ToolBox -

A browser identifies an SSL Certificate as authentic by checking to see if the certificate matches a valid SSL root resident on the client machine. VeriSign signs every EV SSL Certificate with two roots: an EV root and a traditional SSL root. With two roots, every browser will identify a valid SSL root, even older browsers that do not yet recognize EV. IE7 is designed to recognize Extended Validation, but may not correctly display in Windows XP because the traditional SSL root is matched rather than the EV root. Internet Windows XP systems do not automatically update the root store. Developed before the EV standard existed, Windows XP systems do not have the EV root locally resident unless it has been manually updated and, because the browser recognizes the traditional SSL root, it has no trigger to update the root store. VeriSign EV Upgrader technology, built directly into the VeriSign Secured® Seal, will trigger this manual update. Explorer 7 on Vista is designed to automatically update the root store on a weekly basis and should always recognize an EV Certificate and display it appropriately.