Premium EV SSL

The certificate is mainly used to identify the legal entity that controls a Web site and enable encrypted communications with a Web site in case the server transmits personal data, identification numbers, credit card data or confidential information of the strategic importance to the certificate owner or user The certificate can be used for the secure access to a server since it provides the encrypted connection between the customer’s software and server and for the authentication of the server on the Web. Moreover, the certificate is used to identify the owner of the secured website allows the customer to validate of its reliability and to protect him against the replacement the website by a fake server.

Premium EV SSL certificates are used for:

• server authentication
• protection of business and commercial transactions carried out by a server
• protection of websites of on-line stores running high value transactions
• protection of bank access servers
• protection of websites of on-line banking systems
• protection of corporate servers
• protection of communication with mailing servers
• protection of communication with database servers

• server authentication
• protection against phishing and other online identity fraud attacks using certificates
• server reliability – information on the server authenticity confirmed by a certificate
• website owner reliability – information on the website authenticity confirmed by a certificate
• protection of services (authentication, integrity and confidentiality on the basis of the SSL protocol)
• secure (encrypted) communication between a server and customer’s software
• guarantee of reliability and confidence from persons who use the certified server
• highest financial liability of certificate issuer
• 2-year certificate validity
• secure communication with Facebook Apps
• issued for Private Organizations, Business Entities and Government Entities

Note
Premium EV SSL certificates are not issued for natural persons

• compliance with X.509 v.3 (RFC3280)
• compliance with Guidelines For The Issuance And Management Of Extended Validation Certificates
• protection by means of RSA-SHA1 encryption function
• issue by CERTUM certified for the compliance with WebTrust standard
• issue by CERTUM whose root certificate is automatically recognized as trusted on most popular website browsers
• possibility of certificate status validation by CRL and OCSP services

CERTUM verifies applicants in accordance with Guidelines For The Issuance And Management Of Extended Validation Certificates requirements. Verification process requires domain access control and additional vetting documents used to perform the identification of the applicant.

Domain access control

• CERTUM validates the fully qualified domain name (FQDN). Verification if person has access to the server with domains for requested certificate: the domain administrator puts the html file on a server or includes additional few lines in your page source code
• CERTUM validates e-mail, with link to get certificate, will be sent to one of the following:
  • admin@yourdomain.com
  • administrator@yourdomain.com
  • webmaster@yourdomain.com
  • hostmaster@yourdomain.com
  • postmaster@yourdomain.com

Vetting documents

• copy of ID document of a person responsible for the certification procedure (ID card, passport, residence permit, student’s ID card, social insurance ID, etc.) to check the data given in a form filled in on a website
• document to assure the person responsible for certification procedure is an employee or representative of company/institution
• document to verify company/institution authenticity, e.g.:
  • DUNS number (Dun and Bradstreet)
  • Articles of Incorporation
  • Business License
  • Doing Business As (DBA) registration
  • Partnership documentation
  • Sole Proprietorship documentation
  • Factitious Name Statement
  • Assumed Name Statement
  • Seller’s Permit
  • Occupational License
  • Sales Permit
• if certificate should be issued for other institution then original domain owner - copy of the document to assure right to use the domain

All delivered documents must be signed by official representative. Delivered documents must be in English or must be translated into English by sworn translator or certified by a notary.

Note

CERTUM must verify a main applicant‟s telephone number by calling it and obtaining an affirmative response sufficient to enable a reasonable person to conclude that the applicant is reachable by telephone at the number dialed.

Documents can be delivered by:

• via email: info@certum.pl
• in person
• by fax: 004891 4257 422
• per post:
  
  CERTUM PCC
  ul. Bajeczna 13
  71-838 Szczecin, Poland