Questions
Why
is it important for VeriSign to verify my business identity?
How
did VeriSign set their validation process?
What
will I need to provide in order for VeriSign to verify my business identity?
What
type of documentation does VeriSign require for Extended Validation
SSL Certificates?
How
long does verification take?
Which
VeriSign products and services require business identity verification?
What
measures does VeriSign take to make sure its business identity verification
is accurate?
Answers
Why is it important for VeriSign
to verify my business identity?
How does an online customer know the Main Street
Flower Shop is a real business and their information is safe when they
place an order? More and more customers look for evidence of encryption
and third-party business identity authentication. When VeriSign verifies
your information during the enrollment process, we use the information
to provide third-party verification that your customers will trust.
How did VeriSign set their
validation process?
Our authentication and verification procedures
are based on years of practice authenticating commercial businesses.
These procedures are audited annually by KPMG using Statement of Auditing
Standard 70 Type II, established by the American Institute of Certified
Public Accountants. VeriSign is a leading Certificate Authority, securing
more than 500,000 Web servers, and contributor to the High Assurance
standard as a member of the CA/Browser Forum.
What
will I need to provide in order for VeriSign to verify my business identity?
When you request an SSL Certificate or a Managed PKI
for SSL account, VeriSign must verify the existence of your business,
the ownership of your domain name, and your employment status. We may
require official government documentation proving your right to do business.
These may include:
- Articles of Incorporation
- Certificate of Formation
- Charter Documents
- Business License
- Doing Business As
- Registration of
Trade Name
- Partnership Papers
- Fictitious Name
Statement
- Vendor/Reseller/Merchant
License
- Merchant certificate
If we cannot automatically authenticate your company's
management responsibility for the domain name that is associated with
the SSL Certificate, we will require an authorization letter from that
domain's owner. This step prevents applicants from fraudulently or accidentally
obtaining SSL Certificates for inappropriate domains.
What type of documentation
does VeriSign require for Extended Validation SSL Certificates?
In addition to the requirements described above,
a legal opinion letter may be required to confirm that the requestor
has the authority to obtain SSL Certificate(s) on behalf of the company.
The legal opinion letter also may be used to confirm the organization
registration, organization address, telephone number, domain ownership,
and the organization’s business status. The physical address may, alternatively,
be confirmed by a physical site visit. Once confirmed, the requestor
may be able to purchase additional SSL Certificates based on the original
letter. If a legal opinion letter cannot be obtained, our Certification
Practice Statement outlines alternate authentication
and verification processes.
How
long does verification take?
Authentication for new certificates could take as
little as 2 hours or up to several days, depending on the verification
information you provide. VeriSign guarantees express
delivery for VeriSign Secure Site Pro for businesses located
in the United States that pay with a valid credit card, have a Dun and
Bradstreet DUNS number and a valid domain name as stated in VeriSign’s Certification
Practice Statement. The express delivery guarantee does not
apply to Secure Site Pro with EV or Secure Site with EV SSL Certificates.
Processing times for Extended Validation SSL Certificates may take longer
due to additional verification requirements mandated by the Extended
Validation SSL Standard.
Which
VeriSign SSL products and services require business identity verification?
All VeriSign SSL services require business identity
authentication. With Managed PKI for SSL services, once administrators
are enrolled they become the Certificate Authority for their organization.
They authenticate the identity of internal certificate applications
and offer instant issuance of SSL Certificates. If Managed PKI for SSL
will be used to purchase Extended Validation SSL Certificates, the customer
must go through additional steps to qualify to request Extended Validation
SSL Certificates. Managed PKI for SSL accounts with Extended Validation
Certificates will be validated each year.
What measures does VeriSign
take to make sure its business identity verification is accurate?
VeriSign uses a rigorous and independently
audited authentication process based on more than 10 years of practice.
All VeriSign employees involved in the authentication process must pass
stringent background checks. Each authentication is handled by multiple
individuals. We maintain physically secure facilities, including biometric
screening on entry. VeriSign is a leading contributor to the emerging
Extended Validation SSL standard.
Worldwide Sites
