To issue an Organization validated SSL certificate the issuer need to submit valid business documents which helps Certificate authority to understand that business is genuine. Certificate issuer have to submit same documents to issue an Organization validation & Code Signing Certificate.
OV SSL and Code Signing Certificate Validation
1) Issuer’s Identify Verification
Issuer as Business
If the SSL Issuer business is from a wide corporation, government agency, or a registered business; to verify issuer’s identity following documents are mandatory.
- Issuer’s legal creation, recognition or existence record from a government agency
- An Attestation Letter approved by Certificate Authority
- CA considers an updated third party database as legal data source for identification
- Website must be live, CA or Third party may visit it too…
Officially approved data sources: QIIS (Qualified Independent Information Source)
Organization Address Verification
- Legal business license with address issued by government
- Article of incorporation with address
- Recent bank statement
- Recent Telephone/Landline or Internet Bill
- Recent major utility bills (Electricity, water, etc…)
- Current lease agreement with address (optional)
Issuer as Individual
Issuer’s address verification
- Issuer’s passport, license or other copy
- Any utility paid for that organization (Telephone bill, electricity bill, tax bill, etc…)
2) Domain Registrar Verification
- Require to verify WhoIs verification of that domain.
3) Domain Control Validation (DCV)
4) Verification via Call
- Certificate authority call back to the issuer on the given business phone number. But the phone number should follow below criteria.
- Must be added in a third-party database
- Must be added in government databases
- Must be added in accountant letter or legal opinion letter.
One the certificate completes the above verification process and if they satisfy, they approve issuer’s request to approve the SSL Certificate.