OV Code Signing Validation

What is Code Signing?

Code Signing certificates allow you to sign a piece of software or code and essentially prove where it came from and that it's trustworthy. This is done with a signature, which tells the browser who made the software and that it hasn't been tampered with by a third party.

When someone attempts to download your software, it allows them to check on who developed it and assures them that it hasn't been tampered with. It gives users confidence that they're downloading what you intended. It also lets them know who you are.

These are both crucial to your success as a software developer. Nobody wants to download something that will affect their computer negatively and Operating Systems are aware of this. That’s why they’ve gone out of their way to generate warning messages anytime someone attempts to download something that may not come from a trustworthy source.

So how do you become a trustworthy source? How do you prevent those messages and alerts from popping up before someone attempts to run YOUR software or code?

A code signing certificate can be issued to an organization or to an individual.

Organization Validation Requirements:
Organization validation verifies the following:

• Operational existence
• Physical existence
• Business phone number
• Government-issued photo ID of the requestor
• Verify the authority and authenticity of the order

Operational Existence:
Your organization's legal identity and/or DBA (doing business as) must be verified and the organization is conducting business operations. Validation uses a combination of your legal registration and other third-party reliable sources to verify your organization.

Physical Existence:
Your business address is verified using a combination of your legal registration and other third-party reliable sources in a similar manner as your operational existence is verified

Phone Number:
Phone numbers are verified through reliable third-party databases. The phone number that is verified is typically a main business telephone number

Government-Issued Photo ID:
A copy of a government-issued photo ID is required to verify the requestor (admin contact) on the order.

• Provide a copy of a government-issued photo ID such as a valid driver's license, passport, national ID, or military ID that includes your name which matches the name on the order.
• A photo of you holding the government-issued photo ID. The photo MUST clearly show your face and the government photo ID that is readable and can be compared to the copy provided in document (1)

Authenticity of the Order:
A callback is made by validation to the verified phone number for the organization. A person of authority to request the certificate provides verification that the order was placed for the organization.

If the Validation agent is not able to complete any of these requirements, an email will be sent to you explaining the issue with actions for a resolution

If any documents are requested, please refer to the "How to Submit Documents" section in this document.

Individual Validation Requirements:
Individual Validation is a little different than Organizational Validation because you’re not proving that you’re a company, rather you’re a single developer that must provide evidence of your identity.

There are 2 options you can choose for validation.

• If you have a government-issued photo ID that includes an address that matches the name and address on the order, you can use option 1.
• If the address on the government-issued photo ID does not match the address on the order or does not include an address, option 2 is required.

Option 1: Two documents you provide for verification:

1. Provide a copy of a government-issued photo ID such as a valid driver's license, passport, national ID, or military ID that includes your name which matches the name on the order.
2. A photo of you holding the government-issued photo ID. The photo MUST clearly show your face and the government photo ID that is readable and can be compared to the copy provided in document (1)

Option 2: Face to Face document:
This form is used when the photo ID does not match the address on the order or is preferred to use. The Face to Face document explains the specific instructions and requires a notary to attest to and notarized the forms.

The following documents are required:

• A notarized copy of a valid driver's license, passport, national ID or military ID that includes your name and matches the name on the order.
• The Face to Face personal declaration statement
• The Face to Face confirming person statement

How to Submit Documents
Documents are submitted using one of these methods:

• Upload directly to your order
• Use the Validation Manager
• Create a case and attach the document

Upload directly to your order

• Your confirmation email contains a link to your order called the Validation Manager.
• Click on the link for your order details, status, and to upload documents
• If you do not have a link to the Validation Manager, you can request the link by contacting the validation team through chat or by creating a case here

Create a case and attach the documents

• Upload documents as attached files to a case that you create at Sectigo support site
• Select the case type Validation Support and the appropriate Case Reason
• Complete the form and then Attach your files
• You will get an email reply with the case number.
• Simply reply to that email to interact with your Sectigo Support & Validation agent.