thawte homepage
worldwide sites: DeutschEspañolFrançaisItaliano
quick login: [ sitemap ]
SSL Web Server Certificates with EV
EV FAQs
Contact Sales:

US: +1 888 484 2983
Int: +27 21 937 8902
Submit Enquiry Online
Download Product Overview Sheet
[ PDF Version ]
thawte ssl certificate chat
EV Upgrader™
[ Automatic root upgrader for IE7 clients to see the trustworthy Extended Validation green bar interface ]

Overview



EV Upgrader™ from thawte automatically upgrades Internet Explorer 7 (IE7) clients running on Windows XP systems to display the new Extended Validation (EV) SSL user interface enhancements. As a result, more of your web site visitors will see the highly recognizable green address bar and security status bar activated by your thawte SSL Web Server Certificate with EV. This feature comes free of charge when you purchase an EV SSL Certificate from thawte.

EV Upgrader is very easy to install, and the upgrade process is transparent to users. EV Upgrader comes embedded in the thawte Trusted Site Seal. By simply placing the seal on your site, you have also installed EV Upgrader. Click here to find out more about the thawte Trusted Site Seal.

The challenge faced by Windows XP users
In order to display the advanced EV interface features, a web client visiting your web site must have a thawte EV SSL root locally resident. Microsoft Vista systems automatically update local root stores on a regular basis so all IE7 clients running on Vista will already have the thawte EV SSL root. Windows XP root store updates are triggered on demand. An IE7 client on Windows XP will be prompted to download the latest root from the Microsoft root store the first time it encounters a site with a certificate signed only with a root not already resident in the local root store.

The thawte Web Server Certificate with EV is signed with two roots. One root is the EV root and the other is a traditional non-EV root. This traditional root is included in the certificate so older browser clients not able to recognize EV still recognize the SSL certificate and thus will initiate an SSL protected session. By signing the certificate with both roots, thawte helps ensure that the maximum number of clients possible viewing the web site will experience an SSL secured session. However, an IE7 client on Windows XP that is capable of recognizing an EV root but does not yet have the EV root locally resident may not attempt to download the new EV root when it visits a site with an SSL Web Server Certificate with EV. This is because the client system can match the non-EV SSL root with one already in its local root store. So, an SSL protected session is initiated but the EV interface is not enabled. thawte’s EV Upgrader solves this by triggering Windows XP to make a root update to the client.

thawte EV Upgrader solution
When a client visits a site that has thawte’s EV Upgrader installed on it, the client will be automatically directed via a hyperlink to visit a beacon site that has a thawte EV SSL Certificate signed with only an EV SSL root. (This process runs in the background and should be invisible to the end user on the client system.) Visiting this site will prompt the client Windows XP system to initiate an update. It will reach out to a Microsoft update server to download the latest thawte EV SSL root from the Microsoft root store. This update is a feature of Windows XP and completely transparent to the user. The update occurs almost instantaneously and often the EV green bar and security status bar will appear as soon as the browser page is refreshed. From that point forward every time that client visits a site with an EV SSL Certificate from thawte, it will display the EV user interface features. Only in the rare occasion that a client has disabled the Phishing filter in their browser will the EV green bar and security status bar not display. This is remedied when the client reactivates the Phishing filter.
Free SSL Trial
Pricing
Get a Quote
Contact Sales