Build confidence. Increase Trust. Extended Validation is the new Web standard.

Provide customers the highest level of assurance for Web security possible. CA Extended Validation (EV) Multi-Domain SSL Certificates take advantage of the added visual cues in the newest browsers, such as turning the address bar green in Microsoft® Internet Explorer® (7.0 or newer), Mozilla Firefox (3.0 and newer), Apple Safari, Opera and Google Chrome.


Why EV?

EV SSL certificates have the highest impact on consumers, reassuring them that the site they are visiting is legitimate through visual cues in un-modifiable parts of the browser interface "chrome." For example, today's up-to-date Web browsers display the corporate name with a green background for sites protected by an EV SSL certificate.

These prominent UI changes are now widely accepted and expected by consumers, providing organizations with a proven tool to demonstrate to customers that they take security and privacy seriously.


Migrating to EV is Easy

Already an CA SSL customer? It's easy to upgrade to CA EV Multi-Domain SSL certificates today - and with minimal changes to your existing procedures. Customers using large numbers of EV SSL certificates should consider enrolling in the CA Certificate Management Service to benefit from streamlined validation and the flexibility of the subscription-based approach to certificates.

OV vs DV

The importance of organization validation (OV).

SSL certificate providers employ different methods for verifying the identities of the organization or individual purchasing SSL certificates. Unfortunately, not all validation processes meet the same standards. And it's important to understand the difference.

Certificates verified using organization validation (OV) or extended validation (EV) practices contain the verified name of the entity that controls the website. Certification authorities (CA) issuing these certificates check with third parties to establish the official name of the organization and where they are located.

Importantly, the CA takes further steps to contact the requesting organization to confirm that they did, indeed, request the certificate and that the requester is authorized to receive the certificate on behalf of the organization. When visiting a website using an OV or an EV certificate, the end-user can use the certificate to verify that they are sending their transaction data to the intended recipient.

Wildcard Certificates

Wildcard certificates offer great flexibility to system administrators to minimize management by offering an unconstrained number of sub-domains within one certificate (e.g., *.company.com could represent dev.company.com, marketing.company.com, sales.company.com, etc.).

The Future of Cryptography

CA provides today's innovative organizations the opportunity to deploy hybrid elliptic curve cryptography (ECC) digital certificates or test their applications and services with the advanced ECC standard.

To help promote the deployment and use of ECC-based certificates, CA provides complimentary ECC demo certificates and identities. For organizations ready to improve the performance and strength of their digital certificates, CA offers ECC Hybrid SSL Certificates signed by CA's publicly trusted RSA 2048-bit root.

CA Hybrid SSL Certificates

CA enables organizations to leverage advanced ECC standards to improve the strength and performance of digital certificates today. An option on all CA SSL certificates, CA Hybrid SSL Certificates are ideal for scenarios where server-load performance is critical, and site visitors and the Web/app server are known to be compatible with ECC keys.

Hybrid certificates benefit from the performance of an ECC key combined with the global trust of CA's pre-existing RSA 2048-bit root.



While widespread use of elliptic curve cryptography (ECC) digital certificates is still on the horizon, CA offers a proven method for enjoying many of the benefits of ECC certificates today. CA Hybrid SSL Certificates contain ECC keys signed via CA's globally trusted RSA 2048-bit root.

What is ECC? In short, ECC is a family of public-key algorithms that can provide shorter key lengths and, depending upon the operating platform and the applications for which they are used, may provide improved performance over systems based on integer factorization and discrete logarithms. ECC certificates are compatible with the full suite of CA Authority solutions.

Review the table below to understand the relationship and use of traditional SSL certificates, ECC hybrid SSL certificates and true full-path ECC SSL certificates.

CA SSL Certificates, Powered by SHA-2 Security

Developed by the National Institute of Standards and Technology (NIST), SHA-2 represents the most current set of cryptographic hash functions. At a micro level, SHA-2 is based on a set of four hash functions — 224, 256, 384 or 512 bits — which strengthens the original SHA-1 hash function released in 1995 by the NIST.

To provide more compatibility, CA Certificate Services customers have the choice to sign any CA digital certificate with SHA-1 or SHA-2. And best of all, the option to use this advanced level of cryptography, based on the SHA256 implementation, is offered to CA customers at no extra cost.

In fact, the SHA-2 standard may be used with any of CA's digital certificates, including EV Multi-Domain SSL Certificates, Advantage SSL Certificates, Standard SSL Certificates, UC Multi-Domain SSL Certificates and Wildcard SSL Certificates. SHA-2 is even available with CA's signing and user digital certificates, including Adobe CDS, Secure Email and Code Signing.

Though most organizations won't experience any compatibility difficulties, some older systems — such as those running Microsoft Windows XP SP2 (or older) or outdated Web browsers — are unable to support SHA-2 encryption. In these situations, administrators will need to either use SHA-1 certificates or upgrade these systems to SHA-2-supported configurations.

What is SHA?

SHA, or Secure Hash Algorithm, is one of the foundation algorithms used in public key cryptography. First published in 1993, SHA encryption is organized in a series that continue to evolve but not necessarily built upon its predecessor. To date, the hash algorithms were released as SHA-0 (1993), SHA-1 (1995) and SHA-2 (2001). The next version, SHA-3, is under development and yet to be released.

What's Next for SHA?

While organizations are currently standardizing on SHA-2, cryptographers have been building the foundation of SHA-3 since 2008. Though a SHA-3 release date has not been announced, theNIST is sponsoring an open competition to develop the next hash algorithm.

Only five SHA-3 hash entries advanced to the third and final round. Scheduled for early 2012, a final candidate conference will take place to discuss community feedback and findings. The next SHA-3 cryptographic hash algorithm is expected to be announced in late 2012.