SSL EV certificates in Community in the Cloud

[eGullet]

I know that Invision currently supports basic SSL certificates in their Community in the Cloud offerings. Considering that we are now asking people to input their credit card information directly in our sites (at least for some payment methods) it would be REALLY nice to offer Extended Validation certificates so that our donors/purchasers can be confident that their connection is both encrypted and authenticated. I teach computer security classes and my advice to students is to never enter financial information unless they see the green bar.

[MADMAN32395]

On 11/8/2015, 10:48:22, eGullet said:

I know that Invision currently supports basic SSL certificates in their Community in the Cloud offerings. Considering that we are now asking people to input their credit card information directly in our sites (at least for some payment methods) it would be REALLY nice to offer Extended Validation certificates so that our donors/purchasers can be confident that their connection is both encrypted and authenticated. I teach computer security classes and my advice to students is to never enter financial information unless they see the green bar.

sometimes as well the green bar not being displayed can be due to displaying unsecure images. 

[Tracy Perry]

8 minutes ago, MADMAN32395 said:

sometimes as well the green bar not being displayed can be due to displaying unsecure images. 

Oh, but that's not problem.  It's just insecure content being served over a secure connection.

and yes, I'm being sarcastic.  For a long time that was what I was hearing (that it wasn't that important that the green lock show) until IPS finally got the ability to display both in a secure manner.

[Lindy]

We can do EV certificates. As you likely know, the process is much more stringent and involved for EV certs and they're only available to properly registered organizations - so it's not something we promote by default. You are definitely welcome to contact us via a customer service request to discuss for your situation and we'll be happy to help you green bar.

[MADMAN32395]

I personally use a Comodo RSA Domain Validation cert. Validate your domain and youre good (greenbar and such). IIRC still has the same amt of insurance as well.

[Lindy]

34 minutes ago, MADMAN32395 said:

I personally use a Comodo RSA Domain Validation cert. Validate your domain and youre good (greenbar and such). IIRC still has the same amt of insurance as well.

The padlock is not the same as the green bar (i.e.: https://www.invisionpower.com ) and the only way to get the green bar is with an EV certificate. DV is just basic domain validation - they send an e-mail to the WHOIS contact, the contact approves it and you've established you own the domain but nothing else. EV certificates require paperwork proving you're a legitimate, registered and valid organizational entity, have a presence and can be verified by D&B or via written certification from a professional such as your attorney or accountant. 

 

[eGullet]

Thanks, @Lindy -- for the record, I did ask sales about this, and was told you didn't offer it. Glad to hear that's not quite true.

[MADMAN32395]

10 hours ago, Lindy said:

The padlock is not the same as the green bar (i.e.: https://www.invisionpower.com ) and the only way to get the green bar is with an EV certificate. DV is just basic domain validation - they send an e-mail to the WHOIS contact, the contact approves it and you've established you own the domain but nothing else. EV certificates require paperwork proving you're a legitimate, registered and valid organizational entity, have a presence and can be verified by D&B or via written certification from a professional such as your attorney or accountant. 

 

oh yea, i see the difference now. haha.