Sectigo Personal Authentication Certificates Validation Requirements

Sectigo Personal Authentication Certificates or SPAC can be ordered for any valid email address. There are three types of Personal Authentication Certificates:

• Basic

• Pro

• Enterprise

Note: A Corporate Secure Email Certificates or CSEC is the only email certificate that requires verification of the domain and is only available via an EPKI account

SPAC Basic

Validation requires a challenge response from the customer which is sent to the email address of the applicant. Once the applicant has followed the instructions in the challenge email, the certificate is issued.

SPAC Pro

Validation for an individual requires:

• Verifying the identity of the individual listed on the certificate by matching the name on a government issued photo ID such as; driver's license, passport, national ID card, or military ID. The name on the government issued photo ID must match the name of the certificate. the customer is required to provide a legible and readable copy of the photo ID

• The customer is sent a challenge email to the email address to be listed on the certificate. The customer follows the instruction to verify the email address

• Once the customer has completed the instructions in the challenge email, the certificate is issued

SPAC Enterprise

Validation for an enterprise requires:

• Verifying the identity of the business using a QIIS, QGIS or QTIS document

• Verify the identity of the individual listed as the admin contact on the order. The name on the government issued photo ID (driver's license, passport, national ID card, or military ID) must match the name of the admin contact. The customer is required to provide a legible and readable copy of the photo ID

• Verify physical existence (address) using a QIIS, QGIS or QTIS document

• Authenticate the order by calling the customer using the main business telephone number found in a QIIS, QGIS or QTIS document

• Once the admin contact, identity and address is complete and the order authenticated, the certificate is issued

Definitions

QIIS

Qualified Independent Information Source: A regularly-updated and current, publicly available, database designed for the purpose of accurately providing the information for which it is consulted, and which is generally recognized as a dependable source of such information such as:

• Reputable third party commercial credit services. One example of many services is Dun and Bradstreet

• Accredited business databases One example of many is the Better Business Bureau

• Regional phone directories that are applicable to your location.

QTIS

Qualified Tax Information Source: A Qualified Governmental Information Source that specifically contains tax information relating to Private Organizations, Business Entities, or Individuals. EIN number is considered a QTIS

QGIS

Qualified Government Information Source: A database maintained by a Government Entity that contain legal business registration, corporate filing, trademarks and patents