Extended Validation SSL Certificates now 1 Year Old

Extended Validation SSL certificates are now a year old, with the total number of EV SSL sites now above 4,000 representing 0.5% of the valid third party certificates that the Netcraft SSL Survey finds on the Internet. Absolute growth of EV SSL certificates has remained largely constant for several months, and the total is dwarfed by the 809,000 sites that use traditional SSL certificates.


A year ago, Netcraft’s SSL Survey found a total of 81 sites using EV SSL certificates, five of which have since reverted to conventional SSL certificates. Interestingly, three of these sites belong to certificate authorities. VeriSign no longer uses EV SSL certificates for either admin-manager.verisign.com or onsite.verisign.com, while Entrust no longer uses an EV SSL certificate for www.entrust.com, although this site redirects users to secure.entrust.com, which does use EV SSL. The two other sites to have stopped using extended validation are www.dunbarvalutrak.com, a system for tracking valuables and cash in transit, and www.senderra.com, a service mark of Avelo Mortgage, L.L.C.

The number of desktops which recognise EV SSL certificates is set to increase this month. On February 12th, Microsoft released the Windows Internet Explorer 7 Installation and Availability update to Windows Server Update Services. After this date, customers who have configured WSUS to auto-approve Update Rollup packages will have all instances of Internet Explorer 6 upgraded to version 7. Microsoft Knowledge Base article 946202 describes how administrators may deploy Internet Explorer 7 using WSUS, or to postpone the update.


For users of Windows Vista, Internet Explorer 7 turns the address bar green when a user visits a site which offers a valid EV SSL certificate, helping to boost consumer confidence in such sites and reduce fraud. By default, Windows XP users will not see the green address bar unless they install an optional Root Certificates Update, which will enable the use of EV SSL certificates.


In addition to the Internet Explorer 7 push, nightly builds of the Firefox web browser now also support EV SSL certificates, using the VeriSign EV root for testing purposes. Other EV SSL certificates are currently treated as conventional SSL certificates, although when Firefox 3 is ready to be released to the public, it is expected to have full support for all EV SSL certificates.

Further trends and observations are made in Netcraft’s monthly SSL Survey.