Nobody wants to download something that will affect their computer negatively and Operating Systems are well aware of this. That’s why they’ve gone out of their way to generate warning messages anytime someone attempts to download something that may not come from a trustworthy source.

To software developers and engineers, these messages can mean the difference between someone adopting your software and someone forgetting it in their download folder. And losing users is bad for business—bad for the bottom line. So how do you become a trustworthy source? How do you prevent those messages and alerts from popping up before someone attempts to run YOUR software or code?

Code Signing.

Individual Validation

Individual Validation is a little different than Organizational Validation because you’re not proving that you’re a company, rather you’re a single developer that must prove your identity to the CA. We’ll go into how in each individual section, but for now, just know there are essentially three different components.

Identity Authentication

The first requirement for all Individual Validated Code Signing Certificates is Identity Authentication. Here the CA will attempt to verify the identity of the individual applying for the certificate.

What is Identity Authentication?

To satisfy the Identity Authentication requirement, the CA will need to make sure that you are who you say you are. That means verifying the personal identity of the applicant. Please note that the exact validation process may be different depending on the Certificate Authority that is issuing your certificate.

DigiCert Code Signing - Individual Validation

There are two methods for completing Individual Validation with DigiCert. Both methods require gathering personal documents and completing an attestation form before an authorized witness. 

Method 1: Video Conference

DigiCert will coordinate a video call with the individual via Zoom or Skype. During this call, the individual will fill out the Attestation form with the DigiCert agent bearing witness.

The form is not to be filled prior to the video call.

The individual will also show their government-issued photo ID on camera. If the photo ID does not include a valid address, an additional document, such as a utility bill or lease agreement, will be required to verify the address.

The attestation form, photo ID, and any other required documents must then be digitally submitted for review.

Method 2: Notary Letter

In lieu of a video conference, the individual may complete face to face validation with a registered notary.

During this process, the individual must present the notary with their government-issued photo ID with address (or with an additional document to verify the address if it is not on the ID card). The notary must sign and stamp the notary form.

The individual will submit the signed notary form to DigiCert along with a scan of their photo ID and any other required documents.

During the review process, DigiCert will verify the notary’s registration and contact them via a publicly listed telephone number to verify their signature on the form.

Comodo/Sectigo Code Signing - Individual Validation

There are two options for completing Individual Validation for a Comodo or Sectigo Code Signing certificate.

Method 1: Submit Photo ID + Selfie

Submit the following documents via the Sectigo Ticketing Portal.

  1. Copy of valid government-issued photo ID, such as driver's license, passport, or military ID. You may redact sensitive information, however your photo, name, address, and expiration date of the ID must be visible.
  2. Photo of yourself holding the ID so that all information and the photo are readable

If your photo ID does not have a valid address, you must complete a Face to Face Verification form (see Method 2).

Method 2: Face to Face Verification

The Face to Face form and all associated documents must be signed and notarized by an authorized notary in your area. Required documents include:

  1. Face to Face Verification form (click here to download Face to Face form)
  2. Copy of valid government-issued photo ID, such as driver's license, passport, or military ID
  3. Financial document in your name, such as valid credit/debit card, mortgage statement, or bank statement
  4. Non-financial document in your name, such as landline phone bill, utility bill, birth certificate, or court order

Submit all documentation using Sectigo Ticketing Portal.

Once your documentation is submitted and approved, you will have completed the Individual Validation process and will shortly after receive the Code Signing Certificate Collection Email from Sectigo.