Confirm, administrator
5,526
edits
Changes
m
The verification Verification procedures often include contacting the organization through an independent means to confirm that the certificate subscriber is authorized by the organization to request the certificate. If this is the case, then it should be documented. The documentation should include information such as how the company's contact information is obtained, the method for contacting the organization, who is contacted at the organization, and what information they confirm.
→Verifying Identity of Code Signing Certificate Subscriber
If public resources are used, then there should be a description of the types of public resources that are used, what data is retrieved from public resources, and how that data is used for verification of the entity referenced in the certificate.
=== DNS names go in SAN ===
