Confirm, administrator
5,526
edits
Changes
m
→Verifying Identity of Code Signing Certificate Subscriber
If public resources are used, then there should be a description of the types of public resources that are used, what data is retrieved from public resources, and how that data is used for verification of the entity referenced in the certificate.
Verification procedures often include contacting the organization through an independent means to confirm that the certificate subscriber is authorized by the organization to request the certificate. If this is the case, then it should be stated. The documentation should include information such as how the company's contact information is obtained, the method for contacting the organization, the typical title/position of the person is contacted at the organization, and what information they confirm. Note that if the CA issues certificates outside its national area, documentation will need to establish the same minimum standard outside borders.
=== DNS names go in SAN ===
