 |
EthnoHosting 
SSL Certificates Extended Validation
Technology Extended Validation
• What is EV AUTO-Enhancer?
• What is EV Enhancer?
• How does EV AUTO-Enhancer work?
• How does EV Enhancer work?
Extended Validation (EV) SSL Certificates are the next generation SSL Certificate because they help protect against phishing attacks. They work with web browsers (e.g. Internet Explorer 7.0, Firefox 3.0 and Opera 9.5) so that visitors to Websites with an EV SSL Certificate will see a "Green Address Bar". EV SSL Certificates represent a new industry standard for e-merchant identity verification developed by the CA/B Forum.
What is EV AUTO-Enhancer™?
Comodo EV AUTO-Enhancer™ is a patent-pending technology designed to enable Microsoft® Windows XP users to see the "Green Address Bar" indicator in Microsoft® Internet Explorer 7. Unlike XP compatibility solutions offered by other Certification Authorities, EV AUTO-Enhancer&trade provides this capability simply by installing a small program on your web server at the time you install your EV SSL Certificate.
It installs quickly and easily, and provides "Green Address Bar" functionality to XP users beyond that of other solutions, which, for example, require site visitors to have JavaScript enabled - ours doesn't. Only Comodo's approach is deployed solely by IT staff, and does not require the involvement of web developers to setup or maintain the solution.
What is EV Enhancer™?
Comodo's EV Enhancer™ enables the new "Green Address Bar" browser indicator for EV SSL Certificates to be backward compatible with Microsoft Internet Explorer 7 on Windows™ XP by installing a trusted Comodo Root Certificate. It should be used by companies deploying EV SSL Certificates on web servers other than Apache or Microsoft IIS. (If you are using Apache or Microsoft IIS we recommend you use Comodo's EV AUTO-Enhancer™ described at the top of this page.
How does EV AUTO-Enhancer™ work?
With Comodo’s unique, patent-pending EV AUTO-Enhancer™ technology, your system administrator need only install a single file on your Web server to make EV SSL Certificates display the "Green Address Bar" indicator in Microsoft Internet Explorer 7 for customers who use Microsoft Windows XP. This saves your web design team days of work in making your EV SSL Certificate backward compatible with Microsoft Windows XP.
Normally, Web servers are configured to send only a single certificate chain during SSL/TLS handshakes. However, a simple modification to the "standard" configuration of a Web server would cause the new Root Certificate to be sent during SSL/TLS handshakes in addition to the "legacy certificate chain". This would cause the new Root Certificate to be automatically downloaded and installed from the Automatic Root Update facility and the EV SSL Certificate "Green Address Bar" would be seen immediately.
Comodo's EV AUTO-Enhancer™ technology returns the EV SSL Certificate root in the handshake from your Web server. In combination with a change of the issuance date of the cross-certificate, this will force Microsoft Windows XP and Vista to pull the root into the certificate store.
How does EV Enhancer™ work?
In order for the "Green Address Bar" to be displayed for a secure website in Microsoft Internet Explorer 7, the relevant Root Certificate must be present in the client's Trusted Root Certificate store and it must also have an EV Policy Object Identification (OID) associated with it. In Windows Vista, EV Policy OIDs are assigned automatically via the Automatic Root Update facility. However in Windows XP (the dominant Operating System in the market today), the Automatic Root Update facility is unable to assign EV Policy OIDs to "legacy" Root Certificates that are already present in the Microsoft Root Certificate Program. This behavior forces all Certificate Authorities to embed a new Root Certificate in the Microsoft Root Certificate Program that will have the applicable EV Policy OID assigned to it. The difficulty of installing the new root certificate on Windows XP is that new Root Certificates are distributed from Windows Update. Every week, Windows downloads a signed list of all roots in the root program. When Windows validates a certificate, Windows XP shows the following behavior:
When Windows acepts Certificate ,for one, in Windows XP following actions are::
| 1. |
Windows XP first tries to build a chain using certificates from the TLS/SSL protocol, in addition to the local certificate stores; |
| 2. |
If Windows is unable to find a chain up to a self-signed certificate, Windows tries to download additional certificates using information in the certificate; |
| 3. |
If a chain up to a self-signed certificate can not be found, Windows tries to find a match in the signed list of roots retrieved from Windows Update. If a match is found, the Root Certificate is then downloaded and installed silently.
|
In most cases Windows XP will find a legacy Root Certificate (for Comodo this is UTN and AddTrust), which will mean that at least one trusted certificate chain will be found during phase one and no new EV root will be installed. Therefore, it is not possible to use the Root Update Mechanism provided by Microsoft. To solve this problem, the website must trigger an TLS / SSL connection to a HTTPS URL that points to a certificate that is not cross signed and does not refer to a legacy Root and returns only the End Entity and Issuing CA certificates. This method will force Windows XP to validate a certificate chain where it must download the new EV root.
SSL Certificate Comodo EV
SSL Certificate Comodo EV SGC
SSL Certificates
|
|
|
|
Price
 Description of Comodo EV SSL technology.
Download PDF [3.6 Mb]
 Price including all EthnoHosting services. Convenient for printing.
See Price
|
|
|
Goods: 
