





Software development companies don’t need an explanation of why Code Signing certificates are essential. But someone looking for an extra edge such as instant trust in Microsoft SmartScreen and prevention of “Unknown Publisher” warning. In that case, the EV Code Signing certificate offered by certificate authorities like Sectigo or Comodo is the way to go.
But what documents you need to submit is also a task that shouldn’t be taken lightly, as even forgetting to submit one document can lead to a delay in issuance. Henceforth, here’s the detailed guide on what documents you’ll need to submit to complete the validation process and get the EV Code Signing certificate issued on time.
Let’s find out in detail what you must do to complete the validation process and get your software signing certificate issued.
It’s a simple form sent by the certificate authority once you purchase your EV Code Signing certificate. You simply need to fill out the form and send it back to the certificate authority.
Also called an Acknowledgement of Agreement, it’s a single-page form that requires basic details about:
In this step, the certificate authority does the verification of your organization/company to know it’s active at a registered place and it’s legal.
The certificate authority verifies the Online Government Data, and it could be your local municipality, state, or country that displays the Organization’s/Company’s incorporation date. Similarly, if the organization/company has been well-established and active for more than three years, then it shouldn’t be an issue.
For completing this physical address verification to prove the establishment and registration of your company/organization, you have to give proof that it really exists. The certificate authority verifies information from an Online Government Database that could be of your local municipality, state, or country. Similarly, all the information should match exactly with the information you gave in the Enrollment Form. And CAs (Certificate Authorities) don’t accept information such as PO Boxes or any company information which is registered abroad.
Once the physical address is verified, the certificate authority verifies the telephone number. Similarly, your telephone number should be listed in acceptable and known Telephone Directories along with the verified business name, corporate identifiers such as LLC, and a complete physical address.
In this step, the certificate authority verifies the executive name through an Online Government Database, which could be a local municipality, state, or country. And suppose the person’s name isn’t available in the online Government database; the certificate authority should have the contact details of the company’s HR/Payroll Manager or any Entity Member. So CA can contact and ensure the applicant is a full-time employee and authorized to get an EV Code Signing certificate.
It’s the last verification step, where the certificate authority does a final verification call by dialing a business telephone number. Here CA speaks with an applicant and confirms the order details. And if the number doesn’t connect directly with the organizational person who applied for the EV Code Signing certificate and instead connects with IVR (Interactive Voice Response), needs to dial Extension or first connect with the receptionist, the CA will go through the system.
All these validation requirements are expected to be found and verified with the information readily available in an Online Government Database. However, if any information is not found or not latest and verification doesn’t complete, then there are some alternatives, and they’re as under.
If you cannot complete the Enrollment Form for any reason, then you can mail the papers to the certificate authority’s physical address or even fax them.
Suppose you cannot complete verification of the Organization/Company’s operational existence or verification of Physical Address.
In that case, you have an alternative of providing documents issued by the local government like:
A legal Opinion Letter also called a Professional Opinion Letter (POL), is a letter issued by an accountant or an attorney who vouches for your company’s authenticity.
It helps to fulfill five different authentication requirements:
If your company’s telephone number isn’t verified, then the alternative way the certificate authority chooses to go is to find the listing of your company with a telephone number that you gave in an enrollment form with third-party directories like:
Note: Comodo and Sectigo accept Better Business Bureau telephone listings or Dun & Bradstreet only for US businesses.
If your company hasn’t been actively operating for equal to or more than 3 years, then a certificate authority like Sectigo accepts a letter from the Bank that says your company has an active checking account (Demand Deposit) with them.
And once all the verification requirements are satisfied and completed, the certificate authority will send you a physical mail package at the verified business address that includes an EV Code Signing certificate. Similarly, this EV Code Signing Certificate validation takes around 1 to 5 business days.