What are the Validation Requirements for Code Signing Certificates?
If you’re an organization that develops software and applications, you may already know how important it is to sign your software, applications or code with a Code Signing Certificate.
So, what documents do you need to get a Code Signing Certificate? What’s the process?
Let’s take a look,
For organizational validation Code Signing Certificate, there are four requirements
- Organization Authentication: The Certificate Authority (CA), tries to verify the organization is a legal entity and is active at a registered location.
- Locality Presence: Here, the Certificate Authority tries to verify that your company or an organization has a physical presence within the registered state or country.
- Telephone Verification: The Certificate Authority verifies the current and listed telephone number associated with your organization.
- Final Verification Call: As the name implies, you will receive a final verification call from the Certificate Authority, and they will ask you simple questions such as “did you order this?” or “what is the name of your company?” for verifying the order details.
All four of these requirements are processed by checking the information listed in an Online Government Database. In case your data is not up to date and it’s not verified, no need to worry as there are alternate ways:
Official Registration Documents
You can provide these documents issued by your local government that can prove that your organization is a legitimate legal entity, for example:
a. Articles of Incorporation
b. DBA statements
c. A Chartered License
Dun & Bradstreet
To verify details regarding your company, Certificate Authorities (CAs) considers the credit reports of Dun & Bradstreet to be reliable because it’s one of the most well-known financial reporting companies in the world. A DNB report will satisfy three of the requirements,
a. Operational Existence
b. Physical Address
c. Telephone Verification
Legal Opinion Letter
A Legal Opinion Letter also called a Professional Opinion Letter (POL), is a letter written by an attorney or accountant, to vouch for the authenticity of a company or organization. The main benefit it offers is that it helps to satisfy multiple requirements:
b. Organization Authentication
c. Employment Verification
d. Physical Address
e. Telephone Verification
Recognized Third-Party Directory
If your business or organization details are listed in a trusted third-party directory such as:
a. The Yellow Pages
and the listing matches with the information you provided, CAs will accept it to verify your Telephone Number.
Note: Only third-party telephone listings from Dun and Bradstreet or Better Business Bureau are accepted by Comodo CA/Sectigo (Only for US Businesses).