SIGNIFLOW

Discover our signature platform: sign and request signature for your PDFs in a fex clicks!

JOIN OUR AFFILIATE NETWORK

Join our affiliate network
and become a local SSL expert
Learn more about our program

PRODUCTS TO DISCOVER

SSL certificates Invoice signature eIDAS certificates Signature software

Menu
picture of tbs certificates
picture of tbs certificates
Certificates
ALL CERTIFICATES
SSL Extended Validation SSL Standard RGS certificates eIDAS certificates SSL ECC SSL wildcard SSL Multiple sites / SAN Quick and Dirty SSL
Specific certificates VMC certificates
E-signature Strong authentication S/MIME certificates
Test certificates PKI Solutions Trust Seals
SigniFlow: the platform to sign and request signature for your documents
Signature software
Our products range
TBS X509 DigiCert Thawte Sectigo GlobalSign GeoTrust Certigna ChamberSign SigniFlow Harica
Partners
Client login Customer accounts Open an account
Support
FAQ SHA256: Browsers' compatibility ECC: Browsers' compatibility
Focus
Invoices dematerialization
We now provide solutions compliant with RGS** and eIDAS qualified standards for invoices signature and time stamping. Further information


Detailed presentation of Extended Validation certificates

EV presentation as of march 15, 2007

In 2007 a new generation of SSL certificates is launched: EV certificates.

Those certificates bring along a new user experience in new browsers such as IE7.

WHY EV?

EV stands for Extended Validation. Those certificates have been designed by the CA/Browser Forum, a college of main editors of web browsers (Microsoft, Mozilla fondation, Opera, KDE) and the main WebTrust certification authorities (Sectigo, Thawte, DigiCert). The forum defined a standard for certificates issuance validation procedures (audit).

Before the standard, each certification authority defined its own criteria regarding certificates issuance in compliance with the relatively flexible WebTrust standard. There were strong differences between 3-factor (organization, domain, phone number) and 1-factor products (domain-validated). TBS INTERNET chose not to sale 1-factor certificates considered as dangerous (phishing). Unfortunately current browsers do not allow users to see the difference between those 2 kinds of certificates.

EV IMPLEMENTATION

Industry then chose to create a new class of certificate. The validation procedure for these certificates is standardized, meaning that each certification authority process an audit with a common bill of specifications, publicly available on http://www.cabforum.org/. The final user can have guarantees about the validation quality, no matter the certification authority.

Of course not anybody can be CA. To deliver EV certificates, AC have to pass a specific audit that lead to the addition of a specific root certificate in new browsers. Currently IE7 implements this technology (but represents 30% of web browsers market) and Microsoft has approved several CA for EV certificates issuance.

The other members of the CA/B Forum have planned to integrate the specific EV display in their oncoming version (Firefox 3). So what visual changes in IE7?

VISUAL CHANGES

When IE7 connects to a site secured by an EV certificate, it enforces the green bar display with a marching area indicating the name of the organization owning the certificate and the name of the delivering CA. The user automaticaly see the difference and is aware of a different behavior.

You'll find a screenshot here:
http://www.tbs-certificats.com/comparatif_certificat_serveur_ssl_ev.html.fr

This green bar is part of a colour coding introduced by Microsoft: white for a normal site, yellow for a site potentially dangerous and red for a phishing site.

Microsoft already communicated about the security enhancement in IE7.

EV, FOR WHOM?

EV certificates are designed for organizations using e-commerce and that are targeted by phishing: banks, big cyber merchants... The green URL bar allow the user to identify a trusted website. The certificate owner display guarantees he actually on the wanted website not on a phishing one.

Clearly, all website that must have users trust should have an EV certificate. It is the higher trust level currently available.

There also is a competitive advantage. The trust increase, the decrease of abandonned carts and the rise of turnover. EV certificate shows your interest in the security of your users data. ROI is quick.

THE OFFER

TBS INTERNET is the first certificate broker in the world to supply this kind of certifictes.

EV products from DigiCert, Thawte and Sectigo are now available on our public website and on your customer interface.

We've been trained to EV procedures. Verifications are clearly reinforced. the principes remains the same but with less liberty.

Here is a summary of the constraints:
  • Only some kinds of organizations and public administrations can get an EV certificate (and they must be more than 3 years old)
  • The corporate contact must be one of the organization manager and must appear on the Kbis
  • The domain must be owned by the exact same organization (no domain release letter)
  • The organization must be listed on the universal directory (the company in which works the administrative contact must appear in the directory)
  • The O (organization) field of the CSR must contain the exact name of the organization and the C (country), L (location) and ST (state) fields must be the reflects of the organization situation as registered (directory)
  • The organization must be correctly indexed in Duns & Bradstreet
Of course, TBS INTERNET is here to assist you and follow the audit process, particularly to determine if your organization is eligible or to help you become eligible. Our prestations quality is essential to get those certificates.

EV certificates are available in 1 or 2 years valid versions and in 40- and 128-bit guaranteed versions. You can compare all of our EV certificates here:
http://www.tbs-certificats.com/comparatif_certificat_serveur_ssl_ev.html.fr

The audit process being much longer, wa cannot guarantee any delivery time but a week is required at least.

THE TECHNIC

Some technical aspects:

  • EV certificates are compatible with software handling X509v3 standard including crossed certification. Almost all products are compatible, here is a list of software having issues:
    http://www.tbs-certificats.com/FAQ/fr/37.html
  • EV certificates display the green URL bar in IE7 under Vista and XP (an update is required though).
  • EV certificates enable encryption on older browsers. IE 5.01 and higher Netscape 4.77+, Mozilla/Firefox/SeaMonkey/Camino and Safari enable SSL normaly, it is more 97% of web browsers. More details here:
    http://www.tbs-certificats.com/comparatif_certificat_serveur_ssl_ev.html
  • Installing an EV certificate is not any more complexe than a standard one but the certification chain has to be correctly installed. Our installation guides will help you do it, and our certificate installation checking tool allow you to make sure of it (available on your certificate status page).
This kind of certificate is the future of e-commerce, benefit from it now!