Comments on: SSL Vendor X, I love thee not

By: Mark Wahl

Mark Wahl — Wed, 24 Jan 2007 23:10:44 +0000

Yep it sometimes seems strange to me that it can (for some issuers) even be easier for a one-person business to get an SSL certificate for a domain as a business than that individual to get an SSL certificate for a domain as an individual, as the business gives a layer of ‘indirection’, a persona for the individual that’s at least partially under the individual’s control. For while governments tend to frown on individuals having multiple copies of a personal credential (such as a not wanting citizens to have multiple passports or driver’s license simultaneously valid) or with different attributes, they seem to be happy with individuals creating as many businesses as they desire. Let us know when you find a vendor willing to work with you in issuing you a SSL cert.

By: Pamela

Pamela — Wed, 24 Jan 2007 20:59:41 +0000

Hi Mark!

Businesses have to go through a different (but equally annoying) set of hoops. They have to provide articles of incorporation, DUNS numbers, things like that. I have run into issues before applying for company certificates, where we forgot to update our WHOIS record when we moved – we failed our ‘automatic’ validation because the address we wrote on our CSR didn’t match with the WHOIS database. Come to think of it, that was the same SSL company… :)

By: Mark Wahl

Mark Wahl — Wed, 24 Jan 2007 20:51:08 +0000

What manner of ‘official document’/'real-world credential’ is the SSL issuer looking for with the matching address?
(For example, you mention a driver’s license, but it’s likely that a large business with a domain would have the business’ mailing address be on the WHOIS record, but the business’ employees would not have the company address on their driver’s license). Does your city or county government have a DBA registration database?