9.7 Additional Technical Requirements for EV Certificates

Both Appendix A – Minimum Cryptographic Algorithms of the Baseline Requirements and Key Sizes and Appendix B – Certificate Extensions of the Baseline Requirements apply to EV Certificates with the following exceptions:
1) If a Subordinate CA Certificates is issued to a Subordinate CA not controlled by the entity that controls the Root CA, the policy identifiers in the certificatePolicies extension MUST include the CA’s Extended Validation policy identifier. Otherwise, it MAY contain the anyPolicy identifier.
2) The following fields MUST be present if the Subordinate CA is not controlled by the entity that controls the Root CA.
certificatePolicies:policyQualifiers:policyQualifierId
id-qt 1 [RFC 5280]
certificatePolicies:policyQualifiers:qualifier:cPSuri
HTTP URL for the Root CA's Certification Practice Statement
3) The certificatePolicies extension in EV Certificates issued to Subscribers MUST include the following:
certificatePolicies:policyIdentifier (Required)
The Issuer’s EV policy identifier
certificatePolicies:policyQualifiers:policyQualifierId (Required)
id-qt 1 [RFC 5280]
certificatePolicies:policyQualifiers:qualifier:cPSuri (Required)
HTTP URL for the Subordinate CA's Certification Practice Statement
4) The cRLDistribution Point extension MUST be present in Subscriber Certificates if the certificate does not specify OCSP responder locations in an authorityInformationAccess extension. 


 DV SSL OV Сертификаты подтверждающие только Домен OV SSL OV Сертификаты подтверждающие Домен и Организацию EV SSL EV Зеленые усиленные сертификаты с указанием названия Организации подтверждают Домен и Организацию WC SSL wildcard Сертификаты защищающие все субдомены. Класс DV OV и EV SAN SSL SAN Мульти доменные  сертификаты защищающие несколько FQDN Доменов. Класс DV OV и EV PRO SSL SGC PRO сертификаты с технологией  Server Gated Cryptography. Класс  OV и EV CodeSign Сертификаты для подписи приложений и програмного кода MS, Java. Класс  OV и EV Email Сертификаты для подписи емаил smime. Класс  DV OV PDF Сертификаты для подписи документов PDF. Класс  OV PV Wi-Fi Сертификаты DigiCert для IoT и Wi Fi IoT Сертификаты DigiCert для IIoT ALL Все сертификаты Symantec Familie: Symantec, thawte, GeoTrust, DigiCert Купить сертификат

NO russia - мы не осблуживаем резидентов из россии Copyright © 1997-2018 adgrafics