Правила выпуска зеленых EV SSL сертификатов
для верификации владельца и защиты сайта

Контакты
☎ +380672576220

Проверка
SSL

Установка
SSL

Цепочка
SSL

Seal
SSL

CSR
pKey

Экспорт-Импорт
Конвертер

Code Sign
сертификаты

Email Smime
сертификаты

PDF и Word
сертификаты

База
знаний

Купить
SSL

Правила EV SSL сертификатов

Помощь

Index

1. Scope (6)

2. Purpose (6)
2.1 Purpose of EV Certificates (6)
2.1 Purpose of EV Certificates (6)
2.1.1 Primary Purposes (6)
2.1.2 Secondary Purposes (6)
2.1.3 Excluded Purposes (7)

3. References (7)

4. Definitions (7)

5. Abbreviations and Acronyms (10)

6. Conventions (11)

7. Certificate Warranties and Representations (11)
7.1 EV Certificate Warranties (11)
7.2 By the Applicant (12)

8. Community and Applicability (12)
8.1 Issuance of EV Certificates (12)
8.2 EV Policies (12)
8.2.1 Implementation (12)
8.2.2 Disclosure (12)
8.3 Commitment to Comply with Recommendations (12)
8.4 Insurance (12)
8.5 Obtaining EV Certificates (13)
8.5.1 General (13)
8.5.2 Private Organization Subjects (13)
8.5.3 Government Entity Subjects (13)
8.5.4 Business Entity Subjects (13)
8.5.5 Non-Commercial Entity Subjects (14)

9. EV Certificate Content and Profile (14)
9.1 Issuer Information (14)
9.2 Subject Information (14)
9.2.1 Subject Organization Name Field (14)
9.2.2 Subject Alternative Name Extension (15)
9.2.3 Subject Common Name Field (15)
9.2.4 Subject Business Category Field (15)
9.2.5 Subject Jurisdiction of Incorporation or Registration Field (15)
9.2.6 Subject Registration Number Field (16)
9.2.7 Subject Physical Address of Place of Business Field (16)
9.2.8 Other Subject Attributes (16)
9.3 Certificate Policy Identification (17)
9.3.1 EV Certificate Policy Identification Requirements (17)
9.3.2 EV Subscriber Certificates (17)
9.3.3 Root CA Certificates (17)
9.3.4 EV Subordinate CA Certificates (17)
9.3.5 Subscriber Certificates (17)
9.4 Maximum Validity Period For EV Certificate (17)
9.5 Subscriber Public Key (17)
9.6 Certificate Serial Number (17)
9.7 Additional Technical Requirements for EV Certificates (17)

10. EV Certificate Request Requirements (18)
10.1 General Requirements (18)
10.1.1 Documentation Requirements (18)
10.1.2 Role Requirements (18)
10.2 EV Certificate Request Requirements (18)
10.3 Requirements for Subscriber Agreement and Terms of Use (19)

11. Verification Requirements (19)
11.1 General Overview (19)
11.1.1 Verification Requirements - Overview (19)
11.1.2 Acceptable Methods of Verification Overview (19)
11.2 Verification of Applicant’s Legal Existence and Identity (19)
11.2.1 Verification Requirements (19)
11.2.2 Acceptable Method of Verification (20)
11.3 Verification of Applicant’s Legal Existence and Identity - Assumed Name (22)
11.3.1 Verification Requirements (22)
11.3.2 Acceptable Method of Verification (23)
11.4 Verification of Applicant’s Physical Existence (23)
11.4.1 Address of Applicant’s Place of Business (23)
11.4.2 Telephone Number for Applicant’s Place of Business (24)
11.5 Verification of Applicant’s Operational Existence (24)
11.5.1 Verification Requirements (24)
11.5.2 Acceptable Methods of Verification (24)
11.6 Verification of Applicant’s Domain Name (24)
11.6.1 Verification Requirements (24)
11.6.2 Acceptable Methods of Verification (25)
11.7 Verification of Name, Title, and Authority of Contract Signer and Certificate Approver (26)
11.7.1 Verification Requirements (26)
11.7.2 Acceptable Methods of Verification Name, Title and Agency (26)
11.7.3 Acceptable Methods of Verification Authority (27)
11.7.4 Pre-Authorized Certificate Approver (28)
11.8 Verification of Signature on Subscriber Agreement and EV Certificate Requests (28)
11.8.1 Verification Requirements (28)
11.8.2 Acceptable Methods of Signature Verification (29)
11.9 Verification of Approval of EV Certificate Request (29)
11.9.1 Verification Requirements (29)
11.9.2 Acceptable Methods of Verification (29)
11.10 Verification of Certain Information Sources (29)
11.10.1 Verified Legal Opinion (29)
11.10.2 Verified Accountant Letter (30)
11.10.3 Face-to-Face Validation (31)
11.10.4 Independent Confirmation From Applicant (31)
11.10.5 Qualified Independent Information Source (33)
11.10.6 Qualified Government Information Source (33)
11.10.7 Qualified Government Tax Information Source (33)
11.11 Other Verification Requirements (33)
11.11.1 High Risk Status (33)
11.11.2 Denied Lists and Other Legal Black Lists (33)
11.11.3 Parent/Subsidiary/Affiliate Relationship (34)
11.12 Final Cross-Correlation and Due Diligence (34)
11.13 Requirements for Re-use of Existing Documentation (35)
11.13.1 For Validated Data (35)
11.13.2 Validation for Existing Subscribers (36)
11.13.3 Exceptions (36)
11.13.4 Validation of Re-issuance Requests (36)

12. Certificate Issuance by a Root CA (36)

13. Certificate Revocation and Status Checking (37)

14. Employee and third party issues (37)
14.1 Trustworthiness and Competence (37)
14.1.1 Identity and Background Verification (37)
14.1.2 Training and Skills Level (37)
14.1.3 Separation of Duties (37)
14.2 Delegation of Functions to Registration Authorities and Subcontractors (38)
14.2.1 General (38)
14.2.2 Enterprise RAs (38)
14.2.3 Guidelines Compliance Obligation (38)
14.2.4 Allocation of Liability (38)

15. Data Records (38)

16. Data Security (38)

17. Audit (39)
17.1 Eligible Aud it Schemes (39)
17.2 Audit Period (39)
17.3 Audit Record (39)
17.4 Pre-Issuance Readiness Audit (39)
17.5 Regular Self Audits (39)
17.6 Auditor Qualification (39)
17.7 Root CA Key Pair Generation (40)

18. Liability and Indemnification (40)

Appendix A - User Agent Verification (Normative) (41)

Appendix B - Sample Legal Opinion Confirming Specified Information (Informative) (42)

Appendix C - Sample Accountant Letters Confirming Specified Information (Informative) (44)

Appendix D - Country-Specific Interpretative Guidelines (Normative) (48)

Appendix E - Sample Contract Signer's Representation/Warranty (Informative) (50)

Руководство по выпуску и управлению EV SSL сертификатов с расширенной валидацией

Appendix C - Sample Accountant Letters Confirming Specified Information (Informative)

It is acceptable for professional accountants to provide letters that address specified matters. The letters would be provided in accordance with the professional standards in the jurisdiction in which the accountant practices.

Two examples of the letter that might be prepared by an accountant in the United States and in Canada follow:

UNITED STATES

To the [Certification Authority] and Management of [Client]:

We have performed the procedures enumerated below, which were agreed to by the Managements of Client, solely to assist you in evaluating the company’s application for an Extended Validation (EV) Certificate, dated......................., 20...... This agreed-upon procedures engagement was conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants. The sufficiency of these procedures is solely the responsibility of those parties specified in this report. Consequently, we make no representation regarding the sufficiency of the procedures described below either for the purpose for which this report has been requested or for any other purpose.


Specified Information:	Procedure: (Note 1: These are illustrative of the procedures that would be undertaken and are designed to meet the needs of the Certification Authorities issuing Extended Validation Certificates)	Results: (Note 2: If you are unavailable to perform any of the stated procedure, this should be noted in this column. Any exceptions should be noted in a separate paragraph below)

Legal Name - 123456 Delaware corporation	Agree legal name to permanent audit file information (If audit has been completed).	Legal name on the application agrees with the information contained in our permanent file with respect to Client. (If there is no permanent file, state this fact)
Doing business as - \"Name\"	Agree name to government data base of business names	The name “Name” is registered with the (name of database to which the name was agreed)
Physical location - \"Address Information\"	Visit the location at the address	Site visit completed at Address
Business Phone Number - 555 999 9999	Phone the number provided and confirm that it was answered by the named organization	Phoned Business Number and noted that it was answered with the Doing Business As name. This would provided by the receptionist
Bank Account – \"Bank Name\", \"Account Number\"	Request a letter directly from \"the Bank\" confirming the existence of the account for the benefit of \"the Client\"	Received letter directly from \"the Bank\" confirming the existence of the account for the benefit of \"the Client\"
The corporate officers are \"NAMED\" (verified officer)	Agree Names to annual shareholders meeting minutes (Note - not required to personally know the officers)	Agreed Names listed as corporate officers on the application to minute books maintained by the Client
Name of application signer and approver	Obtain letter from verified Officer confirming the names of the application signer and approver	Obtained letter from the President confirming the names of the duly authorized names of the application signer and approver as they appear in the application

We were not engaged to and did not conduct an examination, the objective of which would be the expression of an opinion on the Application for Extended Validation Certificate. Accordingly, we do not express such an opinion. Had we performed additional procedures, other matters might have come to our attention that would have been reported to you.

This report is intended solely for the information and use of the Certification Authority and managements of Client, and is not intended to be and should not be used by anyone other than these specified parties.

[Signature]

[Date]

CANADA

To: [Name of Certification Authority]

Re: Client Limited [Applicant]

As specifically agreed, I/we have performed the following procedures in connection with the above company's application for an Extended Validation (EV) Certificate, dated ......................., 20.... with respect to the following specified information contained in the application

Obtain letter from verified Officer confirming the names of the application signer and approver Obtained letter from the President confirming the names of the duly authorized names of the application signer and approver as they appear in the application


Specified Information:	Procedure: (Note 1: These are illustrative of the procedures that would be undertaken and are designed to meet the needs of the Certification Authorities issuing Extended Validation Certificates)	Results: (Note 2: If you are unavailable to perform any of the stated procedure, this should be noted in this column. Any exceptions should be noted in a separate paragraph below)

Legal Name - 123456 Ontario limited	Agree legal name to permanent audit file information (If audit has been completed)	Legal name on the application agrees with the information contained in our permanent file with respect to Client. (If there is no permanent file, state this fact)
Doing business as - \"Name\"	Agree name to government data base of business names	The name \"Name\" is registered with the (name of database to which the name was agreed)
Physical location - \"Address Information\"	Visit the location at the address	Site visit completed at Address
Business Phone Number - 555 999 9999	Phone the number provided and confirm that it was answered by the named organization	Phoned Business Number and noted that it was answered with the Doing Business As name. This would provided by the receptionist
Bank Account – \"Bank Name\", \"Account Number\"	Request a letter directly from “the Bank” confirming the existence of the account for the benefit of \"the Client\"	Received letter directly from “the Bank” confirming the existence of the account for the benefit of \"the Client\"
The corporate officers are \"NAMED\" (verified officer)	Agree Names to annual shareholders meeting minutes (Note - not required to personally know the officers)	Agreed Names listed as corporate officers on the application to minute books maintained by the Client
Name of application signer and approver

As a result of applying the above procedures, I/we found [no / the following] exceptions [list of exceptions]. However, these procedures do not constitute an audit of the company's application for an EV Certificate, and therefore I express no opinion on the application dated ......................., 20.....

This letter is for use solely in connection with the application for an Extended Validation Certificate by [Client] dated ......................., 20......

City
(signed) ......................................

 DV OV EV WC SAN PRO CodeSign Email PDF Wi-Fi IoT ALL Купить сертификат

NO russia - мы не осблуживаем резидентов из россии

Правила выпуска зеленых EV SSL сертификатовдля верификации владельца и защиты сайта

Руководство по выпуску и управлению EV SSL сертификатов с расширенной валидацией Appendix C - Sample Accountant Letters Confirming Specified Information (Informative)

Правила выпуска зеленых EV SSL сертификатов
для верификации владельца и защиты сайта

Руководство по выпуску и управлению EV SSL сертификатов с расширенной валидацией

Appendix C - Sample Accountant Letters Confirming Specified Information (Informative)