> For the complete documentation index, see [llms.txt](https://docs.certinext.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.certinext.io/documentation/certificate-lifecycle-management/ordering-a-certificate/as-a-customer/ordering-ev-public-trust-certificates.md). # Ordering EV Public Trust Certificates ### What Is an EV Certificate? An Extended Validation (EV) SSL/TLS certificate provides the highest level of identity assurance available for websites. It encrypts all data flowing between a visitor's browser and your server and prominently displays your organization's verified identity to visitors. Unlike Domain Validation (DV) or Organization Validation (OV) certificates, EV certificates require the Certificate Authority (CA) to perform rigorous, multi-step verification of your organization's legal existence, physical address, operational status, and the authority of the individuals signing and approving the certificate request. This process is governed by strict CA/Browser Forum EV Guidelines. EV certificates require two authorized individuals from your organization: a Contract Signer (who signs the legal Subscriber Agreement) and a Certificate Approver (who formally authorizes certificate issuance). These can be the same person if they hold the appropriate authority. The issuance timeline is typically 1-5 business days because the CA must complete full Extended Validation. Once issued, your certificate provides the strongest available browser trust indicators. ### The Two EV Product Variants CERTInext offers two variants of the EV certificate, each designed for a different hosting scenario. **EV SSL Certificate** Secures a single primary domain (e.g., yourcompany.com + optionally [www.yourcompany.com](http://www.yourcompany.com)). Ideal for organizations that need the highest trust level on one website. Requires 1 DCV verification. Has 7 Order Actions in Phase 2. **EV SSL Certificate UCC** Secures multiple domain names (up to 4 included, expandable) under one certificate. Ideal for organizations with several websites or portals that all require EV-level trust. Requires one DCV verification per domain. Has 8 Order Actions in Phase 2 (includes Interim DV Certificate action). **Wildcard Domains:** Not supported on EV certificates (CA/Browser Forum policy). **ℹ INFO - Choosing the right EV product** Use EV SSL Certificate if you need the highest identity assurance on exactly one domain. Use EV SSL Certificate UCC if you need EV-level trust across multiple distinct domains (e.g., companyportal.com + companyshop.com + companyintranet.com). **Note**: Wildcard domains (\*.domain.com) are NOT permitted on EV certificates under CA/Browser Forum rules. ### Prerequisites - Before You Begin Have the following ready before starting an application. **CERTInext account** Log in at your organization's CERTInext portal URL. Your administrator provides login credentials. Log in before starting and confirm you have permission to place certificate orders. **Certificate Signing Request (CSR)** A CSR is a block of encrypted text generated on your web server. It contains your public key and basic organizational details. Generate it using your web server software (e.g., OpenSSL, IIS, cPanel) before starting. Generate using a minimum 2048-bit RSA or 256-bit ECDSA key. Ensure the domain in the CSR matches the domain you will enter in Step 5. **Domain name(s) to secure** Know the exact domain(s) you want the certificate to protect. For EV SSL UCC, list all domains upfront. Confirm you own and control the domain(s) as the CA will verify domain ownership during validation. **Organization details** Full legal organization name, registered address, country, state/province, locality, and postal code - exactly as they appear in official government or business registration records. Gather from official company registration documents. Mismatches with registry data are the most common cause of EV validation delays. **DUNS Number or Company Registration Number** A 9-digit DUNS number (from Dun & Bradstreet) or local government-issued company registration number. Used for EV organization identity verification. Find your DUNS number at dnb.com. If your organization does not have one, DUNS registration is free for businesses. **Contract Signer** An authorized individual (e.g., Director, VP, IT Director) with legal authority to sign the Subscriber Agreement on behalf of your organization. Identify this person before starting. They will receive a signing link by email. Can be the same person as the Certificate Approver. **Certificate Approver** An authorized individual (e.g., CISO, IT Director) with authority to approve EV certificate issuance for your organization. Identify this person before starting. They will receive an approval link by email. Can be the same person as the Contract Signer. **Account credit or payment method** Sufficient account credit balance or a payment card for the Pay Online option. Confirm balance or have a payment card ready before proceeding to Step 8. **Access to DNS provider (for DCV)** After payment you must prove domain ownership via DNS. You or your IT/domain administrator will need to create a DNS TXT record at your domain's DNS provider. Coordinate with your DNS administrator in advance. For EV SSL UCC, each domain requires its own TXT record. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.certinext.io/documentation/certificate-lifecycle-management/ordering-a-certificate/as-a-customer/ordering-ev-public-trust-certificates.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.