EV Code Signing Certificate – What Documents You Must Submit to Get It Issued?
Here’s the List of Documents You Need to Submit to Get an EV Code Signing Certificate Issued
Software development companies don’t need an explanation of why Code Signing certificates are essential. But someone looking for an extra edge such as instant trust in Microsoft SmartScreen and prevention of “Unknown Publisher” warning.
In that case, the EV Code Signing certificate offered by certificate authorities like Sectigo or Comodo is the way to go.
However, deciding what documents you need to submit is also a task that shouldn’t be taken lightly, as even forgetting to submit one document can delay issuance.
Henceforth, here’s the detailed guide on what documents you must submit to complete the validation process and get the EV Code Signing certificate issued on time.
Here’s the List of Requirements You Need to Complete
- Enrollment Form – Filling and giving back to the certificate authority
- Organization Authentication
- Operational Existence
- Physical Address
- Telephone Numbers in Recognized Third-Party Directories
- Employment Verification
- Final Verification Call
Let’s find out in detail what you must do to complete the validation process and issue your software signing certificate.
1. Enrollment Form
It’s a simple form the certificate authority sends once you purchase your EV Code Signing certificate. You need to fill out the form and send it back to the certificate authority.
Also called an Acknowledgement of Agreement, it’s a single-page form that requires basic details about:
- Name of your Organization
- The official title of your organization’s contact
- Full name of the contact person of your organization
- Signature of the Organizational contact
- Date & place of signing
- Contact details of your organization’s HR for verifying the person who has applied to purchase an EV Code Signing certificate is a full-time employee within the company
2. Organization Authentication
In this step, the certificate authority verifies your organization/company to know it’s active at a registered place and it’s legal.
3. Operational Existence
The certificate authority verifies the Online Government Data, and it could be your local municipality, state, or country that displays the Organization’s/Company’s incorporation date.
Similarly, if the organization/company has been well-established and active for over three years, it shouldn’t be an issue.
4. Physical Address
To complete this physical address verification to prove the establishment and registration of your company/organization, you have to provide proof that it exists. The certificate authority verifies information from an online government database that could be from your local municipality, state, or country.
Similarly, all the information should match exactly what you provided in the enrollment form. And CAs (Certificate Authorities) don’t accept information such as PO Boxes or any company information registered abroad.
5. Telephone Number
Once the physical address is verified, the certificate authority verifies the telephone number. Similarly, your telephone number should be listed in acceptable and known Telephone Directories along with the verified business name, corporate identifiers such as LLC, and a complete physical address.
6. Employment Verification
In this step, the certificate authority verifies the executive name through an Online Government Database, which could be a local municipality, state, or country. Suppose the person’s name isn’t available in the online Government database; the certificate authority should have the contact details of the company’s HR/Payroll Manager or any Entity Member.
So, CA can contact and ensure the applicant is a full-time employee and authorized to get an EV Code Signing certificate.
7. Final Verification Call
It’s the last verification step, where the certificate authority does a final verification call by dialing a business telephone number. Here CA speaks with an applicant and confirms the order details.
If the number doesn’t connect directly with the organizational person who applied for the EV Code Signing certificate and instead connects with IVR (Interactive Voice Response), needs to dial Extension or first connect with the receptionist, the CA will go through the system.
All these validation requirements are expected to be found and verified with the information readily available in an Online Government Database. However, if any information is not found or not latest and verification isn’t complete, then there are some alternatives, and they’re as follows.
Fax or Mail the Documents
If you cannot complete the Enrollment Form, you can mail the papers to the certificate authority’s physical address or even fax them.
Company’s Official Registration Documents
Suppose you cannot complete verification of the Organization/Company’s operational existence or verification of Physical Address.
In that case, you have an alternative of providing documents issued by the local government like:
- DBA Statements
- A Chartered License
- Articles of Incorporation
Legal Opinion Letter
A legal Opinion Letter, also called a Professional Opinion Letter (POL), is a letter issued by an accountant or an attorney who vouches for your company’s authenticity.
It helps to fulfill five different authentication requirements:
- Organization Authentication
- Operational Existence
- Physical Address
- Telephone Verification
- Employment Verification
Telephone Numbers in Recognized Third-Party Directories
If your company’s telephone number isn’t verified, then the alternative way the certificate authority chooses to go is to find the listing of your company with a telephone number that you gave in an enrollment form with third-party directories like:
- Scoot
- 192.com
- Yellow Pages
Note: Comodo and Sectigo accept Better Business Bureau telephone listings or Dun & Bradstreet only for US businesses.
Bank Confirmation Letter
If your company hasn’t been actively operating for equal to or more than 3 years, then a certificate authority like Sectigo accepts a letter from the Bank that says your company has an active checking account (Demand Deposit) with them.
And once all the verification requirements are satisfied and completed, the certificate authority will send you a physical mail package at the verified business address, including an EV Code Signing certificate. Similarly, this EV Code Signing Certificate validation takes 1 to 5 business days.
EV Code Signing Cert
Digitally Sign your Windows 10+ Drivers, Kernel Mode Drivers, Packages with Highest Level Security and Assurance of EV Code Signing.
Price Starts at $279.99 Per Year