Don’t know about Canada and Sectigo, but I verified address by providing Visa Business card listing, and public company registration and tax records. Serbia, 4-5 years ago. When I extended certificate few months ago, business was already in DUNS database and that was enough. Don’t know how it ended up in DUNS, maybe they scrape public records.
1 Like
Thanks for the idea. I’ll check with Sectigo if they’re OK with notarized papers from bank.
I was hoping I’m already in DUNS, given that government of Canada shares those records with interested businesses, but DUNS search UI just searches forever - no way to tell if it found me or not. Gonna try later again.
I renewed my code signing certificate a few months back and got an EV certificate. The validation process was a pain.
Despite the hundreds of dollars Sectigo (via KSoftware) charge, they would not pay $30 or whatever for the official company information. Instead they used the free Dunn and Bradstreet (now Illion) listing which was incomplete.
They asked for a letter from my accountant to validate the missing information. Then they needed to validate my accountant who (you guessed it) wasn’t in the free online CPA directory they used. So my accountant had another CPA who was in the directory write the letter. Then they wanted to validate the signature on the letter - but this had now run into Christmas and everyone had gone on holiday.
At this point I decided to contact Illion to find out if they could update their listing to include the required information. Sure, they said, just send us a request via email.
So I sent an email, they updated their listing (I don’t know what validation they do) and Sectigo were happy and issued the certificate.
I was impressed how fast the dongle was delivered once the validation was done. It would have only been a day or 2 for delivery to Australia.
I had a similar experience here in New Zealand. Easiest is to contact Dunn and Bradstreet and get them to update my info – a couple of minutes.
I had always assumed that D&B was USA-only and would therefore be a huge challenge to deal with, however I’ve discovered that they actually have offices in many countries – even New Zealand!
I figured that out eventually! It would have helped if Sectigo suggested that rather than requesting letters from the accountant.
I’m in this phase right now. 
Contact D&B you say? Hmm… will try.
Update - I called D&B, they were a bit confused about the certificate thing, but we started the process of adding my company to their directory. They say should be done and verified by Monday.
1 Like
Yes, the easiest is just to pick up the phone and give them a call. Don’t mention anything about certificates - it just confuses matters!
1 Like
The main difference between the OV and EV Code signing is, OV code signing do not offer the Two-Factor Authentication and EV Code signing offers it.
The benefit of the Two-factor Authentication is, the user can only sign the software code if he/she has the USB device that contains the encrypted token & private key.
OV code signing issuance is about 3 days and EV Code Signing Issuance is about 5 days.
Being a Software consultant, I always prefer best things and I found Comodo’s Code Sign Certificate is a good option. Less in price, quick on issuance and support, and perfect for any mobile or desktop devices. One can get the Comodo Code Signing Certificate from CodeSigningStore.