Requirements for automatic bulk ordering of Personal ID+Organization S/MIME certificates
The authorized representative for bulk ordering Personal ID+Organization S/MIME Certificates is required to accomplish four requirements before certificates can be issued to other members of the organization automatically without having to undergo a validation for each certificate.
- Creation of an SSL.com account. A single team is automatically created in your account. Provide the team number you wish to use for bulk ordering to your account representative or service team member.
- Completion of a signed EPKI agreement submitted to SSL.com. An Enterprise PKI (EPKI) Agreement allows an authorized representative to assume responsibility for retaining and validating identity evidence of employees or contractors within a company or organization. For a guide on how to sign the EPKI Agreement, please refer to this article: Enterprise PKI (EPKI) Agreement Setup.
- A completed validation call back in which a member of the SSL.com validation team calls an authorized representative at a number listed in an acceptable business information source to confirm the company identity. An email will be sent by SSL.com providing instructions on how to complete the call back upon submission of the EPKI agreement.
- Pre-validation of all domains to be used for the certificate recipients email addresses. For instructions on how to pre-validate domains, please refer to the section below: How to Pre-validate Domains in the Domain Manager.
How to Pre-validate Domains in the Domain Manager
- Login to your SSL.com account at https://secure.ssl.com/user_session/new
- Click the Domains tab in the top menu.
- Click the add button.
- Type the domain associated with the emails/subjects of the certificates and then click the Save button.
- Click the pending validation link under the Certificate Status column.
- You will then be directed to the Domain Validation page. Select the email address where you want the email challenge to be sent and then click the Validate button.
- After clicking the Validate button, you will be asked to complete the email challenge response to prove your control of the domain. For steps on the email challenge response, please refer to this article: Domain Name SSL/TLS Pre-Validation. specifically section 2.1: Email Challenge Response Method.
Bulk Enrollment of Personal ID+Organization S/MIME CertificatesOnce the requirements have been completed. You can begin ordering Personal ID+Organization S/MIME Certificates that will automatically validate.
- Click the Orders tab Login to your SSL.com account, click the Orders tab, followed by the S/MIME or Client enrollment on the left sidebar.
- Under the *Certificate option, click the drop-down arrow and select Personal ID + Organization Email.
- Submit the information details for each S/MIME certificate order. The first option is to copy+paste all the subject email addresses to *Email Address List box.
- The second option is to upload a csv file containing the necessary information for each IV+OV S/MIME certificate order. The csv file should have columns for First Name, Last Name, Email, Country, and Csr (Certificate Signing Request). Fill out all columns except for Csr. For a templated csv file, click the Download an example csv link.
- Scroll down the page. Select the validity duration for the certificates and click the Next>> button.
- After a brief processing period, a list of all the orders will appear. Click the invoice (pending) link to finish the payment for all orders.