Q. Why do you validate my SSL application? A. To ensure that our products are both secure and trusted, we carry out a two step validation process, which we believe is essential to give our customers, and theirs, confidence in the trustworthiness of their website. A weakly validated certificate risks losing the trust of consumers who rely on such certificates to ensure their personal details are secure. For further information on validation, go to: http://www.enterprisessl.com/ssl-certificate-support/guides/docs/ssl_validation_white_paper_v1.03.pdf
Q. I only want a trial certificate, why do you validate those applications? A. Your trial certificate is a fully-functional SSL Certificate, with exactly the same browser compatibility and encryption as our other certificates. This is so that you can fully-test your systems prior to roll-out. As such, the trial certificate must be validated to the same standard as other certificates in our portfolio. This validation process is utilized for every application that we receive, whether the applicant is an individual or a Fortune 500 Company.
Q. We've already been validated by another Certification Authority; do we still have to be validated by Comodo? A. Yes, we will need to validate you ourselves, as our criteria for issuing SSL certificates are often more stringent than those of other Certification Authorities.
Q. What documentation do I need to send to you? A. We accept many forms of documentation, from many countries. To find out what documentation we accept for your country of business go to: http://www.enterprisessl.com/ssl-certificate-support/validation_guidelines_table.html
Q. How do I send you my documentation?
A. We are happy to accept documentation via email, fax or postal mail:
Email: email@example.com (Accepted formats: .gif, .jpg, .bmp, .pdf, .efx, .tif.)
Fax #: + 1.866.831.5837 (US and Canada), + 44.(0)161.877.1767 (UK and Europe)
Postal mail: Comodo Group, 3rd Floor, 26 Office Village, Exchange Quay, Trafford Road, Salford, Greater Manchester, M5 3EQ, United Kingdom.
Q. Are my documents secure? A. We take the issue of confidentiality seriously. All documentation received is kept securely; hard (paper) copies are filed in a secure cabinet and electronic copies are stored on a secure server. Both the secure cabinet and server have restricted access policies in place, which prevents any unauthorized personnel from having access to your documentation.
Q. How long do you keep my documentation? A. We keep all documentation for 7 years, as per our CPS (http://www.comodo.com/repository/Comodo_WT_CPS.pdf). After 7 years all stored documentation is destroyed. Paper documentation is shredded and recycled and electronic documentation, which is regularly archived to CD-Rom, is also destroyed.
Q. I have ordered a certificate from you before. Do I need to send my documentation again? A. If you order subsequent certificates through your existing account, we don't need you to re-send your documentation unless you have changed your account details. If we have any queries, we will contact you via the administrator email address on the account and request documentation if required. If you order subsequent certificates without using your existing account, we will require and request documentation from you.
Q. My domain is registered with, and the WhoIs shows the registrant as, Domains by Proxy. Will this prevent you validating and issuing my certificate? A. If you are able to provide documentation from Domains by Proxy to show that you are the actual registrant, we are able to validate and issue your certificate. If you are not able to provide such documentation, as the registrant is "officially" Domains by Proxy, we are not able to validate and issue your certificate.
Q. How long will it take to issue my certificate? If we already have a record of your company and domain name(s) in the IdAuthority, the largest company directory on the web, we will be able to expedite your SSL application. In most cases, this means that validation of your application and issuance of your SSL Certificate may only take a few minutes.
A. If we do not already hold sufficient information on your company and domain name(s), or your application data does not completely match the IdAuthority entry for your website, we may require additional information. In this instance, you should allow up to 2 days for us to validate your application.