Getting the most out of your EV Certificate.

EV SSL Certificates greets your web site visitors with a Green Bar within the address bar of your Microsoft browser that represents safety. The information here is the three most common tips to implement when deploying your EV certificate. When you are ready to deploy your Trustwave EV SSL certificate to your web server these instructions will help ensure your success and the proper display of the green address bar to your customers.

Please contact customer support if the following information does not allow you to resolve issues with the green shading of the address bar and your EV SSL certificate. Our toll-free support number is: 866-775-2378

1. EV Certificate Installation

When your order is first placed with Trustwave, you will be given a standard (non EV) SSL certificate to deploy while your EV SSL certificate is being prepared. Ensure that you remove this certificate once you receive the Trustwave Email delivering your final EV SSL certificate.

(HINT) You can check that the certificate you deployed is an EV SSL by opening it with the Microsoft Management Console (on windows) and looking at the contents of the SUBJECT field to verify that it contains the following string "1.3.6.1.4.1.311.60.2.1.3". If that string is not present, your certificate is not an EV and you should request an EV SSL certificate from Trustwave.

This portion of the certificate installation process is exactly the same as the installation of any other type of certificate and you should follow the certificate installation instructions for your specific server.

2. Trustwave Intermediate Root Installation

When you receive your EV SSL certificate from Trustwave, you will receive an email with the EV SSL certificate and the intermediate roots required for your web server. It is imperative that you install the correct intermediate roots to ensure that your EV SSL certificate functions properly for both Internet Explorer 7 on Windows XP and Vista.

If there are already "SecureTrust CA" intermediate roots on your web server you will need to ensure that the date of issue on that intermediate root is 10.01.2006. If that is not the date on your intermediate root, or if you have several intermediate roots in different certificate stores, then remove all "SecureTrust CA" intermediate roots from all certificate stores on that web server, and import just the "10.01.2006 SecureTrust CA" intermediate root into your web server's Intermediate Root Store.

(HINT) If you do not have a SecureTrust CA 10.01.2006 Intermediate Root, then request one from Trustwave Support or download it here.

3. Trustwave Site Seal or EV Upgrade Script

You should include a Trustwave Site Seal or EV Upgrade Script to make the address bar shade green for the widest selection of your customers' web browsers. If this upgrade script or Site Seal is not present on your page, customers with Windows XP Browser may have difficulty with the appearance Green shading in the address bar.

Instructions on installation of the Trustwave Site Seal can be found here.

Instructions on the EV Upgrade Script can be found here.

4. Internet Explorer Anti-Phishing Toolbar

The way Internet Explorer implements the EV SSL Certificate runtime validation and presentation of the Green Bar is dependent on having the Microsoft Anti-Phishing Toolbar "turned on" within Internet Explorer 7 (both XP and Vista). EV SSL Certificates from every SSL vendor will not display the Green shading in the address bar unless this toolbar option is enabled. Keep this in mind if you have deployed your EV SSL certificate, see the padlock in IE, but do not see the green shading within the address bar.