loading image
Extended Validation EV Header Icon

Extended Validation (EV) Guide

Understanding the Benefits of the EV SSL Certificate & its Authentication Requirements

Consumers usually trust the Extended Validation certificates the most because it's not very easy to get one. All of a company's records must match from the initial domain registration, to corporate documents, all the way to the corporate bank records. This is to validate that a company is a legitimate business and who they said they are.

In order to get your Extended Validation certificate, Certificate Authority, (CA), will start an investigation and review process. They will ask for several documents for you to submit. You can find a list of those documents below.

The easiest and FASTEST way to get your certificate issued is to submit an opinion letter from an attorney or a CPA.

Submitting the Extended Validation SSL Agreement

REQUIRED: Your Organizational Contact must acknowledge and sign the Extended Validation SSL Agreement and fax or mail it to Certificate Authority.

IMPORTANT! Certificate Authority (CA) cannot begin processing your order until the signed Agreement is received.

Submitting a Lawyers Opinion Letter

To facilitate order processing, complete and submit the Lawyers Opinion Letter. The Lawyers Opinion Letter verifies certificate and organization details and enables faster issuance of your certificate.

IMPORTANT!The Lawyers Opinion Letter is the simplest and most expedient method to provide required verification information. If this verification information is not provided through the Lawyers Opinion Letter, it must be provided through other means (described below).

DigiCert must be able to confirm the following regarding the Lawyers Opinion Letter:
  • The letter must be from a lawyer, solicitor, barrister, advocate, or equivalent licensed to practice law in the country of the requesting organization's jurisdiction of incorporation, or in any jurisdiction where the organization maintains an office or physical facility.
  • Certificate Authority (CA) must be able to verify with the appropriate authority that the lawyer is registered in the appropriate jurisdiction.
  • Certificate Authority (CA) must be able to verify the opinion letter directly with the lawyer
Organization authentication requirements

To qualify for an Extended Validation SSL Certificate, the organization requesting the certificate must be registered as a corporation or equivalent with the appropriate government agency in its country of jurisdiction.

DigiCert must be able to confirm all of the following organizational registration requirements:

  • Official government agency records must include:
  • The organization's registration number or the organization's date of registration/incorporation.
  • The organization's registered address (or the address of the company's registered agent).
  • A non-government data source (such as Dun & Bradstreet) must include the organization's place of business address (as identified in the order.) Extended Validation SSL Authentication Requirements DigiCert, Inc. 5
  • If the organization has been registered for less than 2 years, DigiCert must verify operational existence through one of the following means:
  • Through a non-government data source (such as Dun & Bradstreet)- or -
  • By verifying the organization has an active demand deposit account (such as a checking account) with a regulated financial institution through a lawyers opinion letter or directly with the financial institution.
Domain authentication requirements

To qualify for an Extended Validation SSL Certificate, domain registration details must reflect the full organization name as included on the certificate request.

  • The domain must be registered with ICANN or IANA registrar (for CCTLDs).
  • A parent or subsidiary relationship does not represent sufficient proof of ownership of the domain name. Domain registration details must be updated to reflect the organization name as included on the certificate request.
  • Where domain registration is not updated to reflect the organization name as identified on the certificate request, a lawyer's opinion regarding the organization's exclusive right to use the name is required, in addition to verifying this fact directly with the registered domain contact.
  • The Organizational Contact must confirm knowledge of the organization's domain ownership during the verification call.
Organizational Contact authentication Requirements

Organizational Contact authentication Requirements To qualify for an Extended Validation SSL Certificate, the Organizational Contact identified in the certificate request must be employed by the requesting organization and have appropriate authority to obtain and delegate Extended Validation certificate responsibilities.

Note: Employment and authorization cannot be verified through the organization's Web site.

Note: If the Organizational Contact identified in the certificate request is listed in government records as a corporate officer (such as Secretary, President, CEO, CFO, COO, CIO, CSO, Director, or equivalent), then organizational contact employment and authorization can be approved without verifying this information as described below.

DigiCert must be able to confirm all of the following Organizational Contact requirements:
  • Organizational Contact's identity, title, and employment through an independent source.
  • Organizational Contact is authorized to obtain and approve EV certificates on behalf of the Organization and to delegate this authority to others. This can be verified through one of the following methods:
  • A lawyers opinion letter
  • A Corporate Resolution letter
  • Directly contacting the CEO, COO, or similar executive at the organization and confirming the authority of the organizational contact. If no public records are available regarding the CEO, COO, or other executive, DigiCert will attempt to contact the organization's human resources department for contact details.
Order verification requirements

As part of processing an Extended Validation SSL Certificate, DigiCert must verify the certificate request and all certificate details with the Organizational Contact identified in the certificate request. DigiCert must contact the Organizational Contact using an independently-obtained telephone number (not the telephone number provided in the order)

This telephone number is obtained through one of the following methods:

  • By researching qualified telephone databases to find a telephone number. Ensure your organization's primary telephone number is listed in a public telephone directory.
  • As provided in a lawyers opinion letter.
  • As confirmed during a site visit conducted by DigiCert.

During the verification call, DigiCert must verify the following with the Organizational Contact:

  • The name of the technical contact (or Managed PKI administrator) identified in the certificate request and his or her authority to obtain the Extended Validation certificate on behalf of the organization.
  • If applicable, the Managed PKI administrator's authority to delegate Extended Validation responsibilities.
  • Knowledge of the company's ownership and right to use the domain identified in the certificate request.
  • Approval of the Extended Validation SSL Certificate request.
  • Acknowledgement of signature of DigiCert Extended Validation Subscriber Agreement
Why RSO Image

Why Choose Us?

- We offer Most Trusted Brands

- Streamlined SSL Support (24 Hours/7 Days/365 Year)

- Excellent SSL Experts

- Unlimited SSL Tools

- A 30 Day Money Back Guarantee

  • Firefox web browser image
  • Google Chrome web browser image
  • Internet Explorer web browser image
  • Opera web brower image
  • Safari web browser image
  • Netscape web browser image
  • AOL web browser image

Our certs are supported on 99.9% of web browsers, iPhones & mobile devices

Our Awesome Customers