Extended Validation

The Extended Validation (EV) SSL Certificate is the best choice if you want to build customer relationships based on security and trust. This certificate is issued only after the Certificate Authority (CA) performed an extensive verification of your company and its owner, confirming that your business is trustworthy. The validation process can take a few business days. But if you keep your company’s records up to date, the Extended Validation SSL certificate will be issued quickly, confirming that your company owns the website.

This type of SSL certificate significantly enhances the trust level of your website. Extended Validation certificates are highly effective in providing protection against phishing attacks. By displaying the well-known green address bar, your clients feel safer while performing transactions, and this fact will definitely boost your conversions. This is why Extended Validation certificates are considered the most reputable SSL Certificates for your website.

In order to have the Green Address Bar on your website, you have to purchase an Extended Validated (EV) SSL Certificate. We offer EV SSL certificates for different purposes, assuring different levels of security. You can find the whole list of EV certificates issued by 4 global leaders Internet Security at this link.

ev2ev1You can check if you have an Extended Validation SSL Certificate by looking at the attributes of your SSL Certificate. Please open the two screenshots on the right in order to see where you can find the information about the validation type of your SSL Certificate.

Different SSL Certificate brands have different Extended Validation procedures. Please read the section that applies to your SSL Certificate brand below.

Comodo

You need to provide information about your company and your company’s phone number as a part of the Extended Validation. There are two things that you need to do:

1) Kindly download the following two forms:
– EV Certificate Request Form
EV SSL Subscriber Agreement
Both these documents are in PDF format. Please fill them in and sign them. You will need to provide them to Comodo Validation Center, in order to pass the Extended Validation process.

2) Please validate your phone number. There are three ways to do that. You don’t have to do all three things from below. Doing just one of them will be enough.

2.1) The first way is to provide your DUNS number to Comodo. You can get your company’s DUNS number from this website: https://www.dandb.com/. If Comodo gets back to you and says that your DUNS listing does not contain a phone number, then you need to contact Dun & Bradstreet (at https://www.dandb.com/) and ask them to “add your company’s phone number to their business directory and on the report”.

2.2) If you don’t have a DUNS number, then the other thing you can do is to provide your company’s registration number for Comodo to check your company with your country’s governmental directories (e.g.: Corporation Division, Companies House, Department of State, etc). Please note that Comodo will be looking to see your company’s phone number listed there as well. Not all governmental directories have the companies’ phone numbers. If the governmental directory allows you to call them, email them, or use their website to add your phone number, then please go ahead and do that.

2.3) If the above two options (2.1 and 2.2) don’t work for you, then the third and last option to validate your phone number is to ask a CPA (Certified Public Accountant), or a Latin Notary, or an Attorney (Lawyer) to write, sign and send a letter to Comodo where they confirm your company name, address and phone number. You can find the sample letters below:
– Sample Accountant Letter
– Sample Legal Opinion Letter

partner-order-idPlease send the forms described in point 1, and any of the forms from points 2.1, 2.2, or 2.3 to [email protected] and mention your “Partner Order ID” in your message.  You can find your “Partner Order ID” on the details page of your SSL Certificate inside your SSL Dragon account. See screenshot on the right.

If you do not hear from Comodo in the next 3 days after you email them the information from above, then please call +1 (888) 266-6361 (Ext 4) to check the status of your SSL Certificate with Comodo. When you talk to them, you will need to provide them your “Partner Order ID”.

Thawte, GeoTrust, Symantec/VeriSign

If you bought an Extended Validation SSL Certificate with Thawte, GeoTrust, Symantec/VeriSign, then the certificate authority will work on validating the legal existence of your company via local public databases, as a part of the Extended Validation process. This may take between 1-3 working days. Please wait until one of the certificate authority representatives contacts you about any additional information that they may need you to provide them.

partner-order-idIf you do not hear from the Certificate Authority representatives in the 5-7 days, then please call +1 (520) 477-3152 (Ext 2) to check the status of your SSL Certificate with the Certificate Authority. Please note that Thawte, GeoTrust, Symantec/VeriSign are all owned by Symanec, and they all have the same phone number provided above.  When you talk to them, you will need to provide the “Partner Order ID”, which you can find on the details page of your SSL Certificate inside your SSL Dragon account. See screenshot on the right.

The validation time of an SSL depends on the type of certificate you chose to buy.

Domain Validated certificates are issued within 3-5 minutes in 99% of the cases. Only when an SSL Certificate is requested for a domain name that contains a trademark or a brand name, then those SSL Certificates may pass brand validation, and can take up to a business day to be issued.

Business Validated certificates are usually issued within 1-3 business days.

Extended Validated certificates can take between 1-7 business days to be issued. The Certificate Authority does its part of the work very quickly. If all the information is provided to the Certificate Authority quickly and correctly, then the Certificate Authority can issue the EV certificate within 1 business day. We’ve seen situations when the EV Certificate was issued within a few hours. The 1-7 days period depends on how quickly the customer provides the required information to the Certificate Authority, and how quickly the customer responds to the Certificate Authority’s potential requests for additional information.

By doing the Validation process, the Certificate Authority’s is trying to confirm that you are the owner of the domain, and that the company that you are requesting a Business Validation or Extended Validation certificate for is active. That is why it is important that you keep your company’s records (address and phone number) up to date and you promptly respond to the Certificate Authority’s requests.

It is possible that this situation happened to you too. You ordered a Comodo InstantSSL with Free EV, you passed the Extended Validation process, Comodo sent you an email where they told you that your certificate was issued successfully, and when you install your Comodo InstantSSL with Free EV, your website shows as secured by an SSL, but doesn’t show a green bar and doesn’t show your company name in the URL bar as it should. Here’s why:

The Comodo InstantSSL with Free EV comes in two parts:
1) Comodo InstantSSL – which is a Business Validation certificate;
2) The “Free EV” part of the certificate – which is an Extended Validation (Green Bar) SSL certificate.

Comodo issues both parts of the certificate and offers them to us. Sometimes Comodo issues the Comodo InstantSSL (Business Validation) certificate first, and then the “Free EV” certificate comes several hours later.

So as Comodo announced you about the certificate being issued, you probably got it and installed it on your website. The thing is that you got the Comodo InstantSSL (Business Validation) certificate and installed it, and that is why your website doesn’t show a green bar and your company name in the browser’s URL bar.

Once you notify us about this problem, we place an internal request in our system, and we double check if the “Free EV” certificate was offered to us. If we find that the “Free EV” certificate was issued and reached our system, then we announce you about that, and you have to go to your SSL Dragon account and get your updated “Free EV” certificate from there.

If we see that the “Free EV” certificate did not reach our system yet, then we place an internal request with Comodo for them to provide the “Free EV” certificate to us, and it usually takes a few hours for the “Free EV” certificate to come up. When that happens, your current Comodo InstantSSL (Business Validation) certificate is automatically replaced with the “Free EV” certificate, and we send you an email message notifying you about that.

It is possible that this situation happened to you too. You ordered a Comodo InstantSSL with Free EV, you passed the validation process, Comodo sent you an email where they told you that your certificate was issued successfully, but when you go to your SSL Dragon account to get your SSL Certificate you still see it as “processing”. Here is why:

The Comodo InstantSSL with Free EV comes in two parts:
1) Comodo InstantSSL – which is a Business Validation certificate;
2) The “Free EV” part of the certificate – which is an Extended Validation (Green Bar) SSL certificate.

Sometimes Comodo issues the Comodo InstantSSL (Business Validation) certificate first, and then the “Free EV” certificate comes later. When buying a Comodo InstantSSL with Free EV, customers expect to get the EV Certificate. That is why, most of the times we only display the SSL certificate in users’ accounts when the “Free EV” part of the certificate is ready.

So as Comodo announced you about the certificate being issued, and so as you do not see the SSL Certificate as issued in your SSL Dragon account, in most cases it means that Comodo issued only the Comodo InstantSSL (Business Validation) certificate, and they did not issue the final “Free EV” certificate that we are expecting to get.

We recommend you to contact Comodo and ask them about the status of your “Free EV” certificate and see if there is anything else that is needed from your side for the “Free EV” certificate to be issued. Many times Comodo will ask you to do call back phone verification process for the Comodo InstantSSL (Business Validation) certificate, which you already did if you got an email from them saying that your certificate was issued. But when you talk to them on the phone, you they will ask you to do another call back phone verification process for the “Free EV” certificate.

You can contact Comodo Validation Department at one of the following two numbers:
– USA: +1 (888) 266-6361 Ext. 4
– International: +1 (703) 581- 6361 Ext. 4

Once you pass the second call back phone verification process for the “Free EV” certificate, your Comodo InstantSSL with Free EV will be issued within 1 business day. This being said, we recommend checking your SSL Dragon account the next day, and you should see your Comodo InstantSSL with Free EV as issued.

bv2bv1You can check whether your SSL Certificate requires Domain Validation, Business Validation or Extended Validation by looking at the attributes of your SSL Certificate. Please open the two screenshots on the right in order to see where you can find the information about the validation type of your SSL Certificate.

 

You have to pass the Extended Validation when you buy a new EV SSL Certificate.

If you buy your EV SSL Certificate for 1 year, then your certificate will be valid for 1 year, and you will have to pass the Extended Validation again in 1 years when you request a new EV SSL Certificate. If you buy your EV SSL Certificate for 2 years, then your certificate will be valid for 2 years, and you will have to pass the Extended Validation again in 2 years when you request a new EV SSL Certificate.

At the same time, the process of completing the Extended Validation is easier the following years, so as the Certificate Authority has more information about your company in their system, based on your previous EV SSL Certificates requests.

There are two options of what an EV SSL Certificate can display in the address bar:
1) The company name only, for example: GPI Holding, LLC [US]
2) DBA (Doing Business As) and the company name, for example: SSL Dragon (GPI Holding, LLC) [US]

Certificate Authorities do not allow customers to display only the DBA in the address bar. Such requests came from many customers over the years, and Certificate Authorities never approved them.

Some Certificate Authorities (especially Comodo and Symantec) may ask you to update or add your phone number to your company’s DUNS listing, as a part of your Business or Extended Validation process.

After you have contacted Dun & Bradstreet and added your phone number to your company’s DUNS listing, it may take between 5 and 40 days for Dun & Bradstreet to make your DUNS listing update available to the public. When you talk to Dun & Bradstreet over the phone, they may tell you that they added or updated your phone number. However, they only initiated process. Your phone number will appear on the Dun & Bradstreet website (https://www.dandb.com/) in about 5 to 40 days after that.

You will know that your DUNS listing has been truly updated, only when you get an email message from Dun & Bradstreet saying that your DUNS profile has been updated successfully. Your phone number will start appearing on your DUNS listing only after you get this email from them. Also, Certificates Authorities (such as Comodo and Symantec) can verify your phone number based on your DUNS listing only when your phone number is publicly available. That’s why, you or we should contact the Certificate Authority requesting them to check your DUNS listing only after you get that confirmation by email.

In the past, we asked the Validation Department representatives from Comodo and Symantec to contact Dun & Bradstreet directly, and check our customer’s phone number with Dun & Bradstreet. We did that after our customers told us that they added or updated their phone number on their DUNS listing. Each time, Comodo and Symantec were told by the Dun & Bradstreet representatives that our customers’ DUNS listing update is “in progress” and “has not been completed yet”, and were advised to get back to Dun & Bradstreet when the customers receive an email message from Dun & Bradstreet which confirms them that their DUNS listing was updated.

If 5-40 days is too much to wait, we recommend you to go with other methods of validating your company and phone number, such as providing a legal letter written by a notary, an attorney, or a certified public accountant. This method will allow you to pass the Business or Extended Validation within 1-2 days.

EV SSL Certificates issued by GeoTrust, Thawte and Symantec have a quicker and easier Extended Validation process compared to those issued by Comodo.

With GeoTrust, Thawte and Symantec, the Certificate Authority does most of the company validation process all by itself, and in rare cases requires the customers to provide additional information and legal letters signed by a notary, certified public accountant, or an attorney.

On the other side, Comodo relies a lot on the customer to provide all the information about his/her company, as well as updating the company’s DUNS listing (on the Dun & Bradstreet website) and providing legal letters signed by a notary, a certified public accountant, or an attorney.

You can read what the Extended Validation process with these different brands consists of at this link.

To add your Company Name and TAX/VAT number, you have to login into your SSL Dragon Account and follow these steps:

  1. Click on the “Hello, *Your Name*” button on the right top side of your account dashboard and select “Edit Account Settings”;
  2. On the ‘My Details’ page, you will find the ‘Company Name’ and ‘Company TAX/VAT ID’ field;
  3. Fill in these fields with the necessary information then click on ’Save Changes’. 

After you perform the above steps, your SSL Dragon account and all your invoices will be automatically updated with this information.

SaveSave

If you are still wondering what are the main benefits of each validation type (Domain Validation (DV), Business Validation (BV), and Extended Validation (EV)) and why you should choose one vs. another, then this is the right FAQ for you. Each of these SSL Certificate types was created having in mind a certain customer trust level:

  • BasicDomain Validation SSL Certificates – created for customers who aren’t interested in showing their company name and address in the SSL Certificate – either because they don’t need/want to or simply because they just don’t have a company. They only need to get the SSL Certificate very quickly in order to secure their domain name with HTTPS and have all web and mobile browsers display their website as “Secure”.
  • MediumBusiness Validation SSL Certificates – designed for clients who want to display their company’s name in their SSL Certificate’s details in order to ensure their customers that their business is real and trustworthy. BV SSL Certificates also allows you to display on your website a site seal provided by the third party Certificate Authority which proves that your SSL Certificate was issued to your company’s name and address.
  • Top Extended Validation SSL Certificates   developed for clients for whom users’ trust is highly important and they want to have a green address/URL bar that displays the company’s name on all web and mobile browsers (along with making this information visible in the SSL Certificate’s details). EV SSL Certificates also provide the site seal which proves that your SSL Certificate was issued to your website, company’s name and address but these certificates have the topmost trust level because they show your customers, prospectors, and visitors that your website is highly secure and that their information is always protected.

Now that you know the main differences between Domain Validation (DV), Business Validation (BV), and Extended Validation (EV) SSL Certificates, it should be much easier for you choose the one that fits you the best.