I am a one of Wesentra’s three verification specialists and I have been trained and certified by Entrust Datacard. Our job is to find all needed information, verify their organizations’ legal existence, contact customers and check their intention for getting an SSL/TLS certificate as well as help them with the verification process. We prepare the needed verification documents and an auditor from Entrust Datacard checks the documents and either accepts the verification or asks for more information. Entrust Datacard has authorized four partners globally to do this verification work, Wesentra is the only one in Europe.
In my job I need to be precise, systematic, customer friendly and patient. Verification work itself can be sometimes challenging. We need to be sure that organizations and contact persons truly are who and what they claim to be. Sometimes reaching people by phone can be challenging. There can be difficulties if organizations have no switch board numbers (needed in EV verification). Luckily in Finland we have very good registries to check organizations’ contact details. From time to time we get also urgent verification cases and it is always great to succeed in completing them in time with the customers.
Security for SSL/TLS certificate is provided by verification
CA (Certificate Authority) services and provision of SSL/TLS certificates are regulated by CA/Browser Forum. This standardized regulation confirms that the SSL/TLS certificate has been verified by a trusted authority. There are three different levels of verification: Domain Validation (DV), Organizational Validation (OV) and Extended Validation (EV).
Domain Validation (DV)
This is the least secure way to have an SSL/TLS certificate because you only accept an e-mail sent by the CA. There is no organization verification or 3rd party check. The certificate just provides encryption. The visitor on the web site has no way to check the identity of the organization which has provided the web site.
Organizational Validation (OV)
In organizational validation the CA checks your organization from 3rd party registries. It is also checked that the named contact person is employed by the organization and this person is contacted typically by phone. The visitor on the web site can look for the SSL/TLS certificate and see the name of the organization providing the web site as well as the name of the CA who has done the validation.
Extended Validation (EV)
In addition to OV, more 3rd party registries are needed for extended validation. Also, two persons from the organizations are contacted for the verification. The visitor on the web site can see the name of the organization on the address bar as well as the green pad lock icon. This high-quality SSL/TLS certificate provides the best security for example against phishing sites which mimic the real web site addresses, and which typically have a DV certificate.
Also the domains need to be verified
The organization wanting an SSL/TLS certificate needs also to show control over the target domain. There are three different methods to verify domain (DNS, Email or Web Server).