Extended Validation Certificates
The InCommon Certificate Service issues unlimited Extended Validation (EV) SSL/TLS certificates at no additional cost to subscribers. Because EV certificates require additional levels of validation for the requesting organization, our partner Comodo must handle all of the paperwork as well as the validation process for EV certificates. Comodo has provided a background PDF about extended validation SSL.
- If this is your first EV Cert request, read on.
- If you have ordered an EV Cert before, but need another for a domain listed in your first request, you need only submit an EV Certificate Request Form. For example, if you listed foo.edu as a domain in your original paperwork, you do NOT need to resubmit paperwork for sub-domains like web1.foo.edu.
- If you have ordered an EV Cert before, but now require an EV Cert for a domain not listed in your first request, skip to the "Subsequent Requests" section.
What are EV Certs?
An extended validation certificate is a X.509 public key infrastructure (PKI) digital certificate in which identifying information about the business entity holding the certificate for a web site or other server has been validated by the certificate authority (CA).
The CA uses a standardized set of requirements set out in the CA/Browser Forum Extended Validation Certificate Guidelines. These guidelines also set requirements for auditing, revocation and certificate content.
Extended validation certificates are generally considered to be high assurance certificates as that term is used within the PKI community.
Why the additional paperwork?
EV certificates have higher validation requirements and are issued by Comodo under a separate Certification Authority (CA). Because of the formal requirements that all EV certificates must comply with, Comodo must manage the validation process with separate governing legal terms. For EV certificates, InCommon subscription covers the fees and the same Certificate management interface, while Comodo directly engages with the university on legal and validation terms.
First-time EV Cert Requests
1. Confirm Domain Approval
Confirm that the domain for which you are requesting the EV certificate has already been approved by InCommon.
2. Request an EV Cert via the Certificate Manager (CM)
First, request an EV certificate using the Certificate Manager (CM). This generates an order number in Comodo's system, which you will need for the next step.
3. Submit the Required Documentation
Comodo requires three documents before issuing an EV SSL certificate. These documents should be sent directly to Comodo (not to InCommon). Include your order number on each document for reference.
- EV SSL Certificate Subscriber Agreement (submitted only once)
- A Legal Opinion Letter(see this Sample Legal Opinion Letter)
- An EV SSL Certificate Request Form (see below)
Be sure to list all domains for which you intend to request EV certificates in both the Legal Opinion and the EV Certificate Request Form. Listing the parent domain will cover all sub-domains. For example, listing foo.edu is sufficient to cover web1.foo.edu, web2.foo.edu, etc.
Send via fax or email to Comodo:
- Fax: 1-866-446-7704
- Email: email@example.com
Please note your order number on all three forms to speed the process with Comodo.
1. The EV SSL Certificate Subscriber Agreement is separate from the agreement signed with InCommon when you subscribed to the InCommon Certificate Service. There is no additional charge for EV certificates, but this agreement with Comodo is required. This is required once per organization. When submitting, please place your order number on the document, on a cover sheet, or in the accompanying email message.
2. The Legal Opinion Letter will verify:
- Applicant’s Legal Status
- Flagged Entity Check – Manually done by Comodo
- DBA/Trade Name
- Physical Existence
- Operational Existence
- Phone Number
- Domain Ownership – (Please list ALL domains you own for which you wish to request EV certificates now or in the future). Listing the parent domain will cover all sub-domains. For example, listing foo.edu is sufficient to cover web1.foo.edu, web2.foo.edu, etc.
- Name, Title, and Authority of Contract Signer
Comodo will verify the organization in one of two ways.
- For private institutions, the official corporate records must be obtained or
verified directly with the Registration Authority (generally the Secretary of State).
- For government entities, legal existence can be verified by a verified legal opinion authored
attorney representing the applicant, or a judge in the same political sub-division as the applicant. See the sample Legal Opinion Letter.
Please include the order number on the document, on a cover sheet, or in the accompanying email message. If, later, you need to add a domain not included in your original Legal Opinion Letter, you can re-use the letter (provided it is for the same organization), but please include the new order number.
3. EV Certificate Request Form - If you have multiple domain names, list them all on this form. There are two different forms; choose the form that fits your situation:
You can use one Certificate Request Form for multiple orders submitted at the same time. Otherwise, each order requires its own Certificate Request Form.
Subsequent EV Cert Requests
If you need an EV certificate for a domain not included in your original application, you will need to submit a new Legal Opinion Letter and EV Certificate Request Form. See the information above for details on the Legal Opinion Letter and request form.
To request another EV Certificate for a domain already vetted, just send an EV Certificate Request form.