What types of validations are available?

There are three possible validations for our products so that an SSL certificate can be issued by Symantec / Sectigo.

Domain validation

Certificates with domain authentication constitute the lowest possible authentication level available and are suitable for organizations where encryption is the main priority.

A company requesting a certificate with domain authentication will be subject to a certification process to establish that the requested domain name belongs to the company and that the company has the right to use this domain name.

Sectigo will also verify that the e-mail address of the contact person requesting the certificate is listed in the WHOIS list, and that it meets the requirements for e-mail addresses.

Full company authentication (organization)

Authentication of a business identity, also called company authentication, offers a high level of security.

For SSL certificates at this level of authentication, the existence of an organization will be verified through official documents. Usually, Symantec/Sectigo will gather this independent confirmation from public and private databases. If Symantec/Sectigo cannot find proof that the applicant is entitled to such a certificate, the following documents may be required by Symantec/Sectigo:

  • Certificate of incorporation
  • Trading certificate
  • Founding certificate
  • Company name
  • Brand registration
  • Founding documents
  • Partnership contracts
  • Explanation of fictitious name
  • Licenses for vendors, retailers, merchants
  • List of retailers

The organization's name, stated as a Distinguished Name (CSR) for the applicant of the certificate, must correspond with the full legal name of the organization. Symantec/Sectigo can not accept any application where the full company name, as stated in one of the documents above, does not correspond with the Distinguished Name of the applicant.

Designations such as AG, GmbH, etc. may be disregarded. For example, "Diana's Coffee Shop" may be used to authenticate "Diana's Coffee Shop AG", but "Diana's Coffee Shop" may not be used to authenticate "Diana's Coffee and Gift Shop AG". Business identity and the domain name of the applicant will be verified for any certificate application. The organization requesting the SSL certificate must own the domain name or provide proof that it has the right to use said domain name.

Symantec/Sectigo will also verify that the person requesting the certificate for the company or organization is employed by the organization.

Extended Validation

Symantec/Sectigo requires signed contract confirmation from the contact person named by the company on the application for an EV SSL certificate. If Symantec/Sectigo is not able to confirm the organizations data by means of a public or private database, register extracts will be required.

A legal opinion may be necessary to confirm the following particulars of a company requesting an EV SSL certificate:

  • Actual address of the companys place of business
  • Telephone number
  • Confirmation of the exclusive right to use the domain
  • Additional confirmation about the existence of the company if said company is less than three years old
  • Confirmation of employment of the contact person of the company

These methods are standard procedures used for the verification of identities to confirm information given by companies for EV SSL certificates. Documentation requirements may vary depending on the amount of information available in various legitimate online databases.

 

Unable to find what you were looking for?

Our support experts are happy to assist you personally!

 

© 2001 - Hostpoint AG