Who Actually Sees the Green Bar for EV SSL Certificates?

We’ve received a few support questions as of late asking about who can or cannot see the green bar and company name in a web browser that accompanies an EV SSL certificate. An EV SSL certificate is one where your organization’s identity is confirmed as legitimate. In return, web browsers that go to secure pages protected by an EV cert will display the URL address bar in green, and display the full company name as well.

Although the majority of web browsers and operating systems will display these security enhancements (more than 75% according to Tim Callan of VeriSign) , there are a few gotchas / situations to be aware of…

Internet Explorer 6 and Firefox 2.x – No native support

If you or your customers are one of the few percentage of people still running Internet Explorer 6 or Firefox 2, then you’re out of luck. There is no native support in either of these old browsers for displaying the green bar for an EV certificate.

The green bar functionality could be added to either browser via a plugin, but it’s not likely many users who are still running ancient versions would have this plugin installed. Fortunately, less than 10% are using IE6, and less than 1.5% are using FF2 (W3Counter, March 2010).

Internet Explorer 7 with Windows XP – a little tricky

Although IE 7 does natively support the green bar, those using Windows XP as their operating system may not see the bar for a few reasons:

  • The Phishing Filter is disabled (Tools -> Phishing Filter)
  • Any insecure items on a secure page, or certificate errors (intermediate, etc…) will disable the green bar
  • The user has not applied the Windows update for an updated “root certificate”

Internet Explorer 8 with Windows XP – SmartFilter

For Windows XP users using IE8 as their browser, there is a little known requirement for the green bar to appear:

  • The SmartScreen Filter feature in IE8 must be enabled (Tools -> Options -> Advanced)
    (or right click the little square at the bottom right of the screen next to the globe)

Vista, Windows 7, with IE7+, FF3 – No problem

For these more modern operating systems, EV green bar technology is natively supported. No plugins, no weird settings in the browser. It just works. The good news is as more people upgrade from XP to Windows 7, this will become the norm.

The rest: Safari, Opera, Chrome

Chrome supports EV in all versions. Safari does in versions 3.2 and higher, and Opera does in version 9.5 and up.

With over 20,000 EV SSL certificates in use as of December 2009 (Netcraft December 2009 survey), EV is becoming more mainstream in terms of the average customer recognizing the green bar (and soon to be expecting the green bar for all secure transactions). And as the number of people using old operating systems and old browsers dwindles, the green bar will be as accepted as the padlock is today in terms of re-assuring customers at the time of purchase.

Photo credit

Looking for a web host that understands ecommerce and business hosting?
Check us out today!

10 Comments

  1. Mike Masin says:

    Thanks Rob, that will help diagnose “where’s the greenbar” problems. For the record, I look for an EV cert and I’m dismayed that some financial institutions don’t have one for online transactions.

    • I agree Mike. It seems like a “no brainer” for any organization handling sensitive data to add an additional layer of security that is easily visible to the end user. It’s a simple way to cut down on phishing and fraud where the phisher’s goal is to trick the end user as to which site they are actually on.

  2. Allen Kelly says:

    Another great article on EV SSL, Rob!

  3. Joseph A'Deo says:

    I also work for VeriSign and find it strange that not all banks and other financial sites have jumped on this — I believe it’s actually mandatory for some federal urls, such as any online tax filer.

    Anyhow, a note on EV SSL certs — if you can’t see the green url bar but are pretty sure a site has it you can always check the padlock, or see if the site has a VeriSign Secured Seal (a little logo advertisement of our ssl certs). A newer trust mark we have out is the VeriSign Trust Seal, an authentication product (with daily malware scanning) for sites that don’t NEED ssl for whatever reason (ie, they use a paypal shopping cart). Just another way of knowing that a particular site is safe to browse. The green url bar is a great indicator, but it’s not the end all be all, of course.

    • Thanks for the feedback Joseph! Hopefully as consumers become more educated and EV becomes more widely adopted, people will find the green bar to be synonymous with the padlock. But as you mentioned, there are a number of other ways people can verify a site/page is secure.

  4. Paul Gailey says:

    why is the smartscreen filter not ticked by default for XP users with IE8?

  5. There’s an updated list with screenshots of how the different browsers show EV vs Standard certs at https://www.expeditedssl.com/pages/visual-security-browser-ssl-icons-and-design.html

Leave a Reply to Robert Mangiafico