How do CAs validate your organisation?
Updated: 19 Nov 2024
Article #: 21
Although the CAs can't go into specifics about what goes on behind the scenes in their organization validation process, here are a few key things to help you understand what to expect after you place an order.
To verify your organization's existence, status, etc., the CAs check corporate registries, such as local government registration records, Dun & Bradstreet, and Google Maps. We also check for a history of fraud or phishing and whether your organization is in government-restricted entities or anti-terrorism databases.
Additionally, they must verify the organization requesting the certificate is, in fact, the organization that gets the certificate.
Here are some details we check:
Organization type
Verify what type of organization they are issuing to, such as banks, universities, businesses, non-profits, etc.
Organization status
Verify the organization's status and if it is still an active business.
Legal address
Verify the legal, physical address of the organization.
Blocklists
Verify the organization doesn't appear on any "do not issue" lists for organizations or for the country where the organization is located.
Fraud and phishing lists
Verify the organization doesn't appear on "bad actor" lists.
Request authenticity
Confirm the certificate requestor's authority to order a certificate for your organization. See How do we confirm your authority?
Most of the organization verification work is done on their end. They generally ask for very little help from you. However, a CA validation agent may contact you for an "acceptable" document to help them confirm your organization is legally and lawfully formed. For more information about providing "acceptable" documents, see SSL Certificate Validation Process.
To verify your organization's existence, status, etc., the CAs check corporate registries, such as local government registration records, Dun & Bradstreet, and Google Maps. We also check for a history of fraud or phishing and whether your organization is in government-restricted entities or anti-terrorism databases.
Additionally, they must verify the organization requesting the certificate is, in fact, the organization that gets the certificate.
Here are some details we check:
Organization type
Verify what type of organization they are issuing to, such as banks, universities, businesses, non-profits, etc.
Organization status
Verify the organization's status and if it is still an active business.
Legal address
Verify the legal, physical address of the organization.
Blocklists
Verify the organization doesn't appear on any "do not issue" lists for organizations or for the country where the organization is located.
Fraud and phishing lists
Verify the organization doesn't appear on "bad actor" lists.
Request authenticity
Confirm the certificate requestor's authority to order a certificate for your organization. See How do we confirm your authority?
Most of the organization verification work is done on their end. They generally ask for very little help from you. However, a CA validation agent may contact you for an "acceptable" document to help them confirm your organization is legally and lawfully formed. For more information about providing "acceptable" documents, see SSL Certificate Validation Process.
|
Rate this Topic:
|
|||
|
