Organization Authentication, also known as business identity authentication, is a high assurance level of authentication. SSL certificates with this level of authentication require verification of an organization’s existence through a government issued business credential. Validation includes among others business identity authentication, domain name verification and verification that the organizational contact applying for the certificate on behalf of the company or organization is an employee of that organization.
Getting a Certificate with Organization Authentication
Usually, the certificate authority will get the independent verification of government issued business credentials by searching one of many government or private databases to which they have access. If we cannot find “proof of right” to do business in the stated name for a certificate requester, we may request a copy of one of the following items:
- Articles of Incorporation
- Business License
- Certificate of Formation
- Doing Business As
- Registration of Trade Name
- Charter Documents
- Partnership Papers
- Fictitious Name Statement
- Vendor/Reseller/Merchant License
- Merchant Certificate
- US Tax Licenses for non-profit organizations and sole proprietorships (in either case the state tax documents must list the organization as non-profit or sole proprietor)
The organization named in the certificate requester’s distinguished name (CSR) must reflect the full legal name of their business. If the official name of the business as listed in one of the above sources of business credentials does not match the distinguished name, we will not be able to accept it. Suffixes such as “Inc, LLC, or LP” can be disregarded.
For example: "Dina's Cafe" may be used to authenticate "Dina's Cafe Inc." However, "Dina's Cafe" may not be used to authenticate "Dina's Cafe and Gift Shop Inc." In addition to the business credential verification, every certificate order goes through domain name verification. The organization ordering the SSL certificate must own their website domain name or have proof that they have the legal right to use that domain name. We also verify that the organizational contact applying for the certificate on behalf of the company or organization is an employee of that organization.