There are three possible validations for our products so that an SSL certificate can be issued by Sectigo.
Domain validation
The lowest available authentication level are certificates with domain authentication. These are suitable for private individuals and organisations that value encryption. DNS, file or e-mail validation is used to check whether the corresponding domain belongs to the applicant or may be used by him.
Full company authentication (organization)
Authentication of a business identity, also called company authentication, offers a high level of security.
For SSL certificates at this level of authentication, the existence of an organization will be verified through official documents. Usually, Sectigo will gather this independent confirmation from public and private databases. If Sectigo cannot find proof that the applicant is entitled to such a certificate, the following documents may be required by Sectigo:
- Certificate of incorporation
- Trading certificate
- Founding certificate
- Company name
- Brand registration
- Founding documents
- Partnership contracts
- Explanation of fictitious name
- Licenses for vendors, retailers, merchants
- List of retailers
The organization's name, stated as a Distinguished Name (CSR) for the applicant of the certificate, must correspond with the full legal name of the organization. Sectigo can not accept any application where the full company name, as stated in one of the documents above, does not correspond with the Distinguished Name of the applicant.
Designations such as AG, GmbH, etc. may be disregarded. For example, "Diana's Coffee Shop" may be used to authenticate "Diana's Coffee Shop AG", but "Diana's Coffee Shop" may not be used to authenticate "Diana's Coffee and Gift Shop AG". Business identity and the domain name of the applicant will be verified for any certificate application. The organization requesting the SSL certificate must own the domain name or provide proof that it has the right to use said domain name.
Sectigo will also verify that the person requesting the certificate for the company or organization is employed by the organization.
Extended Validation
Sectigo requires signed contract confirmation from the contact person named by the company on the application for an EV SSL certificate. If Sectigo is not able to confirm the organizations data by means of a public or private database, register extracts will be required.
A legal opinion may be necessary to confirm the following particulars of a company requesting an EV SSL certificate:
- Actual address of the companys place of business
- Telephone number
- Confirmation of the exclusive right to use the domain
- Additional confirmation about the existence of the company if said company is less than three years old
- Confirmation of employment of the contact person of the company
These methods are standard procedures used for the verification of identities to confirm information given by companies for EV SSL certificates. Documentation requirements may vary depending on the amount of information available in various legitimate online databases.
For support requests please use this form instead.