Extended Validation Certificate
Extended Validation SSL Certificates ( EV SSL ; German as "certificates with extended check") are X.509 SSL - certificates whose output is tied to stringent award criteria. This primarily relates to a detailed review of the applicant by the certification body . The award criteria are specified in the "Guidelines for Extended Validation Certificates". The guidelines are published by the CA / Browser Forum , a voluntary association of certification authorities and browser manufacturers.
The certificates are mostly used to secure web applications via HTTPS and to give users additional security against the background of phishing attacks, for example in online banking .
The primary goal of EV SSL certificates is to make phishing more difficult with encrypted and thus at first glance secure websites. With the introduction of a new, "extended" certificate and the address line of the browser with a green background, the users' trust in the secure connection to the desired website is to be strengthened.
The issuance of SSL certificates is generally tied to a review by the applicant, but the pressure on prices among providers has led to a sometimes lax award practice and to simplified certificates that do not certify more than the domain name. This allows fraudsters to use SSL certificates to increase their credibility without having to reveal their identity.
Critics see the new standard as an attempt by the certification authorities to avoid the price war in the SSL certificate issue by introducing a new premium product that does not provide the user with much additional security and that could also be achieved by other means . Smaller providers could also be put at a business disadvantage. In version 1.1, some attempts were made to take these objections into account.
EV certificates were introduced in 2007 through the CA / Browser Forum . As a result, all major browser manufacturers built a visual distinction between regular and EV certificates in the address line.
In August 2019, a redesign was announced for the Google Chrome 77 and Firefox 70 browsers , in which the special display of the EV certificates through the green address line in the browser is no longer required. The Chrome developers justify this step with insufficient effectiveness of the visual indicators in the address bar. In these browsers, the user currently only receives information on extended validation via the respective detailed display for certificates on protected websites.
In order to be able to issue EV-SSL-Certificates, the certification authorities have to undergo a check themselves. The award of the certificates is linked to the following criteria, among others:
- Establishing the applicant's identity and business address
- Ensuring that the applicant is the exclusive owner of the domain or has exclusive usage rights
- That the complaining people are empowered and that legally binding documents of ensuring authorized signatories are people signed
An EV certificate can be issued for:
- Sole proprietorship
- EV SSL Certificate Guidelines Version 1.7.0 - current version of the guidelines (as of October 29, 2019)
- ↑ Guidelines for Extended Validation Certificates 1.0
- ^ "Software to Spot 'Phishers' Irks Small Concerns," Wall Street Journal, December 19, 2006
- ↑ Version 1.1 of the Guidelines for Extended Validation Certificates ( page no longer available , search in web archives ) Info: The link was automatically marked as defective. Please check the link according to the instructions and then remove this notice.
- ↑ https://cabforum.org/wp-content/uploads/EV_Certificate_Guidelines.pdf
- ↑ https://www.ghacks.net/2019/08/13/mozilla-revamps-firefoxs-https-address-bar-information/
- ^ Google, Mozilla: We're changing what you see in Chrome, Firefox address bars . In: ZDNet .
- ↑ https://chromium.googlesource.com/chromium/src/+/HEAD/docs/security/ev-to-page-info.md