The next requirement in the Extended Validation process is called Organization Authentication. This is the point where the Certificate Authority verifies that your company is a legitimate legal entity that is registered and active in your local municipality.
What is Organization Authentication?
The Organization Authentication requirement is pretty straightforward – the CA is going to check to make sure your company is a legally registered business – though if your company operates under any trade names, assumed names or a DBA you will need to make sure that all of those registrations are accurate and up to date as well.
In most cases the Certificate Authority will be able to verify everything via the use of online government databases—the CA will check the official website in your country or state that displays business entity registration status. It’s extremely important that the details listed on that database match the details you put down on the Enrollment Form or the CA will be forced to double back and a delay in the issuance of your certificate will ensue.
If the CA can’t authenticate your organization using available online resources, you’re not out of luck. There are other ways to complete the Organization Authentication requirement.
Other Methods for Organization Authentication
There are two other methods for satisfying the Organization Authentication requirement.
- Official Registration Documents – You can provide the CA with official registration documents that were issued by your local government—this includes items like articles of incorporation, chartered licenses or DBA statements. These all show that your organization is indeed a real business, and that it’s recognized as such by your local government.
- POL – You can also get a Legal Opinion Letter, sometimes call a Professional Opinion Letter or POL. In some cases – for instance, if your company has in-house legal – this is actually the most convenient method to earn an Extended Validation SSL Certificate. A POL can be used to satisfy every single requirement for EV SSL, except for the Enrollment Form. A POL is essentially a document in which an attorney (one that is licensed to practice law in your location) or a professional accountant vouches for your company’s legitimacy. It carries a lot of weight in the eyes of the CAs.
Either one will satisfy the Organization Authentication requirement.
Can anything else go wrong with Organization Authentication?
As long as your company is legitimate and has all of its registration information up to date with its local government—everything should go smoothly. But there are a few common mistakes which can hold up the process.
For instance, if your official registration details are outdated/expired or your company operates under multiple names and you didn’t accurately list the names on your certificate or in the Enrollment Form—you may have to go back and clean things up on your end before the CA will move forward.