The EV (Extended Validation) SSL certificates offering the highest level of trust and security
With the SSL Gold Extended Validation (EV) Certificate you reach the highest possible level of trust for your webpage or your web application. The SSL Gold EV Certificate offers optimal protection and security of your customers and business partners.
SSL Gold EV with option multi-domain:
- Order optional your SSL Gold certificate with up to 20 additional domains or subdomains, meaning additional entries in the SAN field of the certificate. The option Multi-Domain fulfills the requirements of a Microsoft Exchange UCC/SAN environment.
- When ordering the SSL Gold certificate with only one domain entry, the protection of the domain is including with and without "www".
Would you like to obtain several certificates in a simple and flexible manner? The SwissSign Managed PKI service pays off from just 2 SSL Gold EV certificates.
- Verification of identity (Extended Validation EV) of domain, applicant and organisation
- Issue time within 5 to 10 working days after application
- Term of one or two years
- License can be used on an unlimited number of servers
- Warranty 100’000 CHF
- Full reimbursement within 30 days of issue
- Internationalised domain name (IDN) possible
- Permitted for Amazon payments
- The certificate can also be obtained via Managed PKI
- Telephone and e-mail support in English, German and French
- After the Sale of the certificate the SwissSign seal is provided in the customer login
- Wildcard entries are not possible in the SSL Gold EV Certificate. For Wildcard entries we recommend our SSL Gold Certificate.
- Would you like to protect your domain with and without “www” (order made with only one domain), than define this during the certificate issuance process or define this in your CSR. This additional protection is free of charge and optional.
- For orders with multiple domains (Multi-Domain) the free of charge protection of domains with and without “www” is not included. Please define your domain entries one by one.
- The Managed PKI Service allows the issuance of Multi-Domain certificates with up to 200 additional domains.
- Recognised root CA
- SHA-2 hash signature algorithm
- Encryption of up to 256 bits
- Key length of up to 2,048 bits
- Asymmetric encryption with 2,048 bits and symmetric encryption with up to 256 bits are possible
- Key use: Digital signature, key encipherment, client authentication, server authentication
- Distribution on all common browsers and platforms. See Compatibility
- DNS CAA policies will be followed before authorization of the request
- Validation with OCSP and CRL, OCSP stapling should be configured
- Certificate Transparency log information will only be transmitted by use of OCSP stapling
- User account for certificate management
- Revocation service for the revoking of certificates
- Notification 30 days and 10 days prior to expiry of validity
- Application-specific entries in the certificate:
- CN = common name: domain name FQDN (mandatory)
- O= organisation (mandatory)
- OU = organisational unit (optional)
- C = country (mandatory)
- L = location (mandatory)
- ST = canton, federal state (optional, mandatory if country is not similar to city)
- Street address (optional)
- Postcode (optional)
- Business Category (mandatory)
- Country of registration (mandatory)
- State of registration (optional, mandatory in case the jurisdiction of incorporation works on state level)
- Locality of registration (optional, mandatory in case the jurisdiction of incorporation works on locality level)
- Serial number (e.g. trade registry number or foundation date, mandatory)
- Period of validity (one or two years after call of the download link of the certificate for the first time)
- SAN (SubjectAlternativeName) domain name same as in the common name, optional entry with prepending www in case the certificate is selected with only one domain. With the option multi-domain additional domain or subdomain entries with additional domains. Wildcard entries are not permitted.
- Further applicant-specific entries are not permitted and are removed from a CSR.
- All binding guidelines for this certificate type are stipulated in the relevant Certificate Policy and Certification Practice Statement (CP/CPS): SwissSign Gold CP/CPS
The EV (Extended Validation) SSL Certificate is used for the following reasons:
Provides the best possible protection against phishing and man-in-the-middle attacks.
For use wherever trust is the highest priority. No other SSL Certificate offers more trust when using internet and web applications.
Examples of Usage
Within e-commerce applications or web pages where credit cards or other sensitive data is used. In companies which like to associate their brands with security and trust.
- Highest possible protection for customers and visitors, including phishing prevention.
- Helps improve conversion rates, decrease bounce rates and improve Google ranking.
Please submit the following documents by post
- Original copy of the signed application form. You will receive this automatically via e-mail after redeeming the license at www.swisssign.net.
- Copies (front and reverse) of a passport or identity card (Switzerland, Liechtenstein or EU) belonging to the applicant
- For public institutions: Excerpt from the Federal State Calendar or other proof of the organisation's existence on request
- Copies (front and reverse) of a passport or identity card (Switzerland, Liechtenstein or EU) belonging to the authorised signatory(ies) and/or co-signatory(ies) in accordance with the commercial register / Federal State Calendar.
In order to obtain a SSL Gold EV certificate you have to choose the right business category in your certificate request:
- «Private Organization»: The entity’s legal existence is created or recognized by a by a filing with (or an act of) the Incorporating or Registration Agency in its Jurisdiction of Incorporation or Registration (e.g., by issuance of a certificate of incorporation, registration number, etc.) or created or recognized by a Government Agency (e.g. under a charter, treaty, convention, or equivalent recognition instrument); Examples: A incorporation listed in the trade registry or an association listed in the association registry.
- «Government Entity»: The entity’s legal existence was established by the political subdivision in which the entity operates. It could be typically the parliament, a ministry, a state agency or a city.
- «Non Commercial Entity»: The Applicant is an International Organization Entity, created under a charter, treaty, convention or equivalent instrument that was signed by, or on behalf of, more than one country's government. E.g. Unicef, WHO.
- «Business Entity»: Any entity that is not a Private Organization, Government Entity, or Non-Commercial Entity as defined herein. Examples include, but are not limited to, general partnerships, unincorporated associations, sole proprietorships, etc. In case of an SSL EV certificate the principal individual of this entity has to show up personally at a notary, Swiss Post location (with “yellow ID”) or SwissSign.
Please note the following for the serial number and fields for the jurisdiction of incorporation:
In case of a «Private Organization» you shall enter your registry number as serial number. As far the jurisdiction of incorporation operates on a local level all three certificate fields (locality, province/state, country) should be filled in. In case a jurisdiction of incorporation or registration agency operates on province/state level you shall leave the locality entry empty. In case a jurisdiction of incorporation or registration agency operates on country level only the country field should be filled in.
- For requests within Switzerland: Please note that the use of the new business identification number (UID) is mandatory upon entering the commercial register data of a company domiciled in Switzerland. Old commercial register numbers beginning with CH instead of CHE are no longer permitted. See tab FAQ.
- Language: Please submit your documents in German, English or French. Documents in other languages or composed using non-Latin characters must be translated into one of the three mentioned languages and the translation must be notarised. To this end, organisations based outside the EU and Liechtenstein again also require notarisation based on the Hague Apostille.
- Young companies: Companies which have not yet been on the market for three years are required to provide confirmation of their business activities through their principal bank or a trustee.
- Should you wish to request several Gold-level certificates, you can use your organisation's or domain owner's authorisations: authorisations (PDF, 168 KB)
- SwissSign should be allowed to issue certificates for your domains according to the DNS entry (CAA policy)
Do you have any questions? Visit our FAQ page.