Extended Validation SSL



Similar documents
Extended Validation SSL

VeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government.

Certification Practice Statement of CERTUM s Certification Services

Certification Exam or Test shall mean the applicable certification test for the particular product line or technology for which You have registered.

EV Multi-Domain Certificate Enrollment Guide

FAX-TO- END-USER LICENSE AGREEMENT

VERISIGN OPENHYBRID CLOUD SIGNALLING API SPECIFICATION

Real Estate Agent Website Linking Agreement

Rethinking Schools Limited Institutional Site License

Provider secure web portal & Member Care Information portal Registration Form

TRADEMARK AND DOMAIN NAME AGREEMENT

Web Site Development Agreement

Thawte SSL Certificate Enrollment Guide

RELOCATEYOURSELF.COM B.V - TERMS OF USE OF SERVICES

Covered California. Terms and Conditions of Use

"Certification Authority" means an entity which issues Certificates and performs all of the functions associated with issuing such Certificates.

.uk Registration Agreement

Canadian Pharmaceutical Distribution Network Certificate Authority Services Agreement. In this document:

Trademark, Domain Name and Social Media Assignment and Transfer Agreement

Provider Web Portal Registration Form

TERMS AND CONDITIONS OF

Terms of Service. Your Information and Privacy

This is a legal agreement ("Agreement") between the undersigned (either an individual or an entity)

Capitalized terms not defined below shall have the meaning given to them in the applicable CP/CPS, unless the context requires otherwise.

Web Drive Limited STANDARD TERMS AND CONDITIONS FOR THE SUPPLY OF SERVICES

Online Study Affiliate Marketing Agreement

TEXTURA AUSTRALASIA PTY LTD ACN ( Textura ) CONSTRUCTION PAYMENT MANAGEMENT SYSTEM TERMS AND CONDITIONS OF USE

Dennemeyer & Associates Terms and Conditions for Trademark Clearinghouse Services

ADP Ambassador /Referral Rewards Program. Terms and Conditions of Use

The name of the Contract Signer (as hereinafter defined) duly authorized by the Applicant to bind the Applicant to this Agreement is.

Domain Registration Agreement

Terms & Conditions Template

d. Members shall not conduct their business in a manner which tends to bring either BRBA or the BMF or its membership into disrepute.

These TERMS AND CONDICTIONS (this Agreement ) are agreed to between InfluencersAtWork,

Certification Practice Statement for Extended Validation Certificates

CENTURY 21 CANADA LIMITED PARTNERSHIP WEBSITE TERMS OF USE

ADP Ambassador / Referral Rewards Program Terms and Conditions of Use

Acquia Certification Program Agreement

DIcentral CORPORATION Online Subscriber Service Agreement

ZIMPERIUM, INC. END USER LICENSE TERMS

Simple DCP Terms of Service

Rollstone Bank & Trust Business Online Bill Pay Agreement

(This agreement is in rich text format and appears in a scrolling text box once you ve reached

GENOA, a QOL HEALTHCARE COMPANY WEBSITE TERMS OF USE

How To Use Etechglobal Online Store

AMERICAN INSTITUTES FOR RESEARCH OPEN SOURCE SOFTWARE LICENSE

AGREEMENT BETWEEN USER AND Global Clinical Research Management, Inc.

Understanding the Registration Process ACES Business Representative Certificate

SMARSH WEBSITE & HOSTING REPRESENTATIVE TERMS & CONDITIONS

Getting Started with PayPal Manager

domain name database. DCC shall not be obligated to refund any fees paid by Registrant if Registrant terminates this Agreement.

Gandi CA Certification Practice Statement

This Agreement (herein after called "Agreement") is made on the day of, 20 in by and between:

New Security Features

AcroTime Workforce Management Time & Labor Human Resources Payroll Service Terms and Conditions

you. This warranty gives you specific legal rights, and you may also have other rights that vary from state-to-state.

Quartz Legal Terms and Conditions

AGREEMENT BETWEEN USER AND International Network of Spinal Cord Injury Nurses

TrademarkAuthority Legal Services Engagement Agreement

ELECTRONIC TRADING FACILITIES SUPPLEMENTAL TERMS AND CONDITIONS OF TRADING

The Credit Control, LLC Web Site is comprised of various Web pages operated by Credit Control, LLC.

NOTE: SERVICE AGREEMENTS WILL BE DRAFTED BY RISK SERVICES SERVICE AGREEMENT

Automatic Recurring Payment Application

Privacy Policy and Terms of Use

Application to access Chesters Trade

ECLIPSE FOUNDATION, INC. MEMBERSHIP AGREEMENT

CENTRAL SAVINGS BANK BUSINESS INTERNET BANKING AGREEMENT

Fuel Express Commercial Fleet Card Application

Evaluation, Development and Demonstration Software License Agreement

Definitions. Broker means Veda Advantage Information Systems and Solutions Limited;

WEBSITE TERMS & CONDITIONS. Last updated March 27, 2015

Amazon Trust Services Certificate Subscriber Agreement

MTS GUI LICENCE SCHEDULE TO. MTS Data Terms & Conditions End Customer; or. MTS and EuroMTS Membership Documentation; or. MTS Registered ISV Agreement

Terms and Conditions for Tax Services

How To Write A Contract Between College And Independent Contractor

Purchase and Import a Signed SSL Certificate

DEFINITIONS. "this web site" means "user" means any person accessing any part of this web site DISCLAIMER

LIBERTY BANK ONLINE BILL PAYMENT ( BILL PAYMENT SERVICE ).

If you are in full agreement with the document, kindly return the signature page at the end of the documents

Business Partner Program

Terms of Use & Privacy Policy

CA/Browser Forum. Guidelines For The Issuance And Management Of Extended Validation Certificates

Kaiser Permanente Affiliate Link Provider Web Site Application

GlaxoSmithKline Single Sign On Portal for ClearView and Campaign Tracker - Terms of Use

TERMS & CONDITIONS: LIMITED LICENSE:

International Payment Service Terms and conditions

NOTE: BY CLICKING TO AGREE AND BY USE OF THIS SERVICE YOU ARE CONCLUDING A LEGALLY BINDING AGREEMENT. READ CAREFULLY.

All copyright, trade mark, design rights, patent and other intellectual property rights (registered or unregistered) in the Content belongs to us.

Clearinghouse Validation Terms and Conditions for Trademark Agents

Transcription:

AUTHENTICATION GUIDE Extended Validation SSL Authentication Requirements VeriSign, Inc.

Copyright 2007 VeriSign, Inc. All rights reserved. The information in this document belongs to VeriSign. It may not be used, reproduced or disclosed without the written approval of VeriSign. DISCLAIMER AND LIMITATION OF LIABILITY VeriSign, Inc. has made efforts to ensure the accuracy and completeness of the information in this document. However, VeriSign, Inc. makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. VeriSign, Inc. assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document. Further, VeriSign, Inc. assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. VeriSign Inc. reserves the right to make changes to any information herein without further notice. TRADEMARKS VeriSign, the VeriSign logo, VeriSign Trust Network, and other trademarks, service marks, and logos are registered or unregistered trademarks of VeriSign and its subsidiaries in the United States and in foreign countries. Other trademarks and service marks in this document are the property of their respective owners. 2 VeriSign, Inc.

Table of Contents 1. Overview of Extended Validation Requirements... 4 2. Submitting the Acknowledgement of Agreement... 4 3. Submitting a Lawyer Opinion Letter... 4 4. Organization Authentication Requirements... 5 5. Domain Authentication Requirements... 5 6. Organizational Contact Authentication Requirements... 6 7. Order Verification Requirements... 6 8. Related Links... 7 A. Acknowledgement of Agreement for VeriSign Extended Validation SSL Certificates... 8 B. Lawyer Opinion for VeriSign Extended Validation SSL Certificates... 9 VeriSign, Inc. 3

1. Overview of Extended Validation Requirements Extended Validation (EV) SSL Certificates help achieve the highest level of consumer trust through the strictest authentication standards of any SSL certificate. Extended Validation authentication guidelines require VeriSign to obtain and verify multiple pieces of identifying information about EV SSL Certificate applicants. To ensure your EV SSL Certificate request is processed quickly, review and provide the authentication documents described below. Authentication Requirements Summary 1. Have the Organizational Contact (identified in the EV certificate order) sign and submit the Acknowledgement of Agreement form. 2. Review all other authentication requirements to ensure your order can be expediently processed. 3. To expedite your order: Complete and submit the Lawyer Opinion letter with valid order detail information. - or - Register your business with Dun & Bradstreet at http://www.dnb.com/us or 1-800-234-3867. 2. Submitting the Acknowledgement of Agreement REQUIRED: Your Organizational Contact must acknowledge and sign the Acknowledgement of Agreement and fax or mail it to VeriSign. The Acknowledgement of Agreement is found on page 8. Fax or email the signed form to: 1-650-961-8870 ev-support@verisign.com 3. Submitting a Lawyer Opinion Letter The Lawyer Opinion letter verifies certificate and organization details and may enable faster issuance of your certificate. VeriSign must be able to confirm the following regarding the Lawyer Opinion letter: + The letter must be from a lawyer, solicitor, barrister, advocate, or equivalent licensed to practice law in the country of the requesting organization s jurisdiction of incorporation, or in any jurisdiction where the organization maintains an office or physical facility. 4 VeriSign, Inc.

+ VeriSign must be able to verify with the appropriate authority that the lawyer is registered in the appropriate jurisdiction. + VeriSign must be able to verify the opinion letter directly with the lawyer. The Lawyer Opinion letter is found on page 9. Fax or email the completed letter to: 1-650-961-8870 ev-support@verisign.com 4. Organization Authentication Requirements To qualify for an Extended Validation SSL Certificate, the organization requesting the certificate must be registered as a corporation or equivalent with the appropriate government agency in its country of jurisdiction. VeriSign must be able to confirm all of the following organizational registration requirements: + Official government agency records must include: + The organization s registration number or the organization s date of registration/incorporation. + The organization s registered address (or the address of the organization s registered agent). + A non-government data source (such as Dun & Bradstreet) must include the organization s place of business address, phone number, and Officer/Director information (as identified in the order). + If the organization has been registered for less than 3 years, VeriSign must verify operational existence through one of the following means: + Through a non-government data source (such as Dun & Bradstreet) - or - + By verifying the organization has an active demand deposit account (such as a checking account) with a regulated financial institution through a lawyers opinion letter or directly with the financial institution. 5. Domain Authentication Requirements To qualify for an Extended Validation SSL Certificate, domain registration details must reflect the full organization name as included on the certificate request. + The domain must be registered with ICANN or IANA registrar (for CCTLDs). + Where domain registration does not reflect the organization name as identified in the certificate request, positive confirmation of the organization's exclusive right VeriSign, Inc. 5

to use the domain name is required from the registered domain administrator or with a Lawyer Opinion letter. + The Organizational Contact must confirm knowledge of the organization s domain ownership during the verification call. + Where domain registration is private, the domain registrar is required to unblock the privacy feature. 6. Organizational Contact Authentication Requirements To qualify for an Extended Validation SSL Certificate, the Organizational Contact identified in the certificate request must be employed by the requesting organization and have appropriate authority to obtain and delegate Extended Validation certificate responsibilities. Note: Employment and authorization cannot be verified through the organization s Web site. Note: If the Organizational Contact identified in the certificate request is listed in government records as a corporate officer (such as Secretary, President, CEO, CFO, COO, CIO, CSO, Director, or equivalent), then the Organizational Contact s employment and authorization are deemed approved. VeriSign must be able to confirm all of the following Organizational Contact requirements: + Organizational Contact s identity, title, and employment through an independent source. + Organizational Contact is authorized to obtain and approve EV certificates on behalf of the Organization and to delegate this authority to others. This can be verified through one of the following methods: + A Lawyer Opinion letter + Directly contacting the CEO, COO, or similar executive at the Organization to confirm the authority of the Organizational Contact. If no public records are available regarding the CEO, COO, or other executive, VeriSign will contact the Organization s human resources department for contact details. 7. Order Verification Requirements As part of processing an Extended Validation SSL Certificate, VeriSign must verify the certificate request and all certificate details with the Organizational Contact identified in the certificate request. VeriSign must contact the Organizational Contact using an independently-obtained telephone number (not the telephone number provided in the order). 6 VeriSign, Inc.

VeriSign will obtain the telephone number through one of the following methods: + By researching qualified telephone databases to find a telephone number. Ensure your Organization s primary telephone number is listed in a public telephone directory. + As provided in a Lawyer Opinion letter. + As confirmed during a site visit conducted by VeriSign. During the verification call, VeriSign must verify the following with the Organizational Contact: + The name of the technical contact identified in the certificate request and his or her authority to obtain the Extended Validation certificate on behalf of the Organization. + Knowledge of the Organization s ownership and right to use the domain identified in the certificate request. + Approval of the Extended Validation SSL Certificate request. + Acknowledgement of signature on the Acknowledgement of Agreement 8. Related Links For additional details on Extended Validation SSL and authentication requirements, go to: Extended Validation SSL FAQ http://www.verisign.com/ssl/ssl-information-center/faq/high-assurance-ssl.htm Guidelines for Extended Validation Certificates http://www.cabforum.org Generating a CSR http://www.verisign.com/support/ssl-certificates-support/page_dev019431.html VeriSign, Inc. 7

A. Acknowledgement of Agreement for VeriSign Extended Validation SSL Certificates Instructions This acknowledgement of Agreement must be signed by the Organizational Contact for your EV certificate order, who is authorized by your Organization to approve EV certificate requests. VeriSign must independently verify the authority of the Organizational Contact. This signed Acknowledgement Agreement must be submitted to VeriSign at: Fax: 1-650-961-8870 Email: ev-support@verisign.com VeriSign cannot issue your order until receipt of this signed Acknowledgement of Agreement. I,, [Name of Organizational Contact] have read and confirm my acceptance, on behalf of [Organization Name], of the VeriSign SSL Certificate Subscriber Agreement version 4.0, which includes all Extended Validation terms and conditions, a copy of which is available at www.verisign.com/repository/agreements/serverclass3org.html. In requesting this Extended Validation Certificate and accepting this agreement on behalf of my Organization, I confirm that I have been granted the authority to accept these terms on behalf of my Organization, to approve EV certificate requests, and have the right to use the domain names submitted on the certificate application. Full name of Organizational Contact: Signature: Title: Date: Place of signing: 8 VeriSign, Inc.

B. Lawyer Opinion for VeriSign Extended Validation SSL Certificates To: Re: VeriSign, Inc, Fax: 1-650-961-8870 Email: ev-support@verisign.com [May be sent by fax or email attachment] EV Certificate Order Number: < order number> Client: <Exact Organization Name of Client 1 > Organizational Contact: <Exact name of Organizational Contact who signed the Acknowledgement of Agreement> Instructions 1. This letter must be completed by your legal counsel, who must be properly registered with the appropriate authorizing agency of his or her jurisdiction. Attached is a Legal Cover Letter. 2. If you are unable to attest to any fact below, you may indicate so by striking a line through the relevant section. 3. VeriSign will contact you to verify your legal opinion. Dear Legal Practitioner, You have been asked by your client to provide a legal opinion to aid them in obtaining a VeriSign Extended Validation SSL Digital Certificate. The Extended Validation (EV) SSL Certificate standard is intended to provide an improved level of authentication of entities that request digital certificates for securing transactions on their Web sites. A new vetting format, which all issuing Certification Authorities (CAs) must comply with, ensures a uniform standard for certificate issuance. This means that all CAs must adhere to the same high security standards when processing certificate requests. Because of the heightened assurance level of this product VeriSign must take added steps, as detailed in the industry standard CA/Browser Forum EV SSL Certificate guidelines http://www.cabforum.org/ev_certificate_guidelines.pdf The legal opinion can be used to verify any or all of the following items: Address of the place of business Assumed name of client Telephone number at place of business Exclusive right to use a domain name The name, title, authority, and agency of organizational contact The information above must be verified by you. The Guidelines allow lawyers to include customary limitations and disclaimers for opinion letters in their jurisdiction, provided that the scope of the 1 This must be the Client's exact corporate name, as registered with the relevant Incorporating Agency in the Client's Jurisdiction of Incorporation. This is the name that will be included in the EV Certificate. VeriSign, Inc. 9

disclaimed responsibility is not so great as to eliminate any substantial risk (financial, professional, and/or reputational) to you should the legal opinion prove to be erroneous. An example of such disclaimer language that VeriSign could not accept, other than for the authorization of the Organizational Contact is, We have assumed the accuracy of the oral or written statements and other information of public officials, and officers and representatives of our Client, without having made independent investigation of factual matters. Any such disclaimers of investigation and/or your knowledge of facts could nullify the opinion. Once the opinion letter is submitted, VeriSign will contact the legal board/association that licensed yourself to verify your professional standing. Using the contact information they have on record, VeriSign will then contact you to confirm the accuracy of the opinion. Should you have any questions, please call 1-877-438-8776 (Option 1 twice then Option 2) or 1-650- 426-3400 during normal business hours (Monday-Friday 5:00 am-6:00 pm PST). Thank you, VeriSign Customer Support ev-support@verisign.com I represent the Organization ('Client') that has submitted the EV certificate order ('EV Certificate Order Number') referenced above. I have been asked by my Client to present you with my opinion as stated in this letter. My opinion below is based on my familiarity with the relevant facts and the exercise of my professional judgment and expertise. [Optional: Insert customary preliminary matters for opinion letters in your jurisdiction.] On this basis, I hereby offer the following opinion: 1. [name of Organizational Contact] is employed by my Client as [job title], and has the necessary authority to act on behalf of my Client to: (a) Provide the information about my Client s organization that is required for issuance of the EV Certificate as referenced above (b) Request one or more EV Certificates and to designate other persons to request EV Certificates (c) Agree to the relevant contractual obligations contained in the VeriSign SSL Certificate Subscriber Agreement (d) Confirm ownership of domain(s) to be included in any EV Certificate order. 2. My Client has a physical presence and its principal place of business at the following location: Address: City: State: ZIP/Postal Code: Telephone: [Area Code] [Number] 10 VeriSign, Inc.

3. Client owns or has lawful right to use the domain name [Domain(s) included in EV request] in identifying itself on the Internet. 4. Client has an active current Demand Deposit Account 2 with [name of institution], a regulated financial institution. [Optional: Insert customary limitations and disclaimers for opinion letters in your jurisdiction.] Name: Signature: Date: Jurisdiction(s) where admitted to practice: Contact information for your Bar Association or Law Society: 2 Demand Deposit Account: a deposit account held at a bank or other financial institution, the funds deposited in which are payable on demand. The primary purpose of demand accounts is to facilitate cashless payments by means of check, bank draft, direct debit, electronic funds transfer, etc. Usage varies among countries, but a demand deposit account is commonly known as: a checking account, a share draft account, or a current account. VeriSign, Inc. 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information