Before EV SSL certificate activation, we recommend you check the list of EV SSL enrollment and validation requirements. An EV SSL certificate comes with extended validation of the organization and web entity.
Note: Most businesses for which EV SSL certificates are used are private organizations, like Corporations: with Inc. suffixes (US), Limited Liability Companies: LLC (US), Ltd. (UK), Pty. Ltd. (AUS), GmbH (Germany), Limited Liability Partnerships, etc.
A private organization is an entity which legal existence is created or recognized by a filing with the Incorporating or Registration Agency in its Jurisdiction of Incorporation or Registration (e.g., by issuance of a certificate of incorporation, registration number, etc.) or created or recognized by a Government Agency (e.g., under a charter, treaty, convention, or an equivalent recognition instrument).
According to the EV guidelines, this includes the following stages.
1. Certificate activation and domain validation
- CSR (Certificate Signing Request): This can be requested from your web hosting provider or generated with available server-side tools. The CSR must contain valid organization and organization unit names, country and state/province info.
- A valid email address listed on Whois record for the domain and/or one of the standard emails: email@example.com for domain validation. Else, on of the alternative DCV methods can be used.
- Contact details for a full-time company employee who’s involved in requesting the certificate and agreeing to terms and conditions. The details are to be filled in during the activation.
2. Requirements for organization validation
- A registered and verifiable record of the company with a government registration authority for your country;
- A record in a Qualified Independent Information Source (e.g. www.dnb.com / www.dnbdirect.ca / www.upik.de);
- A legal opinion or notary letter or certified public accountant letter confirming the business operational existence and the fact of EV SSL certificate order.
- Verifying legal existence and identity – verifying the organization’s registration directly with an incorporating or registration agency. Sectigo CA may ask for the copy of Articles of Incorporation, Certificate of Formation or other business registration document. In this case, the Certificate Authority should make a call to the registration authority and verify if the organization is active or not.
- Verifying trade/assumed name – applicable if the company conducts business under a name different from the official name of the corporation.
- Verifying operational existence – typically, this means that the company has a current active demand deposit account with a regulated financial institution. The following details can be accepted by the CA to verify the operational existence:
1) The Organization has been in existence for at least three years.
2) The Organization is registered in the Dun & Bradstreet database or Qualified Government Tax database.
3) The Organization has an active demand deposit account which can be proved by a bank statement.
4) A professional opinion letter which proves that the Organization has an active demand deposit account with a bank.
- Verifying physical address – the Certificate Authority must verify that the physical address provided by the Applicant is an address where the organization conducts business operations (not a mail drop, P.O. box or an address for an agent of the Organization). This address will be included into the body of the SSL certificate after verification. It is typically verified through a public phone directory (world.192.com; yellowpages.com etc.).
- Verifying organization phone number -the phone number for callback verification is checked via government database, reliable third-party database (Dun and Bradstreet, Hoovers, Bloomberg, etc.) or with the help of professional opinion letter* (legal opinion letter or accountant letter). As government databases mostly do not allow including the company’s telephone number, we suggest registering your company in the worldwide business database, Dun and Bradstreet.
Note: The registration process is free of charge and usually takes 7-10 days (in some cases, up to 30 days) to allocate a special D-U-N-S number for your organization. You may not be aware of the fact that D&B has already assigned this number to your company based on the information provided by the registration agency or business partners. Fortunately, they have an online search service or a very convenient database with free access where you can check whether your organization is listed or not.
If you do not have time to wait for an update, please consider a Professional Opinion Letter or a domain validation certificate on a temporary basis.
The CA must call the verified organization’s phone number and make sure that: 1) The person mentioned in the Subscriber Agreement did sign the contract with Comodo (now Sectigo); 2) The Contract Signer is a full-time employee authorized to order the certificate on behalf of the organization.
- Verifying the name, title, authority and signature of the person(s) who request the certificate and agree to the terms and conditions.
Note* Legal Opinion Letter signed by a Lawyer, Public Notary or Certified Public Accountant can be used in case you need to verify the company details urgently or if any of the required details are missing in the government/independent directory documentary. The person who signs the legal opinion or accountant letter should have a valid license within the country where the organization is registered or the country where the organization maintains an office or a physical facility. To expedite the validation process, we highly recommend requesting a Professional Opinion from a person who speaks English so that he or she can confirm the signature during phone verification with a Comodo (now Sectigo CA) validation agent. The email should include:
- Legal name of the organization
- Trade name or DBA name (if required)
- Street address
- Telephone number
- Bank account – “Bank Name”, “Account Number”
- Manual or digital signature
- First and last name of the person who signed the letter
The template for a legal opinion or an accountant letter can be downloaded here.
With all this in hand, you should be all set to proceed with certificate activation.
3. Additional information
For more information on the validation requirements, you may also want to check the Original Reference Sources of Comodo (now Sectigo) articles: What is required for validation?, The EV SSL Validation Process.
Log in under your account and go to the “Purchased Certs” menu. From there, you will be able to activate your certificate, that is, to send your request to the Certificate Authority who will perform the validation checks required for an Extended Validation certificate.
Upon completion of the in-account SSL certificate activation, your EV SSL certificate request will be sent to the Certificate Authority. Shortly after activation, you will receive an order acknowledgment email.
Initial EV SSL certificate request processing time is 48 hours, during which the Certificate Authority (CA) attempts to find your company information in the mentioned source. If they fail to find it, the CA will send an email to the person assigned as Admin contact for this SSL certificate request (these contacts are assigned at the last step of certificate activation).
Note: Please mind that 10 business days is a normal time frame for EV certificate issuance.
Below you can find the link to Comodo Live chat support system which you can use to directly get in touch with the Certificate Authority regarding your order status and validation progress.
Note: In all communication with Comodo Certificate Authority, please quote your CA order ID. To find this, go to the "Purchased certs" list, click on the certificate ID and scroll down the page to “CA Order #”. The order acknowledgment email will include your CA order number as well.