SSL Web Server Certificates with EV

Thawte SSL Web Server Certificates with EV

thawte's SSL Web Server Certificate with EV offers corporations and government entities the highest industry standard for identity authentication as well as 256, 128, 56 or 40-bit encryption. The level of encryption delivered depends on your client’s browser capability and the cipher suite installed on your web server. End users with the latest high-security web browsers will see a highly visible green address bar verifying the authenticity of your web site if you secure your web site with an Extended Validation SSL Certificate. This is the only level of authentication that enables Internet Explorer 7 to display the trusted green address bar and a scrolling security status bar identifying both the name of the web site and the Certificate Authority for the web site.

SSL Web Server Certificates with EV help assure your customers that you have an authenticated, trustworthy site and that information is encrypted while in transit between your web server and their web browsers.

Certificate Features and Benefits:

Is this the right product for my business?

If you want to differentiate your web site as more trustworthy than your competition and increase the number of transactions completed by your customers, Thawte SSL Web Server Certificates with EV may be the right choice for you. The pervasiveness of fraudulent web schemes, such as phishing and pharming, greatly increases the importance of web site identity authentication. If your web site visitors are sharing sensitive personal information with you, increasing their level of trust in your authenticity may increase their willingness to complete transactions. Extended Validation SSL is the industry’s highest standard for verifying a web site’s identity. Nervous consumers need reassurance that they are on your genuine web site and Thawte SSL Web Server Certificates with EV are proven and very visible solutions for assuring your visitors that your web site is authentic.

• A more rigorous standard for identity verification
• Highly visible security interface
• Competitive advantage
• Strong encryption protection
• Higher level of consumer trust

When you need an even more powerful SSL Certificate

If you accept online payments, share confidential information such as financial or healthcare data, or are required by law to meet certain privacy and security standards, an SSL Certificate with both Extended Validation identity assurance and maximum strength SGC encryption technology may be a better choice for your web site. VeriSign® Secure Site Pro with EV combines both technologies for the most secure SSL Certificate available today. Visit VeriSign to read more...

Traditional SSL Certificates

Many sites will opt for the high level of assurance offered through Extended Validation SSL, however, traditional SSL Certificates are appropriate for individuals and unregistered organizations. Traditional SSL Certificates also offer enough assurance for other purposes. Securing traffic between internal servers is one instance where a traditional SSL Certificate is adequate. Websites without e-commerce or sensitive information transactions or sites with very light volume are also candidates for traditional SSL Certificates.

What does it do?

To initiate a Secure Sockets Layer (SSL) session across the Internet, a valid SSL Certificate must be installed on the server. All SSL Certificates provide two basic functions. They authenticate the identity of a web site to visitors and they provide data encryption. However, there are significant differences in the quality of the authentication and encryption services offered by different SSL Certificates. Thawte SSL Web Server Certificates with EV provide the highest level of identity authentication in the industry and offer the strongest level of data encryption supported by your web site visitor’s individual browser capability (up to 256-bit).

The highest level of identity authentication in the industry

Recently a group of industry experts, the CA/Browser Forum, convened to create a new, higher standard for identity assurance - Extended Validation (EV) SSL. EV SSL standardizes a strict process for confirming the identity of a website and it adds new browser interface features for demonstrating the authenticity of a website.

The vetting process for organizations receiving an Extended Validation SSL Certificate is both standardized and more rigorous than SSL Certificates previously offered in the industry. Only entities legally recognized by an official registration agency are eligible for Extended Validation SSL Certificates. Requesting organizations must provide a signed acknowledgement of agreement from the Organizational Contact listed on the order, as well as a registration document if Thawte is unable to confirm the organization details through a government database. Thawte may also request a legal opinion letter to confirm the physical address of place of operation, telephone number, and the organization’s exclusive right to use the domain, as well as provide additional confirmation of the organization’s existence (if less than 3 years old) and the Corporate Contact’s employment if Thawte is unable to verify this information elsewhere. For more information on how to authorize for an EV Certificate read the Thawte authentication guide.

A more visible interface identifies your secure site

Until now browsers typically displayed a small lock icon to identify that this session encrypts data and that the organization using that web domain has the right to use that domain (as listed in the SSL Certificate securing that web site). With Extended Validation SSL the browser interface display that signifies a secured and authenticated web site will be much more noticeable. New high-security browsers are expected to distinguish web sites secured by Extended Validation SSL Certificates by turning the address bar at the top of the screen to a highly visible green color. To the right of the green address bar a field will scroll between the name of the organization using that web domain and the CA who issued the SSL Certificate. This new interface will pull this information directly from the Extended Validation Certificate and enable the web site visitor to immediately see that they have accessed a secured and authenticated web site and that it is the web site they meant to visit. Microsoft® Internet Explorer 7 (IE7) is the first browser to support this new green address bar feature. Older browsers will continue to display all certificates with the traditional lock icon at the bottom of the browser window.

Only available from a few authorized certificate authorities

Not just any company is authorized to issue an Extended Validation SSL Certificate. Only CAs who adopt the CA/Browser Forum Extended Validation guidelines and pass a WebTrust EV audit may issue Extended Validation SSL Certificates. New browsers will check to confirm that the CA is authorized before displaying the Extended Validation SSL Certificate. So it is more important than ever to select a CA that has an outstanding track record issuing SSL Certificates because browser vendors can remove CA roots from the root store if the CA fails to meet specified requirements. If a CA’s root is removed from the root store, your SSL Certificate will no longer qualify as an Extended Validation Certificate in the browser.

Free Windows XP EV upgrade tool

EV Upgrader™ (a $300 value) is embedded within the Thawte site seal and comes with the purchase of a Thawte EV Certificate. When placed on your web site it automatically enables any IE7 user running Windows XP to see the Extended Validation SSL green address bar and security information features. The first time an IE7 user on Windows XP visits a site with EV Upgrader™ from Thawte EV Upgrader™ will automatically prompt the operating system to enable the Extended Validation SSL functionality. So, beginning with the next time the user initiates a web session, every time they visit a site with an EV Certificate from Thawte they will see the green address bar. IE7 users running on Windows Vista will automatically see the green address bar and security information.

Strong asymmetrical encryption

SSL Web Server Certificates with EV help assure information privacy and protect information transmitted between your web site and your client’s web browser or between servers. Data sent “in the clear” can be intercepted and read or altered. SSL Web Server Certificates with EV utilize asymmetrical cryptography. This more secure method of encryption uses a public and private key pair to encrypt and decrypt information packages. These certificates will initiate a session using the strongest level of encryption supported by your client’s browser capabilities and the cipher suite installed on your web server. This could be 40-, 56-, 128-, or 256-bit encryption depending on the particulars of each session.

Technical details:

Certificate Signing Request (CSR) File

The process of applying for a Thawte SSL Web Server Certificate with EV begins with the completion and submission of a Certificate Signing Request (CSR) file. Thawte then verifies your identity based on EV application process requirements and when satisfied signs that request file, using the trusted Thawte CA root key, and issues it to you as your certificate.

Valid Certificate Request Formats

When we issue your certificate it will contain two critical pieces of information about you. The first is the "Distinguished Name", which is a set of values that describes your country, state or province, city or town, organization, division within that organization and web server domain name. The second is your public key.

Keys

Session keys are made up of a public key (issued to you with your SSL Web Server Certificate with EV) and randomly selected private keys created by each browser when it connects to your server. Session keys are used to encrypt and decrypt data (transmitted to and from the server) after the initial browser/server “handshake.” (A session key is not your Server Certificate key, which is either 1024-bit, or 512-bit.)

Compatible web servers

Please note that the SSL Web Server Certificate with EV is chained. Therefore please check that your web server supports Certificate chaining. Click to download a complete list of compatible web servers.

Compatible web browsers

All modern browsers should work well with Thawte certificates. The enhanced Extended Validation interface features (green address bar and security status bar) are expected to be supported in new high-security browsers such as IE7 and Opera 8. IE7 browsers running on Vista will automatically display the Extended Validation interface features. IE7 browsers running on XP will automatically be upgraded to display the Extended Validation interface features for any website with an Extended Validation Certificate issued by thawte, once the user has visited a site with the EV Upgrader™. Click here for more.

Authentication Eligibility:

Corporations, general partnerships, unincorporated associations, government agencies and sole proprietorships are eligible to receive EV SSL Certificates provided they are listed with an official registration agency in their jurisdiction. Their license, charter or equivalent must be current, active and valid. Thawte must be able to confirm the employment and the authority of the person who places the order for the certificate on behalf of the organization. The requesting organization may not be located in a country or be part of an industry identified on a government prohibited list. Individuals and unregistered organizations are currently not eligible for EV SSL Certificates.

Authentication Process

To issue an Extended Validation SSL Certificate, Thawte requires confirmation of the legal existence of the organization and a signed acknowledgement of agreement on the certificate order from the contact person for the organization. Additionally a principle individual for the organization must attest to the certificate subscriber agreement. Thawte will verify the organization’s registered legal name, registration number, registered address, physical business address as well as any assumed business names. Thawte will also verify the applicant organization’s right to use the Domain Name and that the application organization has authorized the issuance of an Extended Validation Certificate.

Secure Internationalized Domains:

Thawte now provides SSL certificates to customers who use Internationalized Domain Names – the first Certification Authority to offer this. Internationalized Domain Names (IDNs) provide a convenient mechanism for users to access websites in their preferred language.

thawte's systems are now able to recognize and issue certificates that contain local language characters in all certificate fields.

What this means is that you can now buy an SSL123 Certificate, an SSL Web Server Certificate or an SGC SuperCert to secure the website you have hosted on an Internationalized Domain Name.

Not only will your secured Internationalized Domain content be reflected in the certificate details, but your Thawte Trusted Site Seal will also reflect your local language content. Thawte systems are also fully internationalized across all certificate enrollment details including Code Signing Certificate product lines.

If you require additional Information on the benefits of IDNs or would like to purchase an Internationalized Domain Name, please click here.

Online Certificate Status Protocol:

A major software vendor has released a beta version of their browser that will have automatic certificate revocation checking as a default option

This new checking protocol will maximize the speed of checking the status of Thawte certificates and will minimize the possibilities of online fraud as invalid certificates and companies will immediately be exposed to the end customer

Thawte has invested significantly in the infrastructure which can support OCSP - something not all CAs will be able to provide and support.