Guidelines For The Issuance And Management Of
Extended Validation Certificates
Copyright © 2007-2012, The CA / Browser Forum, all rights reserved.
Verbatim copying and distribution of this entire document is permitted in any medium without royalty, provided this notice is preserved.
Upon request, the CA / Browser Forum may grant permission to make a translation of these guidelines into a language other than English. In such circumstance, copyright in the translation remains with the CA / Browser Forum. In the event that a discrepancy arises between interpretations of a translated version and the original English version, the original English version shall govern. A translated version of the guidelines must prominently display the following statement in the language of the translation:-
'Copyright © 2007-2012 The CA / Browser Forum, all rights reserved.
This document is a translation of the original English version. In the event that a discrepancy arises between interpretations of this version and the original English version, the original English version shall govern.'
A request to make a translated version of these Guidelines should be submitted to email@example.com.
Guidelines for the Issuance and Management of Extended Validation Certificates
Version 1.4, as adopted by the CA/Browser Forum on 29 May 2012. These Guidelines supersede Version 1.3.
The Guidelines describe an integrated set of technologies, protocols, identity proofing, lifecycle management, and auditing practices specifying the minimum requirements that must be met in order to issue and maintain Extended Validation Certificates (“EV Certificates”) concerning an organization. Subject Organization information from valid EV Certificates can then be used in a special manner by certain relying-party software applications (e.g., browser software) in order to provide users with a trustworthy confirmation of the identity of the entity that controls the Web site or other services they are accessing. Although initially intended for use in establishing Web-based data communication conduits via TLS/SSL protocols, extensions are envisioned for S/MIME, time-stamping, VoIP, IM, Web services, etc.
The primary purposes of Extended Validation Certificates are to: 1) identify the legal entity that controls a Web or service site, and 2) enable encrypted communications with that site. The secondary purposes include significantly enhancing cybersecurity by helping establish the legitimacy of an organization claiming to operate a Web site, and providing a vehicle that can be used to assist in addressing problems related to distributing malware, phishing, identity theft, and diverse forms of online fraud.
Notice to Readers
The Guidelines for the Issuance and Management of Extended Validation Certificates present criteria established by the CA/Browser Forum for use by certification authorities when issuing, maintaining, and revoking certain digital certificates for use in Internet Web site commerce. These Guidelines may be revised from time to time, as appropriate, in accordance with procedures adopted by the CA/Browser Forum. Questions or suggestions concerning these guidelines may be directed to the CA/Browser Forum at firstname.lastname@example.org.
The CA/Browser Forum
The CA/Browser Forum is a voluntary open organization of certification authorities and suppliers of Internet browsers and other relying-party
software applications. Membership is listed in the Baseline Requirements.