Verification of Certificate Applicants

One unique aspect of EV validation involves verifying the specific individual requesting the certificate. CAs must confirm that the person applying for the certificate is employed by the organization and has the authority to request SSL certificates on the organization's behalf. This typically involves verifying employment through HR departments and confirming authorization through legal representatives or senior management. This personal verification adds another layer of security against unauthorized certificate requests.

The telephone verification process for EV certificates is particularly stringent. CAs must independently verify the organization's telephone number through sources like government records or established business directories—they cannot rely on numbers provided by the applicant. The verification call must reach someone who can confirm the certificate request and the applicant's authority. This process often involves multiple calls and can extend the validation timeline, but it provides crucial protection against social engineering attacks.