The first requirement for getting an Organization Validated Code Signing certificate is called Organization Authentication. This is where the Certificate Authority (CA) attempts to verify that your organization is a legitimate legal entity that is active in its registered location.
What is Organization Authentication?
The Organization Authentication requirement is just what it sounds like: the CA is going to verify that your company is a legally registered business. This should be no problem if your records are up to date. But, keep in mind, if your company uses any trade names, assumed names or DBAs you will need to make sure that all of your registration information is accurate and reflects this beforehand.
In the majority of cases the CA will be able to verify this using an Online Government Database. The CA will check the official website in your local municipality, state or country that displays business entity registration status. It goes without saying that the details listed in the government database need to match the details you’ve provided the CA or else a delay will ensue in the issuance of your certificate.
If the CA can’t use an Online Government Database to verify your information – either because yours doesn’t have up-to-date records or doesn’t provide that information at all – don’t worry. There are other methods to satisfy this requirement.
- Official Registration Documents – The CA can also accept official business documents that prove your organization is a legitimate legal entity. These can include articles of incorporation, a chartered license, DBA statements or any other documents that were issued by your local government.
- Dun & Bradstreet – Dun & Bradstreet is a company that provides financial reports on other organizations. The CAs will take a comprehensive DUNS Credit Report to verify specific details associated with your company in order to satisfy this requirement as well.
- Legal Opinion Letter – A Legal Opinion Letter is a document wherein an attorney or accountant essentially vouches for the authenticity of your organization. Sometimes called a Professional Opinion Letter, or POL, this document can be a hassle to obtain but it satisfies three of the four OV requirements so its usefulness is also worth noting. You can learn more about POL’s here.
Any of these methods can be used to satisfy the Organization Authentication requirement should the CAs attempts to use an Online Government Database fail.