May 8, 2023
A Qualified Website Authentication Certificate (QWAC) is a type of qualified Digital Certificate under the trust services defined in the eIDAS Regulation. In the eIDAS Regulation, trust services are defined as electronic services, normally provided by trust service providers (TSPs, of which GlobalSign is one), which consist of electronic signatures, electronic seals, electronic time stamps, electronic registered delivery services and website authentication. For website authentication, QWACs are issued to assure authentication between a website and a natural or legal person, offering website visitors proof that any business conducted on the site is protected, and there is a legitimate entity behind the website. This and other eIDAS products offered by GlobalSign help protect the PKI ecosystem in reducing online fraud.
Ordering a QWAC is similar to ordering an ExtendedSSL Certificate through the GlobalSign Certificate Center (GCC) retail order process, but with a few changes to the order flow:
QWAC Validity Period
QWACs are 1-year validity Certificates, you must select 1 year from the Validity Period section.
When you finish placing your order, be sure to save the information on the confirmation screen for future reference, and to walk through the steps of retrieving your Certificate once you have cleared all Vetting tasks.
GlobalSign's role as a TSP dictates we comply with the eIDAS Regulation, and validate the entity behind the Certificate under a specific, standardized process. Once you submit your Certificate order, you will receive an email from the GlobalSign Vetting Department with information on what other materials you need to submit, for us to process your order.
We validate the Organization’s ownership or control of the domain. We will do this by sharing a random value with you to install on specific locations, or by performing a response challenge to pre-approved email addresses.
As part of the vetting process, we are required to perform a face-to-face verification of your Authorized Representative. This is usually carried out by a Third Party in accordance with national law.
|Signed Personal Statement
|Copy of Secondary Documentation
|Notarization of your Application
|A personal statement signed by the Authorized Representative. Will include certain attestations, including that the information contained in the Application and the Certificate Request is true and correct, and acceptance of our terms and conditions. We will send the form to your Authorized Representative to sign.
|The Authorized Representative will need to bring a Government Issued Photo ID to the Third Party who performs the face-to-face validation. We provide a list with the acceptable documents.
|We do not require a copy of your Authorized Representative’s Government Issued Photo ID for our files. Instead, we require copies of two Secondary documentations. We provide a list with the acceptable documents.
|The Third Party will notarize your application. We will provide more information about who can carry out this notarization in your jurisdiction. We will send you the form the Third Party must use for this notarization.
Don't worry, we will take care of this part of the validation. We will validate the information provided in the Certificate Request. We confirm most of these elements in our independent sources. We may reach out if more information is required.
|The Authority to represent the Organization
|Organization's Authorization to Issue
|This includes the Organization Full Legal name and the Organization Identifier.
It also includes the Organization’s ability to do business, which is implied if the Organization has been in existence over three years.
|We verify the physical address of your Organization.
This is the address where the business operates, and can’t be a postbox or a “care of” address.
|We verify that the Authorized Representative has the authority to represent the Organization.
|We check with the Authorized Representative that they approve the issuance of the Certificate.