Extended Validation SSL Certificates give your online business the opportunity to show visitors that you are reputable and secure. In order to ensure that your visitors can see that your Web site has passed Extended Validation (EV) authentication, VeriSign created VeriSign® EV UpgraderT-the first-ever solution to enable all visiting Windows® Internet Explorer® 7 (IE7) browsers to detect EV SSL Certificates and display them appropriately.
W H I T E PA P E R
EV Upgrader: Enabling Windows
XP Clients for Extended ValidationW H I T E PA P E R
C O N T E N T S + The Windows XP Functionality Gap 3
+ What EV Upgrader Does to Trigger Root Installation 4
+ How Best to Use EV Upgrader 5W H I T E PA P E R
Extended Validation SSL Certi?cates offer online businesses the opportunity todemonstrate their genuine identity to site visitors. By doing so they can maximize visitorcon?dence and increase the total amount of business on the site. In order to ensure thatthe most possible site visitors are able to observe that the site has passed ExtendedValidation (EV) authentication and enjoy the increased con?dence that accompanies this® Tknowledge, VeriSign has created VeriSign EV Upgrader -the ?rst-ever solution to® ®enable all visiting Windows Internet Explorer 7 (IE7) browsers to detect EV SSLCerti?cates and display them appropriately.EV Upgrader is a server-side application that prompts visiting IE7 systems to update®their VeriSign SSL Certi?cate roots. Microsoft speci?cally engineered Internet Explorerto allow root updates of this nature, and therefore the update is virtually instantaneousand undetectable to the site visitor. The only change the user sees is the display of greenaddress bars and other EV interface conventions when visiting sites that have VeriSignEV certi?cates.To make using EV Upgrader as easy as possible for site administrators, VeriSign has builtTit right into the VeriSign Secured Seal . That means all you have to do to maximizeconsumer con?dence in your EV-authenticated site is install the VeriSign Secured Seal.Installation takes minutes, and no additional administration is required. The VeriSignSecured Seal even gains this functionality automatically on existing sites, so if your sitealready has the VeriSign Secured Seal, you don't need to do a thing.VeriSign signs EV certi?cates with a non-EV intermediate root to ensure full coverage foryour site on legacy browsers. In order to enable EV functionality and behavior, VeriSignsigns EV certi?cates with a new EV root as well. This innovative design makes possible asingle SSL Certi?cate that offers the same comprehensive browser ubiquity as traditionalVeriSign SSL Certi?cates and still enables EV functionality on the broadest possible setof IE7 client systems.This white paper details the behavior of EV Upgrader and how it triggers rootinstallation in Windows XP operating systems. A companion white paper, MaximizingSite Visitor Trust Using Extended Validation SSL, details the basic behavior and interfaceconventions of EV SSL Certi?cates.
The Windows XP
Functionality Gap
TMicrosoft created the Windows Vista operating system with the intention that it wouldwork in conjunction with IE7 to automatically and seamlessly provide root updates. Inthe case of your EV SSL Certi?cate, that's exactly what the operating system does.Whether or not you install the VeriSign Secured Seal with EV Upgrader on your site, allclients using Windows Vista will have the ability to recognize EV certi?cates on yoursite. However, Microsoft engineered and released the Windows XP operating system longbefore the existence of EV SSL, so Windows XP lacks the ability to undergo this rootinstallation in the absence of a speci?c event that will trigger update. Therefore, IE7running on the Windows XP operating system requires prompting to download and adda new EV root. This prompt occurs when the browser attempts to connect with a Website protected by an SSL Certi?cate that uses a root it does not recognize. At that point
3W H I T E PA P E R
the IE7 browser contacts a separate root store service maintained by Microsoft anddownloads the root in question. It does not download all roots in the store but only therequested root. This functionality is a deliberate operating system behavior addedspeci?cally to enable scenarios such as this one.
What EV Upgrader Does to
Trigger Root Installation
EV Upgrader operates on a very simple principle. The site containing an EV SSLTCerti?cate from VeriSign adds an invisible JavaScript link to one or more of its pages.This link initiates a connection with a speci?c Web site that VeriSign has set up explicitlyfor this purpose. The address of that domain is https://extended-validation-ssl.verisign.com, and if you access it by typing that address into any Web browser, you'llsimply see explanatory informati... [download for more]
