 |
SSL Certificates FAQ
|
|
|
Business Identity Authentication
Questions
Why
is it important for VeriSign to verify my business identity?
How
did VeriSign set their validation process?
What
will I need to provide in order for VeriSign to verify my business identity?
What
type of documentation does VeriSign require for Extended Validation
SSL Certificates?
How
long does verification take?
Which
VeriSign products and services require business identity verification?
What
measures does VeriSign take to make sure its business identity verification
is accurate?
Answers
Why is it important for VeriSign
to verify my business identity?
How does an online customer know the High Street
Flower Shop is a real business and their information is safe when they
place an order? More and more customers look for evidence of encryption
and third-party business identity authentication. When VeriSign verifies
your information during the enrolment process, we use the information
to provide third-party verification that your customers will trust.
VeriSign is the world’s leading Certificate
Authority, securing more than 450,000 Web sites. Our authentication
and verification procedures are based on years of practice, authenticating
more than half a million commercial businesses. These procedures are
audited annually by KPMG using Statement of Auditing Standard 70 Type
II, established by the American Institute of Certified Public Accountants.
How did VeriSign set their
validation process?
Our authentication and verification procedures
are based on years of practice authenticating commercial businesses.
These procedures are audited annually by KPMG using Statement of Auditing
Standard 70 Type II, established by the American Institute of Certified
Public Accountants. VeriSign is a leading Certificate Authority, securing
more than 500,000 Web servers, and contributor to the High Assurance
standard as a member of the CA/Browser Forum.
What will I need to provide
in order for VeriSign to verify my business identity?
When you request an SSL Certificate or a Managed
PKI for SSL account, VeriSign must verify the existence of your business,
the ownership of your domain name, and your employment status. We may
require official government documentation proving your right to do business.
These may include:
- Articles of Incorporation
- Certificate of Formation
- Charter Documents
- Business Licence
- Doing Business As
- Registration of
Trade Name
- Partnership Papers
- Fictitious Name
Statement
- Vendor/Reseller/Merchant
Licence
- Merchant certificate
If we cannot automatically authenticate your
company's management responsibility for the domain name that is associated
with the SSL Certificate, we will require an authorisation letter from
that domain's owner. This step prevents applicants from fraudulently
or accidentally obtaining SSL Certificates for inappropriate domains.
What type of documentation
does VeriSign require for Extended Validation SSL Certificates?
In addition to the requirements described above,
a legal opinion letter may be required to confirm that the requestor
has the authority to obtain SSL Certificate(s) on behalf of the company.
The legal opinion letter may also be used to confirm the organisation
registration, organisation address, telephone number, domain ownership,
and the organisation’s business status. The physical address may, alternatively,
be confirmed by a physical site visit. Once confirmed, the requestor
may be able to purchase additional SSL Certificates based on the original
letter. If a legal opinion letter cannot be obtained, our Certification
Practice Statement outlines alternate authentication and
verification processes.
How long does verification
take?
Authentication for new certificates could take
as little as 2 hours or up to several days, depending on the verification
information you provide. Processing times for Extended Validation SSL
Certificates may take longer due to additional verification requirements
mandated by the Extended Validation SSL Standard.
Which VeriSign SSL products
and services require business identity verification?
All VeriSign SSL services require business
identity authentication. With Managed PKI for SSL services, once administrators
are enrolled they become the Certificate Authority for their organisation.
They authenticate the identity of internal certificate applications
and offer instant issuance of SSL Certificates. If Managed PKI for SSL
will be used to purchase Extended Validation SSL Certificates, the customer
must go through additional steps to qualify to request Extended Validation
SSL Certificates. Managed PKI for SSL accounts with Extended Validation
Certificates will be validated each year.
What measures does VeriSign
take to make sure its business identity verification is accurate?
VeriSign uses a rigorous and independently
audited authentication process based on more than 10 years of practice.
All VeriSign employees involved in the authentication process must pass
stringent background checks. Each authentication is handled by multiple
individuals. We maintain physically secure facilities, including biometric
screening on entry. VeriSign is a leading contributor to the emerging
Extended Validation SSL standard.
|
|
