InstantSSL, EnterpriseSSL  and EVSSL Hacker Guardian Trust Logos
Purchase SSL Packages:  

EV SGC SSL Certificates

Guard customers’ sensitive information, financial transactions and transmit confidential data with identity assured EV SGC-enabled SSL Certificates. These certificates provide 128- or 256-bit encryption to over 99% of Web site visitors by offering the strongest encryption and identity assurance available to every site visitor - even the millions using older versions of Windows and IE.

Premium WildCard SSL>
InstantSSL Pro

Why do I need EV SGC SSL Certificates?

  • EV is the next generation of SSL Certificate - stringent verification processes developed by Certificate Authority (CA)/Browser Forum ensures your website is visibly more secure and trusted than with other types of SSL Certificates.
  • Maximize your sales by gaining trust - the public is being educated to look for the "Green Address Bar" as a sign of trustworthiness. Make sure you gain competitive edge by displaying this essential trust indicator.
  • Protect the widest customer base imaginable - SGC technology upgrades older browsers so they can connect at full 128- or 256-bit encryption levels meaning you convert more sales by protecting more customers than with a regular SSL Certificate.

Why Comodo for your EV SGC SSL Certificates?

  • Unique, patent-pending EV Auto-Enhancer™ - Automatic EV Deployment and Maintenance Technology - automatically upgrades Microsoft® Internet Explorer 7.0 on Windows™ XP to full “Green Address Bar” functionality. Valued at $1,500, Comodo provides this technology free to all our EV SSL Certificate customers. Without it, Windows™ XP users will not automatically see the "Green Address Bar" when visiting your site.
  • Industry leading support - as the world's second largest SSL Certificate provider, Comodo has the infrastructure, experience and depth of knowledge to help you every step of the way.
  • Unbeatable Price - from $999 per year, EV SGC SSL Certificates from Comodo cost less than most CA’s charge for non-SGC EV SSL Certificates. Additional features such as free EV Corner of Trust logo, dedicated account manager and free phone priority support make the EV SGC SSL Certificate a complete "trust package" that is unrivalled in the industry.


EV SSL Certificates

Extended Validation SSL Certificates deliver a new level of trust to your website visitors. Starting with Microsoft® Internet Explorer 7, the address bar will turn green confirming your site identity as verified by a Certification Authority (CA) according to the most rigorous industry guidelines established by the CA/Browser Forum.

Why are EV SSL Certificates important news for you?

EV SSL Certificates are designed to provide visitors with the green "good to go" Microsoft IE browser indicator when visitors go to a secure page.


Until now, customers had no visible online indication confirming that you are a verifiable business. But the new EV SSL Certificates work with the latest releases of the major browsers so that now your consumers can verify you and your identity.

EV SSL certificates protect users from doing business with unauthenticated web merchants. Simply, EV SSL certificates are the new type of SSL certificate that provide rigorous authentication for a business' identity. This extended validation (EV) is given to online businesses that can be verified through evolved and secured authentication processes. If your site can be identity verified (and a competitor's site can not) customers are likely to trust you more. This competitive advantage translates into reduced visitor abandonment rates, improved conversions, higher revenue per transaction and higher lifetime customer value. In the world of e-commerce, establishing trust is mission critical because when you win your customer’s trust, you win their business.

The New EV SSL certificates will benefit your business because they will provide better consumer protection.

EV SSL Certificates are designed to provide visitors with the green "good to go" browser indicator when visitors go to a secure page.

Validation Levels:

All EV SSL Certificates undergo a new validation process that has been established by the industry group CA/B Forum. This vetting process ensures rigorous validation of both domain name and company details before issuance, in order to provide the highest levels of security and trust for your customers.

The EV SSL Certificate Validation Process

The goal of the validation process is to ensure that consumers have a way to authenticate legitimate sites from phishing sites. The increased trust and consumer protection offered by EV certificates necessarily involves a more rigorous validation process. This new procedure has been established by the industry group, CA/B Forum.

Some basic requirements that a business needs to conform to obtain an EV SSL certificate includes (but are not limited to):

  • Legal status as a company created by government filing
  • Registration number of incorporation
  • Place of business is in same jurisdiction (e.g. country) as place of business registration
  • Organization name
  • Business name
  • Full address and main phone number of place of business

Not sure if your Business is incorporated? Click here to find out


Your browser ubiquity is a key element when choosing an SSL provider. EV SSL is inherently recognized by 99.3% of the current Internet population. This makes EV SSL as equally trusted as more expensive Certificates from VeriSign.

If you upgrade to a Comodo EV SGC certificate, the encryption level of older browsers from 40 bit or 56 bit is increased to highly secure 128/256 bit SSL sessions. That means you protect more of your customers at the highest levels of security than regular SSL certificates.

Industry Leading Expert Support:

Comodo is renowned for its industry leading customer care and technical support. As a valued EV SSL customer you can expect a dedicated account manager and multi-channel priority technical support for any issues you may face or questions you may have during any stage of applying for, installing or using your EV SSL Certificate. In addition, you can benefit from a free post-installation health check on your SSL Certificate from our team of experts to ensure that your certificate is installed correctly.

Speed of Issuance & Validation Levels:

Thanks to the revolutionary capabilities of IdAuthority, the identity assurance provider, Comodo has the systems to complete the validation process quickly and efficiently. EV SSL Certificates do require higher levels of business authentication and therefore can take longer than non business vetted SSL certificates.


General Frequently Asked Questions - EV SSL

What is an EV (Extended Validation) SSL Certificate?

Extended Validation (EV) SSL Certificates are the next generation SSL Certificate because they help protect against phishing attacks. They work with high security Web browsers (e.g. Microsoft IE) so that visitors to Websites with an EV SSL Certificate will see a “Green Address Bar”. EV SSL Certificates represent a new industry standard for e-merchant identity verification developed by the CA/B Forum.

What are the benefits of EV SSL Certificates to Web site owners?

An EV SSL Certificate helps you gain competitive advantage by increasing trust in your Web site that translates into higher conversion rates and increased revenue.

What is EV AUTO-Enhancer™ - Automatic EV Deployment and Maintenance Technology?

Comodo EV SSL Certificates offer the ability for Microsoft® Windows XP users to see the “Green Address Bar” indicator in Microsoft® Internet Explorer 7. However, unlike other Certification Authorities we provide EV AUTO-Enhancer™, a unique, patent-pending Automatic EV Deployment and Maintenance Technology to maximize the value of your EV SSL Certificate. Now your system administrator does not need to engage your web design team to install and service your EV SSL Certificate.

This technology is FREE, available nowhere else and is worth $1,500 in saved web design team resources.

How EV AUTO-Enhancer™ works?

With Comodo’s unique, patent-pending EV AUTO-Enhancer™ technology, your system administrator need only install a single file on your Web server to make EV SSL Certificates display the “Green Address Bar” indicator in Microsoft® Internet Explorer 7 for customers who use Microsoft® Windows XP. This saves your web design team days of work in making your EV SSL Certificate backward compatible with Microsoft® Windows XP.

Normally, Web servers are configured to send only a single certificate chain during SSL/TLS handshakes. However, a simple modification to the “standard” configuration of a Web server would cause the new Root Certificate to be sent during SSL/TLS handshakes in addition to the “legacy certificate chain”.  This would cause the new Root Certificate to be automatically downloaded and installed from the Automatic Root Update facility and the EV SSL Certificate “Green Address Bar” would be seen immediately.

Comodo's EV AUTO-Enhancer™ technology returns the EV SSL Certificate root in the handshake from your Web server. In combination with a change of the issuance date of the cross-certificate, this will force Microsoft® Windows XP and Vista to pull the root into the certificate store.

Is EV AUTO-Enhancer™ compatible with all types of Web server?

This technology is currently available for Apache Web servers. The Web server will return the trusted route in the handshake that can easily be incorporated into the installation instructions that we provide for Apache. IIS EV AUTO-Enhancer™, A Comodo a plug-in for Microsoft® IIS will soon be available to allow this type of Web server to serve the root in the desired way. Currently, all EV SSL Certificates will continue to work on Microsoft® IIS Web servers using Comodo’s EV Enhancer™. Comodo is also extending the ubiquity of this technology to be compatible with other types of Web server in the future.

What is EV Enhancer™?

Comodo's EV Enhancer™ technology enables the new "Green Address Bar" browser indicator for EV SSL Certificates to be backward compatible with Microsoft® Internet Explorer 7 on Windows™ XP by installing a trusted Comodo Root Certificate. This Root update is needed to establish a fully trusted and encrypted EV SSL connection and enable your customer’s address bar to turn green

How does EV Enhancer™ work?

In order for the "Green Address Bar' to be displayed for a secure website in Microsoft® Internet Explorer 7, the relevant Root Certificate must be present in the client's Trusted Root Certificate store and it must also have an EV Policy Object Identification (OID) associated with it. In Windows Vista, EV Policy OIDs are assigned automatically via the Automatic Root Update facility. However in Windows XP (the dominant Operating System in the market today), the Automatic Root Update facility is unable to assign EV Policy OIDs to “legacy” Root Certificates that are already present in the Microsoft Root Certificate Program. This behavior forces all Certificate Authorities to embed a new Root Certificate in the Microsoft Root Certificate Program that will have the applicable EV Policy OID assigned to it. The difficulty of installing the new root certificate on Windows XP is that new Root Certificates are distributed from Windows Update. Every week, Windows downloads a signed list of all roots in the root program. When Windows validates a certificate, Windows XP shows the following behavior:

  1. Windows XP first tries to build a chain using certificates from the TLS/SSL protocol, in addition to the local certificate stores;
  2. If Windows is unable to find a chain up to a self-signed certificate, Windows tries to download additional certificates using information in the certificate;
  3. If a chain up to a self-signed certificate can not be found, Windows tries to find a match in the signed list of roots retrieved from Windows Update. If a match is found, the Root Certificate is then downloaded and installed silently.

In most cases Windows XP will find a legacy Root Certificate (for Comodo this is UTN and AddTrust), which will mean that at least one trusted certificate chain will be found during phase one and no new EV root will be installed. Therefore, it is not possible to use the Root Update Mechanism provided by Microsoft. To solve this problem, the website must trigger an TLS / SSL connection to a HTTPS URL that points to a certificate that is not cross signed and does not refer to a legacy Root and returns only the End Entity and Issuing CA certificates. This method will force Windows XP to validate a certificate chain where it must download the new EV root.

The figure below shows the process in more detail:

  1. Consumer PC visits https://www.myEVsite.com and the web server returns the chain including the cross certificate to the user during TLS/SSL negotiation;
  2. The website contains an EV Enhancer™ script to https://ev-enhancer.comodo.com;
  3. The user makes a second TLS/SSL negotiation with ev.cadomain.com which returns a different End Entity certificate and no cross signed certificate;
  4. Windows XP validates End Entity B and is unable to build a chain to a known self-signed certificate.

Based on the above scenario, the user will not see the "Green Address Bar" in Internet Explorer 7 until the second time she visits the site. This can be improved to be a first time visit if the home page of the website is not a HTTPS URL and the EV Enhancer™ technology is activated from a page leading up to the HTTPS EV SSL trusted page. The EV Enhancer™ downloads and installs the EV Root from Windows Update before the user enters the SSL connection. This requires your website administrator to add a link to an HTTPS “beacon” site on each entry page of your website.

What is SGC?

SGC is Server Gated Cryptography. It provides the ability for a certificate to 'up-rate' older browsers that are only capable of weak, 40-bit encryption to ultra-secure 128/256-bit encryption without the need to upgrade. It was introduced at a time when stringent United States encryption export laws would only allow browsers to encrypt 40-bit levels. Understandably, there are still millions of users that still use these older browsers. Websites wishing to offer the highest level of trust and 256-bit encrypted transactions to the widest possible customer base should consider EV SGC SSL Certificates.

Will I be able to upgrade my existing Comodo High Assurance SSL Certificate to get the “Green Address Bar” in my customer’s Web browser?

Sure. Comodo can offer you a quick migration path from your existing High Assurance SSL Certificate to an EV SSL Certificate. After your reservation, you may have to submit additional documentation. The Comodo sales team will assist you throughout the process. So submit your contact information and we will contact you shortly. Alternatively, call US toll free: 1 888 266 6361 or from outside of the US: 1 206 203 6361.

Is my existing High Assurance SSL Certificate still sufficient for protecting online transactions?

All Comodo SSL Certificates will continue to provide security encryption to ensure that data being transferred between your Web site and your customer’s Web browser can not be stolen. In addition your current High Assurance SSL Certificate will continue to provide identity assurance for your Web site.