This article needs additional citations for verification. (July 2020) |
An Extended Validation (EV) Certificate is a certificate conforming to X.509 that proves the legal entity of the owner and is signed by a certificate authority key that can issue EV certificates. EV certificates can be used in the same manner as any other X.509 certificates, including securing web communications with HTTPS and signing software and documents. Unlike domain-validated certificates and organization-validation certificates, EV certificates can be issued only by a subset of certificate authorities (CAs) and require verification of the requesting entity's legal identity before certificate issuance.
As of February 2021, all major web browsers (Google Chrome, Mozilla Firefox, Microsoft Edge and Apple Safari) have menus which show the EV status of the certificate and the verified legal identity of EV certificates. Mobile browsers typically display EV certificates the same way they do Domain Validation (DV) and Organization Validation (OV) certificates. Of the ten most popular websites online, none use EV certificates and the trend is away from their usage.[1]
For software, the verified legal identity is displayed to the user by the operating system (e.g., Microsoft Windows) before proceeding with the installation.
Extended Validation certificates are stored in a file format specified by and typically use the same encryption as organization-validated certificates and domain-validated certificates, so they are compatible with most server and user agent software.
The criteria for issuing EV certificates are defined by the Guidelines for Extended Validation established by the CA/Browser Forum.[2]
To issue an extended validation certificate, a CA requires verification of the requesting entity's identity and its operational status with its control over domain name and hosting server.