Extended Validation Certificates—FAQ

Extended Validation (EV) refers to a new set of business process standards for validating an entity before issuing a certificate. The main goals for EV certificates are to both increase user confidence in online commercial transactions and to reduce the threat of Phishing attacks. The CA Browser Forum is a consortium of certification authorities, browser vendors, and the American Bar Association working together to develop formal guidelines to mandate uniform business practices with respect to issuing EV certificates. EV certificates will let users know the true owner of the site to which they are connecting. The issuing process behind EV certificates will help ensure the entity is exactly who it claims to be.

Improved online identity assurance and improved browser representation of online identities will empower users to better protect themselves against malicious and suspicious activity. These types of activities have gradually been eroding user confidence in digital security and have hindered the practices of online shopping and banking.

Today's SSL certificates are an important tool for online commercial transactions, but lack certain elements that would help to further protect users. One of the limitations of traditional SSL certificates is that they simply encrypt the communication channel between the client and the server. They offer no consistent level of validation of the remote server or the business to which it reportedly belongs. Obtaining an SSL certificate today is also relatively easy, requiring only a few pieces of technical data and a valid credit card. The Extended Validation process will address these issues and work to ensure consumers can trust the information displayed in their browsers when connecting to sites secured with EV certificates.

Extended Validation certificates are the result of an effort by a group of companies participating in the Certification Authority (CA) Browser Forum. Microsoft is a vendor member of the CA Browser Forum and our focus is to deliver a browser application. We are not involved with the member CAs in developing their sales and marketing plans for these new certificates. Microsoft believes the Internet user community will benefit from Extended Validation certificates and has taken a position to ensure they are available to businesses which can meet the audit criteria. Internet Explorer 7 currently supports the ability to visually display identity information from Extended Validation certificates.

Today, only Internet Explorer 7 supports EV certificates. All current and recent versions of Internet Explorer will treat Extended Validation SSL certificates the same way they would existing SSL certificates. New browsers developed by members of the CA Browser Forum may contain the functionality to visually represent the certificate contents of Extended Validation SSL certificates without requiring the user to click on the padlock to see the information. For example, Microsoft's Internet Explorer 7 changes the browser address bar "green" to represent that a site has been secured with an Extended Validation SSL certificate. In addition, a box next to the URL bar will show the padlock as well as text showing the name of the organization that has had its identity assured as well as the locality in which the organization is based and the name of the issuing CA.

Microsoft is a vendor member of the CA Browser Forum and our focus is to deliver a browser application. We are not involved with the member Certification Authorities (CAs) in developing their sales and marketing efforts for these new certificates. Customers are encouraged to contact their preferred CA vendor to inquire about pricing and availability.

The new EV SSL certificates require an active revocation mechanism to be in place. For Windows Vista users, such a mechanism exists in the integrated OCSP client. For Windows XP and Windows Server 2003 users, the best option is to have the Phishing Filter enabled.
If you are using Windows XP or Windows Server 2003 and do not have an active revocation mechanism, EV SSL certificates will display as traditional SSL certificates.