EV SSL - the antidote for SSLStrip attacks

EV SSL allows software to authenticate strongly in ways which defeat the SSLStrip attack. We saw that with conventional certificates, especially domain-validated certificates, there is no reliable information to back up the authentication of the domain name. To address this critical problem, certificate authorities and software companies joined to form the CA/Browser Forum4 and promulgate a new standard called EV SSL for Extended Validation SSL.

EV SSL defines rules for who can qualify for such a certificate and the procedures a CA must follow in order to validate the information. For instance, they must validate that the organization exists as a legal entity, that any organization names are legal names for that organization, and that the applicant is authorized to apply for the certificate.

EV SSL allows software to authenticate strongly in ways which defeat the SSL Strip attack.; see Figure for an illustration The fields in the certificate generally ignored by conventional SSL implementations, such as organization name, are required in EV SSL and can be checked every time. This second-level of authentication ensures that the parties know exactly with whom they are communicating. Since certificates contain organization names that have been verified, users and applications that rely on EV SSL Certificate can verify the actual owner of the certificate with confidence 

EV SSL enables software to authenticate strongly in ways which defeat the SSLStrip attack. In addition to the domain name, the fields generally ignored by conventional SSL implementations, such as organization name, are required in EV SSL and can be checked reliably every time. This second-level of authentication ensures that the parties know exactly with whom they are communicating.

The specification is also clear about the information that must be provided by the applicant. Other rules are more restrictive than with conventional SSL. For instance, wildcard certificates, the type that make null character attacks even more dangerous, are not allowed in EV SSL.

EV certificates are also limited in lifetime relative to conventional certificates: the maximum validity period is 27 months. This ensures “freshness” of the information in the certificate.

In addition to collecting a proper EV Certificate request, containing much organization information including the jurisdiction of incorporation, and a signed subscriber agreement, the CA is required to verify that the organization exists and operates at the locations specified in the request. They may go to government sources for this. They have to verify that the entity exists at the physical address they specify. For business organizations a face-to-face verification of the principal individual in the entity is required.

The requirements go on and on for 93 pages. It would be very hard to get a fake EV certificate.

EV certificates enable strong authentication

Standards also specify what software needs to do in order to authenticate a party based on a certificate. Unlike the loose conventions which developed around conventional SSL, these rules must be followed for EV.

When encountering an EV certificate, a program must confirm first that the CSP (Certificate Service Provider), meaning the certificate authority who issued the EV certificate, is authorized to issue such certificates. Each CSP has a unique EV policy identifier associated with it which must be compared to the identifier in the end-entity certificate.

Applications that use EV certificates properly need to embed CSP root certificates in order to confirm that certificates they encounter are issued by trusted roots. Required procedures for CSPs to work with application developers, including providing test facilities, are defined by the CA/Browser Forum.

“Relying applications [clients authenticating certificates] must provide adequate protection against malign threats to the integrity of the application code and the CSP root.” This is the sort of requirement that needs some history to fully-define itself, but basically it puts the onus on application developers to take care to write secure code.

The rules state that applications must be able to handle key strength of symmetric algorithms of at least 128 bits.

Applications are required to check for revocation of the certificate before accepting it. The application should support both CRL and OCSP, although OCSP is clearly the wave of the future and the only scalable approach. (In his presentation Marlinspike suggests a method for bypassing OCSP by returning a “Try again later” code, in which case the application typically gives up and authenticates. The EV rules state: “If the application cannot obtain a response using one service, then it should try all available alternative services.” This precludes the lazy behavior described by Marlinspike.)

Once all of these requirements have been met and the fields in the certificate match those expected by the application, then it may proceed.

Implementation considerations

Adopting EV SSL is not simply a matter of buying and using an EV SSL certificate. Client software has to know to look for an EV SSL certificate and to follow the rules for implementing EV SSL authentication .

Fortunately, it’s not difficult programming, but it needs to be done potentially with in-house as well as with 3rd party client software code. But the work is the same in all places. If you are well-organized about your certificates then it will be straightforward work. And many products, including current Windows versions, support EV SSL out of the box.

SSLStrip attack could be used against server-server communications with the potential for mass-compromise of confidential data

Advances in attacks on network security over the last few years have led to many high-profile compromises of enterprise networks and breaches of data security. A new attack is threatening to expand the potential for attackers to compromise enterprise servers and the critical data on them. Solutions are available, and they will require action by company officers and administrators.

“SSLStrip” and related attacks1 were among the highlights of the July 2009 Black Hat show in Las Vegas2. Researcher Moxie Marlinspike3 combined a number of discrete problems, not all related to SSL, to create a credible scenario in which users attempting to work with secure web sites were instead sent to malicious fake sites. One of the core problems described by Marlinspike is the ability to embed null characters in the common name field of a certificate, designating a domain name. This can be used to trick software, web browsers for example, into recognizing a domain name different from the complete field name. The result is that software, and users, are misled as to the actual domain with which they are communicating.

SSLStrip has not lacked for press coverage, but the analysis has focused on the consumer or end user with a browser. The use of SSL in embedded applications, including server-server communications, presents an even more ominous scenario. This is because SSLStrip attack could be used against server-server communications with the potential for mass-compromise of confidential data.

This spoofing problem is solved by proper use of Extended Validation SSL certificates for authentication. Moving certificate-based enterprise authentication to EV SSL would therefore protect an organization against this form of attack.

SSL authentication is most famous for providing secure web access to sites with sensitive information, such as banks, but it has many applications. It is commonly used, for example, as a means for parties in a machine-to-machine, typically serverserver conversation to verify each other’s identity; see Figure A for an illustration.

The recent revelation of a new attack against SSL threatens these server-server communications. An attacker who gains access to the network could use the attack to spoof the identity of a critical server and thereby gain unauthorized access to critical data.

Since EV SSL Certificates contain only authenticated organization information, businesses can employ EV SSL and require the organization information to match the expected values before allowing access to mission critical applications. In this scenario the intruder using the new attacks will fail to gain access because it will lack the presence of the EV certificate, the correct organization information, or both. 

It is possible to trick the client into seeing the name it expects, when the actual domain name in the certificate is that of a malicious site

The main weakness with conventional SSL certificates is that there are no standards for their issuance, nor any rules for what the fields in them are supposed to mean and which are required for authentication.One implication is that client applications, called relying parties, cannot have confidence that the organization listed as the owner of the certificate is in fact that owner. This follows all the way up the chain until the relying party reaches a trusted root.

In fact, the least expensive SSL Certificate, domain-authenticated certificates, don’t even authenticate an organization, merely an internet domain. Users can tell precious little from them about those with whom they are doing business.

Marlinspike’s SSLStrip attack demonstrated the combination of several attack techniques to exploit the above weaknesses and fool users / client applications into thinking they were using a trusted site / server, when in fact they were using a fake version of that site / server. He combined a number of techniques, including “man-in-the-middle,” fake leaf node certificates and the null character attack. 

Null characters in a domain name

The key threat Marlinspike discloses is the use of null (zero value, often designated ‘\0’) characters embedded in a domain name.

Online purchase of inexpensive “domain-validated” SSL Certificate is so automated that it’s often possible to buy one with an embedded null character. For example - \0thoughtcrime.org. In the attack, the domain name of the certificate is combined to the right of the domain name to be spoofed, for example, “www.verisign.com\0thoughtcrime.org”. (Thoughtcrime.org is a domain owned by Marlinspike and used by him in his examples.)

Most software treats the null character as a string terminator. So when SSL client software reads the certificate domain name in the example it will stop at the null and treat the certificate as valid for www.verisign.com as issued by the certificate authority.

Null-stripping

Two SSL implementations, the Opera and Safari browsers, defeat this specific attack by stripping null characters from the Common Name. Thus, in the example above, the comparison will be to www.verisign.com.thoughtcrime.org and it will fail. But Marlinspike claims that some certificate authorities can be tricked with the same vulnerability in a way that makes null-stripping itself a vulnerability. In his example, he buys a certificate for sitekey.ba\0nkofamerica.com. Presumably he owns nkofamerica.com. When this name is presented to Opera or Safari it will display his attack site as sitekey.bankofamerica.com, the login page for that bank.

Man-in-the-middle

If you’re on the same local network as the server you are compromising, Marlinspike’s techniques make it very possible to perform the man-in-the-middle attack; see Figure B for an illustration. A number of popular techniques exist for this: A rogue wireless access point is one, or DNS or AARP cache poisoning.If you’re not on the same network then you need to get there, which you can do most likely by installing malware on a relatively less-secured system on the same network. The attacks which make this possible are legion.

Damage potential in server-server environments

The damage potential of this attack in a server-server communication scenario, such as database servers synchronizing across a WAN, is substantial.

Such servers commonly use SSL to authenticate each other. A malicious user on the network could spoof that authentication using the techniques described above. One that authenticated as a database mirror could capture the entire database including, if it’s stored on the server, privileged information and confidential customer data.

Source URL:- http://extendedvalidationsslcertificates.com/

Getting snatch - What Wildcard SSL Certificate Help you?

If you are with security industry or e Commerce business you aware that SSL Certificate Reseller or provider only allow on domain to install ssl certificate. In the sense if you buy SSL Certificate for domain name xyz.com you can’t use it for abc.com domain name. Most of people have one domain name but what about that have more than one domain name. Like e commerce person have more than one domain for different types of business or have different domain and sub domain for different purpose. For that Wildcard Certificate helps to you.

When you think to buy ssl certificate for each domain name than problems come when you have to maintain all separately and renew and all other problems. But in Wildcard SSL Certificate you can install it on main server where your site is hosted. It is secure all your So, Wildcard SSL Certificate is Good news to secure unlimited subdomains as you want

What exactly is a Wildcard SSL?

We should first understand what wildcard means before going any further with wildcard certificates. A wildcard is usually represented by an asterisk (*). In computer terms, it’s a symbol that stands for substitution by any other string or character. In other words, an asterisk symbolcould mean any other word. In our case, *.example dot com is used to represent all subdomains of example dot com: mail.example dot com, user.example dot com, news.example dot com, shop.example dot com etc.

The “Common Name” field in an SSL certificate indicates the domain in which the certificate will be used. Wildcard Certificates are basically certificates with wildcards in the Common Name, like *. bigbusiness dot com. If, in the future, you choose to get a wildcard certificate, you will be asked to supply the Common Name.

Benefits to Wildcard Certificates

The most obvious benefit to using wildcard certificates is to slash in costs. Typical SSL certificates at $150 each may be fine for people who need SSL on only a few subdomains, but what about five subdomains? That’s $750! Wildcard certificates cost about $600, and if you run a big website with ten subdomains, you will save about $900. The websites of big companies will sometimes need SSL on over 30 subdomains.

Wildcard Certificates are popular for another reason – manageability. It’s a daunting task to purchase, set up, and annually renew a dozen or so SSL certificates. It’s an especially daunting task to the person managing the SSL certificates and errors may easily abound. Fixing errors will cost you time, and with websites, downtime costs a lot of money. Compare all of that hassle to having to worry about just one wildcard certificate. Managing just one certificate is a much simpler task. Errors are easily minimized.

Wildcard Certificate Drawbacks

As you may expect, there are some drawbacks to using wildcard certificates. The first among them is security. Big websites are usually run by multiple servers, and by sharing one wildcard certificate, they share a single private decryption key. Let’s say that one of the servers is compromised and a hacker gains access to the decryption key. That hacker now has the ability to read all encrypted messages that are sent to and from the server.

Let’s say the wildcard certificate is revoked. All subdomains that use the same certificate won’t be able to properly function. You will be forced to put your website on down time until you get the wildcard certificate working again, or you get new SSL certificates for every single subdomain that needs SSL security.

Finally, you should know that you cannot get wildcard certificates with Extended Validation SSL (EV). What is EV in the first place? It’s a set of stringent rules that certificate providers use when approving applications for SSL certificates. EV SSL was meant to increase public confidence in SSL. The Common Name field is not allowed to have wildcards according to EV rules. Also note that you won’t get the green address bar feature with wildcard certificates, since it only works with EV Certificates.

Who Actually Sees the Green Bar for EV SSL Certificates?

We’ve received a few support questions as of late asking about who can or cannot see the green bar and company name in a web browser that accompanies an EV SSL certificate. An EV SSL certificate is one where your organization’s identity is confirmed as legitimate. In return, web browsers that go to secure pages protected by an EV cert will display the URL address bar in green, and display the full company name as well.

Although the majority of web browsers and operating systems will display these security enhancements (more than 75% according to Tim Callan of VeriSign) , there are a few gotchas / situations to be aware of…

Internet Explorer 6 and Firefox 2.x – No native support

If you or your customers are one of the few percentage of people still running Internet Explorer 6 or Firefox 2, then you’re out of luck. There is no native support in either of these old browsers for displaying the green bar for an EV certificate.

The green bar functionality could be added to either browser via a plugin, but it’s not likely many users who are still running ancient versions would have this plugin installed. Fortunately, less than 10% are using IE6, and less than 1.5% are using FF2 (W3Counter, March 2010).

Internet Explorer 7 with Windows XP – a little tricky

Although IE 7 does natively support the green bar, those using Windows XP as their operating system may not see the bar for a few reasons:

• The Phishing Filter is disabled (Tools -> Phishing Filter)

• Any insecure items on a secure page, or certificate errors (intermediate, etc…) will disable the green bar

• The user has not applied the Windows update for an updated “root certificate”

Internet Explorer 8 with Windows XP – SmartFilter

For Windows XP users using IE8 as their browser, there is a little known requirement for the green bar to appear:

• The SmartScreen Filter feature in IE8 must be enabled (Tools -> Options -> Advanced)
  (or right click the little square at the bottom right of the screen next to the globe)
• 
  

Vista, Windows 7, with IE7+, FF3 – No problem

For these more modern operating systems, Extended Validation SSL green bar technology is natively supported. No plugins, no weird settings in the browser. It just works. The good news is as more people upgrade from XP to Windows 7, this will become the norm.

The rest: Safari, Opera, Chrome

Chrome supports EV in all versions. Safari does in versions 3.2 and higher, and Opera does in version 9.5 and up.

With over 20,000 EV SSL certificates in use as of December 2009 (Netcraft December 2009 survey), EV is becoming more mainstream in terms of the average customer recognizing the green bar (and soon to be expecting the green bar for all secure transactions). And as the number of people using old operating systems and old browsers dwindles, the green bar will be as accepted as the padlock is today in terms of re-assuring customers at the time of purchase.

Source URL:-http://www.lexiconn.com/blog/2010/04/who-actually-sees-the-green-bar-for-ev-ssl-certificates/

Extended Validation EV SSL Certificates – Should Your Website Have One?

Extended Validation EV SSL certificates are the latest secure certificates that offer the highest level of “outward” security to the end user. Introduced in 2007, these new SSL certificates cause the address bar to turn green in a visitor’s web browser, and also to display the company name. Here are two examples of this in Firefox and Internet Explorer:

Firefox:-

Internet Explorer:-

EV certs have a more thorough application process, as each business is “vetted” prior to being issued an EV certificate. This means that organizations that have an EV SSL certificate are much more likely to be legitimate entities, as opposed to standard SSL certificates, that may be obtained by anyone without any verification.

Is it worth it to have an EV SSL Certificate? I believe the answer is YES!

EV Usage for the Top 100 Retail Websites

I took a detailed look at Internet Retailer’s 2009 Top 100 Retail Websites, as I felt this was a good cross-section of large and medium sized ecommerce merchants. I recorded which sites had an EV cert., what SSL vendor they were using, and I looked for any warnings or errors on their secure pages.

* 20% of the Top 100 retailers are currently using an EV SSL Certificate.

* 17% of the Top 100 retailers had an insecure call / warning on either their secure sign-in or secure checkout pages. This resulted in either a browser warning or missing padlock in the browser.

And here is the breakdown of the SSL vendors in use by the Top 100 retailers:

Interpreting the data

What can we learn from the above statistics? In terms of EV SSL adoption, 20% of the top retailers are now using an EV SSL certificate. Although this may seem like a low number, other studies in 2007 and 2008 found around 2% adoption in 2007, and around 12% adoption in 2008 for major retailers. There is a slow progression towards more retailers using EV.

However, there are a number of reasons why larger retailers may not have an EV SSL cert.:

• If you’re Amazon, people already trust you

Large retailers may not feel the need to add an extra layer of security, since they are a well known brand. If the padlock appears and no warnings pop up, people will purchase.

• IT managers just renew what they have currently

Many IT departments simply make sure their SSL certificate does not expire. They renew it early, and keep it the same to keep it simple for them. The thought of obtaining a new type of SSL certificate may not cross their mind, or seem too daunting.

• Too many hoops to jump through

In larger organizations, there are established procedures for the handling of existing SSL certificates. In order to get an EV certificate, the IT department has to get access to incorporation documents, DUNS numbers, etc… and probably needs to submit a proposal up the chain for approving this change. It may just be too much work for little return in their eyes (which I feel is a mistake).

• They don’t see the need

Consumers have not yet fully caught on to how EV certificates work, and not all older browsers support EV in terms of green bars and company names being displayed. These larger retailers may not see a large enough benefit to change their ways (again a mistake in my opinion).

Does the SSL vendor matter?

In looking at the top 100 retailers, Verisign was the most popular SSL vendor. This makes sense as they are seen as the leader, and worked hard with large retailers to establish partnerships. Akamai was the second most popular, which also makes sense as larger retailers often partner with Akamai as their content delivery network provider. Geotrust was next, and has a good reputation for business websites.

Technically speaking, all the major vendors offer the same level of security in terms of the certificate itself. All of the more recent web browsers fully support the major SSL vendors, so they all work the same. Brand name recognition does come into play if the website displays a security seal, as many consumers recognize names such as Verisign or Geotrust. And some seals are more visually appealing and look more professional (The GoDaddy seal is not a professional look in my opinion).

Does it matter? Yes. Industry leaders such as Verisign and Geotrust (which is actually owned by Verisign) have more brand name recognition, and can help with conversion rates for those shoppers on the fence when it comes to trusting a website before completing a purchase (assuming you prominently display the security seal). Additionally, Verisign and Geotrust are fully supported by older web browsers, which may still account for up to 5 to 10 percent of your visitors.

What about the errors?

When I found that 17% of the top 100 retailers had some sort of insecure call or security warning on their secure pages, I was quite shocked. I figured these large organizations would eliminate these sorts of problems on their websites. These are the types of errors that can cause buyers to not complete a purchase due to security concerns. People know that the secure padlock/key needs to be present to ensure a safe transaction.

Although a large well known company such as Walmart can survive a few lost sales, smaller merchants cannot afford to drive away sales with security warnings and missing padlocks. Here is where a small business can outperform a large online store: Make sure your secure pages are 100% secure so your customers feel safe shopping on your website.

To EV or not to EV, that is the question…

The skeptic might say:

80% of the top retailers do not use EV certs. EV certs costs more and it’s more difficult to get approved for one. Many consumers still do not understand the difference between a green address bar and the secure padlock.

All of the above is true. However, that does not mean you should skip an EV certificate. And here’s why:

• Don’t follow the herd

Just because 80% of the top 100 are not using an EV SSL certificate does not mean it’s the right choice for your business. Their reasons for not having one (laziness, too much red tape, do not understand the technology, etc…) are most likely not the same as yours (e.g. the cost and time to get an EV cert. do not matter to them) , and are not in line with your goals. See this as an opportunity to offer more recognizable security to your customers. It can be a competitive advantage.

• The green bar is continuing to become more recognized

As more consumers use Windows 7, IE 8, and Firefox, the green bar becomes more widely adopted. EV features are built into Internet Explorer 8 and Firefox, so more people are being exposed to this new technology. People are starting to notice the green bar and company name, and will equate that with a secure website.

• EV certificates are harder to obtain

This is a good thing. A less than reputable site or scam website can easily get a regular SSL certificate. However, they would be hard pressed to pass the background checks for an EV certificate. If your website has an EV certificate, it shows your business to be on the “up and up” and you have something not everyone can purchase. It gives you a competitive advantage over those websites that do not have one.

The bottom line on EV

For a few more dollars and a little more paperwork, your website can offer the most secure certificate available today. If only a few shoppers recognize the added security and it helps them complete a purchase at your store, it will be worth it. And that is the worst case scenario. The more likely scenario is more consumers are aware of (and actively look for) the green bar to signal a truly secure connection, and put more trust in those websites that use EV SSL certificates in their store.

Source URL:-http://www.lexiconn.com/blog/2010/01/extended-validation-ev-ssl-certificates-should-your-website-have-one/

The SSL Store Develops Online Module for Easy & Fast Extended Validation SSL (EV SSL)

St. Petersburg, FL

The SSL Store, one of the world’s largest resellers of SSL security certificates, would like to help the SSL certificate shopper find an easier path to attaining an Extended Validation (EV) SSL certificate for his/her Website. EV is a standard set by the Certificate Authority / Browser (or CA/B) Forum and is most recognizable as the technology that creates the green address bar indicator in the major Internet browsers in any secure portions of a site, an obvious visible cue of a site’s credibility and security. For a sample of how an EV certificate looks, please visit http://www.theSSLstore.com.

In a broad effort to improve accessibility to EV certificates, The SSL Store has developed an online module to educate individuals and businesses considering applying for an EV SSL certificate.  The module was developed to simplify and expedite the Extended Validation certificate application and validation process. Because EV SSL are taken so seriously within the industry, they are not as easy to get as Organization Validation (OV) or Domain Validation (DV) SSL certificates, certificate types that do not produce the green address bar indicators.

A Platinum Partner with VeriSign, GeoTrust, Thawte, and RapidSSL, The SSL Store has been refining its system and knowledge of the SSL security certificate industry since 2007. The company is both providing the module through its Website, accessible on the left side bar of theSSLstore.com under the heading “Extended Validation,” as well as providing one-on-one assistance sessions via direct line with a U.S.-based SSL industry expert at (727) 820-1161.

Kent Roberts, Director of the Retail and Enterprise Divisions for The SSL Store and the contact point for any Extended Validation SSL Certificate inquiries, explains, “Because we believe that EV is so important to creating a safer Web for everyone, we want attaining that type of certificate to be as simple as possible. Frustrations can make people turn toward different certificates which don’t show online users as much evidence of encryption and organizational and site legitimacy.”

Roberts added, “The EV certificate is both a high-end product for us and an SSL that can increase revene for our customers. Our EV slogan ‘The Green Bar is a Gold Bar’ is a nod to how effective the EV certificate is for e-commerce, increasing online revenue an average of 20% according to extensive case studies conducted by VeriSign, which itself is considered the gold standard in online security. We hope our hard work related to EV will create greater interest in EV certificates in general and in our company.”

About the Author:-

The SSL Store is one of the largest resellers of major brand SSL certificates. theSSLstore.com provides a Price Match program to meet or beat any competitor pricing, along with 24/7 support for anytime proble-solving. NASA, IBM, Microsoft, Harvard University, the UN, and thousands of small organizations and businesses have trusted The SSL Store since its founding in 2007. The SSL Store makes EV dreams come true one customer at a time, offering EV SSL including the following: VeriSign Secure Site Pro (SGC) with EV, VeriSign Secure Site with EV, GeoTrust True BusinessID with EV, GeoTrust True BusinessID Multi-Domain with EV (SAN/UCC), and Thawte SSL Web Server with EV. The SSL Store also offers all VeriSign EV in Multi-Domain (UCC/SAN) versions.

Source URL:-TheSSLstore Press Room

Extended Validation SSL Certificate

Extended Validation SSL Certificates deliver a new level of trust to your web site visitors. Starting with Microsoft? Internet Explorer 7, the address bar will turn green confirming your site identity as verified by a Certification Authority (CA) according to the most rigorous industry guidelines established by the CA/Browser Forum.

One Extended Validation Certificate works for one domain or subdomain name. For multiple subdomains please consider using Wildcard SSL certificate. E.g. if you have X-Payments installed on a subdomain (e.g. http://subdomain.domain.com) while X-Cart is located on the main domain (e.g. http://www.domain.com) and you want to enable SSL for both you should buy two Extended Validation Certificates or on Wildcard SSL certificate.

Over 1/3 of your site's visitor’s use a browser made for EV SSL, including IE 7, Firefox 3, and Opera 9.5. Their browsers tell them that you are trustworthy through the presence of a green bar near the address. With one out of three people relying on the green bar to appear in their browser, what would you rather show them about how trustworthy an merchant you are?

The green address bar builds trust and makes a difference between purchasing and abandonment during checkout. People are expecting their browsers to tell them if it's safe to do business with you, and an EV SSL certificate tells them loud and clear. To enable all your visitors to fully trust you an EV SSL certificate is now required for over 1/3 of your visitors and growing.

Key features

·         Recognized by all popular browsers, 99.3%

·         A great price so you make more sales and fit more in your budget. EV Starts at $359 per year.

·         128/256 bit SSL encryption

·         Dedicated account manager + Email and Web support

·         Free priority phone support to make installation easy.

·         30 day refund policy

·         $250,000 warranty

·         Unlimited re-issuance

Pricing:-

GeoTrust True BusinessID with EV	$149.00/yr.
GeoTrust True BusinessID with EV Multi  Domain	$323.50/yr.
Secure Site Pro with EV	$1,049.00/yr.
Secure Site with EV	$699.00/yr.
SSL Web Server with EV	$459.00/yr.

Why do I need Extended Validation SSL Certificate?

·         Extended Validation SSL is the next generation of SSL Certificate - stringent verification processes developed by the CA/Browser Forum ensure your web site is visibly more trusted than with other types of SSL Certificates.

·         Maximize your sales by gaining trust - the public is being educated to look for the "Green Address Bar" as a sign of trustworthiness. Make sure you gain competitive edge by displaying this essential trust indicator.

·         Free, patent pending EV Corner of Trust logo - confirming your EV status throughout the web site (not just on secure pages). This exclusive TrustLogo allows web site visitors to obtain your credentials with a simple mouse over (not a click diverting your customer to another web site).

Why Choose a Longer Certificate Term?

·         Significant savings vs. shorter-term certificates

·         Reduced risk of a trust-eroding expired certificate on your site

·         One less thing to do or worry about next year


Source URL:-http://www.x-cart.com/extended-validation-ssl.html