Changes

Jump to: navigation, search

CA/Required or Recommended Practices

438 bytes added, 23:21, 11 March 2011
Verifying Identity of Code Signing Certificate Subscriber
Verification procedures often include contacting the organization through an independent means to confirm that the certificate subscriber is authorized by the organization to request the certificate. If this is the case, then it should be stated. The documentation should include information such as how the company's contact information is obtained, the method for contacting the organization, the typical title/position of the person contacted at the organization, and what information they confirm. Note that if the CA issues certificates outside its national area, documentation will need to establish the same minimum standard outside borders.
 
'''Important:''' The O in the Subject Field of the code signing certificate should contain the subscriber's formal legal name that matches the name of the organization as per official government records in the subscriber's jurisdiction of its place of business. If an assumed name is used, the assumed name must be properly verified, and the legal name should also be included. For instance, the legal name may be appended in brackets."
=== DNS names go in SAN ===
Confirm, administrator
5,526
edits

Navigation menu