Comment by organsnyder
11 years ago
If it was for an organization, you only got the cert because they didn't catch it. For some reason, my account got flagged as high-risk, and every cert I request needs manual review. During one of those reviews, they rejected my cert request and told me that since it was for an organization, I needed organizational validation. This was for a standard certificate—not extended validation. I think they must've either visited the company website or checked whois.
Their FAQ alludes to this, but doesn't really make it explicit:
> The certificate is for my company, what shall I do?
> In the Class 1 settings (free), the only possible relationship between StartCom and the subscriber is > with individuals, i.e. natural persons. StartCom has no relationship with the organization a subscriber > may represents and acknowledges only the subscriber. All responsibilities according to the StartCom > CA Policy are that of the subscriber personally, even in case he/she decides to obtain certification as > an employee or representative of an organization. > Organizations should perform Class 2 validation and an organization name may only appear in a digital > certificate at Class 2 level and higher.
No comments yet
Contribute on Hacker News ↗