SSL.com

Validation Process for Document Signing, Code Signing, and EV Code Signing Certificates

This how-to will walk you through the process of buying and submitting required documents for all SSL.com Document  Signing certificates, as well as IV and OV Code Signing and EV Code Signing certificates.

This guide assumes that you have already created an order for a signing certificate. For a guide on how to do this, please refer to this article: Ordering Process for Code and Document Signing Certificates.

Adding Registrant Information

    1. Click the Orders tab on your SSL.com account menu. Locate your order then click the provide info link, located in the Action column.
    2. Enter the requested registrant information. Note that you can enter your company’s Dun & Bradstreet number (also known as a D-U-N-S or Duns number) here to expedite validation. Please make sure that your company information in Dun & Bradstreet is correct and up-to-date before using this option. If you wish your certificate to be stored in eSigner cloud signing, scroll down and check the box beside Enable certificate issuance for remote signing, team sharing, and presign malware scanning. If not, leave the box unchecked. After entering all the registrant information, click the Next >> button.

 

Submitting the EV Request Form and EV Subscriber Agreement (for EV certificates only)

For all Document Signing, and IV and OV code signing certificate customers, please skip this section and proceed to the section, titled: Adding Contacts.

Online Submission

For Extended Validation (EV) code signing certificate orders, pressing the Next >> will button will lead to the page to fill out the required information for the Requester, Contract Signer, and Contract Approver in relation to the EV Request Form and EV Subscriber Agreement. Providing this information will enable the Contract Signer and Contract Approver to sign the online forms for the EV Request Form and the EV Subscriber Agreement. Instructions for signing the online forms are detailed below.

Filling Out the Information for the Requester, Contract Signer, and Contract Approver for an EV Certificate Order

  1. You will be asked to fill in the names, email addresses, and contact numbers for 3 entities involving your EV certificate order:
  1. Contract SignerThis person has express authority to represent the Applicant, and who has authority on behalf of the Applicant to sign Subscriber Agreements. This must be an Officer of the Organization, such as CEO, President, Corporate Secretary, Treasurer, Vice-President, COO, CIO, CFO, CSO, Managing Member, Director, or Department Head, etc. The Contract Signer will be considered to hold all roles, but you may also add other individuals to specific roles.
  2. Certificate RequesterThis Person completes and submits an EV Certificate Request on behalf of the Applicant.

If the Certificate Requester is the same as the Contract Signer, check the box beside Same as Contract Signer.

c. Contract Approver – This individual has the authority and responsibility to approve all EV Certificate Requests submitted on behalf of the organization.

If the Certificate Approver is the same as the Contract Signer, check the box beside Same as Contract Signer.

If there are multiple certificate requesters and approvers, click the Add Certificate Requester and Add Certificate Approver button and then fill out their information.

 

2. Once all information has been finalized, click the Next >> button. If the Contract Signer and Contact Approver do not yet have SSL.com accounts, they will be sent emails allowing them to create accounts and pass AI Identity verification through Jumio in order to approve/sign the required documents.

 

Identity Verification for New SSL.com Accounts

For Contract Signers and Contract Approvers who do not have existing SSL.com accounts, they will be sent email messages allowing them to create accounts and then have these verified through Jumio. The instructions are detailed below.

Creating an SSL.com Account
  1. Open the email containing the link which allows you to create an SSL.com account.
  2. You will be directed to a page allowing you to create the password for your account. Check that your password follows the minimum requirements and make sure to save it in a secure location. Re-type your password in the Password again field. Check the box beside the statement that asks your agreement to abide by the terms and conditions of the SSL.com Subscriber Agreement. Finally, click the Submit button.
  3. You will then be logged in to your newly-created SSL.com account and a message will show indicating that your account has been successfully activated.
Conducting Identity Verification through Jumio
  1. Select the Dashboard tab on the top menu. This will show your account information. Next, scroll down & click the perform identity verification (required for IV certs) link.
  2. You will be directed to the verification page. Click the Start button. By clicking “Start” you consent to Jumio collecting and disclosing your biometric data pursuant to its Privacy Policy.
  3. Specify the country where your ID is issued then select which type of government-issued ID you will use for the verification process.
  4. If you are not sure if your ID is acceptable, you can click this link in the page: Have you checked if your ID is supported? Upon clicking the link, Jumio will show a list of IDs that it does not accept.
  5. Choose if you want to proceed on desktop or mobile. If your mobile phone can capture higher-quality images than your desktop web camera, it would be better to proceed on mobile so that Jumio can accept the images of your ID and your selfie for processing.
  6. Place the email where you want the Jumio verification link to be sent and then click the Send button. Afterwards, keep this page open and open a new tab on your browser to check your email (for desktop users) or open the email on your mobile phone (for mobile users).
  7. Open the ID verification email from Jumio and click the here link to take you to the verification page.
  8. Prepare your ID and click the Start button.
  9. Jumio will require you to take a picture of your ID. If the type of ID you selected has a front and back side, Jumio will require pictures of both. Click Start. Center your ID, make sure all details are clear and click the button for capturing the image. Afterwards, click the Confirm button. Jumio will inform you if the image is blurry or unacceptable in which case, click the Try again button to recapture the image.
  10. After requiring photo/s of your ID, Jumio will then prompt you to take a picture of your face. Make sure that the contours of your face are captured in the frame.
  11. Once the scan is completed, Jumio will analyze the biometric data and check the image quality.
  12. If it is acceptable for processing, the verification result will be sent to your desktop, on the browser page where you first opened Jumio.
  13. Go back to the verification page on your desktop browser. There, Jumio will provide a notification if the page can now be closed.
  14. Upon completion of the Jumio identity verification, SSL.com will then analyze the data. The approval of the Jumio verification includes an approval from SSL.com followed by a cross-approval from the user/subject. When SSL.com issues the approval, an email will be sent to the user with a link that allows him/her to finalize the first and last name that will be associated with the SSL.com account.
  15. Upon completion of the cross-approval by the user, SSL.com will send an email confirming the successful identity verification.

Approving the Online EV Request Form and Signing the Online EV Subscriber Agreement

After successful verification of the newly-created SSL.com accounts, SSL.com will send emails containing links that will allow the Contract Signer to sign the Extended Validation Subscriber Agreement and for the Contract Approver to approve the Extended Validation Request Form. Both users should be logged in to their SSL.com accounts before being able to sign the online documents.

Contract Approver
  1. Login to your SSL.com account. 
  2. Open the email from SSL.com and click the link for approving the Extended Validation Request Form.
  3. Upon clicking the link, you will be directed to the online EV Certificate Request form. After reading all the contents, scroll down the page, check the box for I approve, and then click the Submit button.
  4. You will then be directed to the Dashboard of your SSL.com account and be notified if the EV request form has been approved successfully.

 

Contract Signer
  1. Open your internet browser and login to your SSL.com account.
  2. On another tab, login to your email account and open the email from SSL.com containing the link for signing the Extended Validation Subscriber Agreement.
  3. Read the contents of the online Extended Validation Subscriber Agreement form. Scroll down, check the box for I agree, and then click the Submit button.
  4. Upon clicking the Submit button, you will be redirected to your SSL.com account dashboard and you will be notified that  the EV Subscriber Agreement has been signed successfully.

Sandbox Testing for the online EV Subscriber Agreement and EV Request Form

For users who want to try signing the online EV Subscriber Agreement  and approving the online EV Request Form using a test certificate, the SSL.com sandbox offers a place where they can freely experiment.

  1. The Certificate Requester should login to his/her sandbox account at https://sandbox.ssl.com/login. If there is no sandbox account yet, a new one can be created at https://sandbox.ssl.com/users/new.
  2. Once logged in to the sandbox account, click the Dashboard tab.
  3. Scroll down to the developers and integration section and click the developer tools link.
  4. Select the test EV certificate you want to order. Specify the validity duration of the certificate. Finally, click the Create Test Order button.
  5. You will be directed to the Orders tab. Click the finish processing link under the Subject column or the provide info link under the Action column.
  6. Fill out all the required fields for the Registrant Information, marked by an asterisk *. The required fields include: Company, Address 1, Country, City/town/locality, Postal Code, Registered Country, and Registration Number.Once you have filled out all the required fields, click the Next >> button.
  7. From here on, the process is the same as for production orders. Fill out the required information for the Contract Signer, Contract Requester, and Certificate Approver. Finally, click the Next >> button to:
    1. receive email instructions on how to activate SSL.com accounts for the Contract Signer and Certificate Approver. Once their SSL.com accounts have been activated and verified through Jumio, they will be emailed the links to approve the online Extended Validation Request Form and sign the online Extended Validation Subscriber Agreement. 
    2. receive links to approve the EV Request Form and sign the EV Subscriber Agreement (for already existing and verified SSL.com sandbox accounts).

Manual Submission

If after clicking the Next >> button, the certificate requester decides not to use the online forms for the EV Request Form and EV Subscriber Agreement in favor of the downloadable PDF copies, the instructions for signing the downloadable copies are outlined below:

  1. Download and have the information filled out for the pdf copies of the EV Request Form and EV Subscriber Agreement.
  2. On your SSL.com account, click the Orders tab on the top menu.
  3. Locate your order and click the details link under the Subject  section. Afterwards, click the upload link under the validation documentation section.
  4. Upload the signed EV Request Form and EV Subscriber Agreement  by clicking any of the Choose Files button (all buttons go to 1 folder). Next, click the SUBMIT DOCUMENTS button.
  5. Click the provide contacts link to provide contact information for your order. From here, you can now proceed to the section titled Adding Contacts for the rest of the instructions.

Adding Contacts 

    1. On the next screen, click + Create Contact and then fill in the on-screen form and click Create to add a contact to the order. You must create at least one contact for the certificate, but you can also add more if desired.

When you are finished adding contacts, click Next >>.

 

Submitting Validation Documents

    1. On the next screen, upload up to five documents we can use to validate the identity of the entity that the signing certificate will be issued to.
      The required validation information is determined by the type of applicant and the type of certificate being ordered:
      • The required documents for SSL.com’s document signing and code signing certificates vary depending on whether the certificate is to be issued to an individual person or a business or other organization.
      • EV code signing certificates have a different set of required documentation, and may only be issued to registered businesses or other organizations, not to individuals.

      Use the clickable tabs below to view a document checklist that applies to your order:

      Individual ValidationOrganization ValidationExtended Validation

      To validate an individual person’s identity, please provide the following:

      • A scan of the front of a valid, government-issued photo ID card or passport ID page. The ID number may be obscured, but we must be able to see your name, address, year of birth, and photograph.
      • A scan of the back of the government-issued ID card or passport ID page.
      • A photograph of of yourself holding the government-issued ID next to your face so that your face may be compared with the image on the ID. The photograph should be at least 5 megapixels (MP) – most current smartphones can provide an image of 5MP or greater.

      To validate the identity of a business or other organization, please provide the following:

      • A link to a Reliable Data Source including the organization’s name, address, and telephone number. Acceptable examples include:
        • A link to a government agency in the jurisdiction of the Applicant’s legal creation, existence, or recognition.
        • A link verifying your information in a third party database that is periodically updated and considered a Reliable Data Source. Examples include:
      • If the business or organization is less than three years old, a scan of the certificate requestor’s government-issued ID is also required.

      In most cases, businesses and organizations will not need to upload documents to their order, but can simply provide a URL to SSL.com support staff. You can submit your link via an email to Support@SSL.com, or by using the chat link in the lower right corner of the SSL.com website.

      In some cases, SSL.com may request additional supporting documents before issuing a certificate. You can return to the document upload screen at any time by locating your order on the Orders tab of your user account and clicking the upload documents link.

      To validate the identity of a business or other organization, for EV code signing, please provide the following:

      In some cases, SSL.com may request additional supporting documents before issuing a certificate. You can return to the document upload screen at any time by locating your order on the Orders tab of your user account and clicking the upload documents link.

       

      When you are finished adding files, click Submit.
    2. When you have submitted your documents, your new certificate will have a status of pending validation until we verify the information you’ve submitted, including your telephone number. You can keep track of your order’s progress with the Validation Process checklist.
    3. As SSL.com staff completes validation steps for your order, the Validation Process checklist will be updated.
    4. If you ordered an EV code signing certificate, the Validation Process checklist will show more steps than for standard OV/IV code signing certificates.
    5. Please note that EV Code Signing customers can now pay an extra $500 to get their order validated and shipped overnight within 24 hours from the time that their validation documents are submitted.

Perform Callback

    1. Once your telephone number has been verified, the perform callback link will be made available to you. To find it, navigate to the documents page of your order.
    2. Next, click the Perform Callback link, located at the lower left of the page.
    3. A dialog box will appear. Enter one or more email addresses to send the callback link to, and then click the Send button.
    4. A green alert message will appear, verifying that the callback links have been sent.
    5. When your callback email arrives, click the link in it.
    6. After clicking the link, a callback verification form will open in your web browser. To initiate a call to your verified phone number from our automated system immediately, just click the Call Now button. You can choose between a voice call and SMS text by using the radio buttons at the bottom of the form. Finally, by using the Callback Types drop-down menu, you can choose to schedule an automated call at a later time via the Scheduled Callback option, or schedule a direct call from a member of our staff by choosing Manual Callback. If you choose one of these options, form elements for scheduling the call will appear dynamically. (For more information on these options, please refer to our how-to on Callbacks for OV Certificates.)
    7. After clicking Call Now, a form for verification code entry will appear. When you receive your call it will include the code. Enter the four-digit code and then click the Verify Phone button.
    8. If everything has gone correctly, an alert message will appear in your browser confirming that callback verification is complete.

Next Steps

After a successful callback and all other validation requirements have been satisfied, SSL.com will process the issuance of your certificate. Depending on the choice you made for your order, SSL.com will inform you if your signing certificate is ready to be enrolled in eSigner cloud signing service or has been shipped on a Yubikey token. 

Instructions for eSigner cloud signing enrollment

Please refer to this guide article: Enroll with eSigner for Remote Document and Code Signing.

Instructions for activating your Yubikey

Please refer to this article: Yubikey Instructions

 

Retrieving your Code Signing Certificate (only for IV and OV certificates issued before June 1, 2023)

This section applies only to Individual Validation (IV) and Organization Validation (OV) code signing certificates that were ordered before June 1, 2023. Starting June 1, 2023, SSL.com’s IV and OV code signing certificates have been started to be issued either on Federal Information Processing Standard 140-2 (FIPS 140-2) USB tokens or through our eSigner cloud code signing service. 
    1. After a successful callback, SSL.com will send you a Certificate Activation Link email message. Follow the link included in it, which will take you to the certificate generation page. Alternately, you can click the generate certificate link in the Action column of the Orders tab in your SSL.com account.
    2. Click the Generate Certificate button.
    3. Your certificate is ready! You can copy and paste your certificate and private key from the on-screen fields, or generate a PFX file by creating a password and clicking download. Your password must be at least 6 characters. Remember this password, because you will need it when installing the certificate on your computer. It is also essential that you keep your private key in a secure location and do not lose it.
    4.  

Users can sign code with eSigner’s Extended Validation Code Signing capability. Click below for more info.

LEARN MORE

Video: Validation Requirements for OV, IV, and EV Certificates

Exit mobile version