Redirecting you to
Click if you are not redirected within 5 seconds
Contact Us

Qualified Website Authentication Certificate (QWAC) for Enterprise/Organizations

For Enterprises, Businesses, and Organizations

Sectigo QWAC Legal

For one website. Delivered digitally.

Sectigo QWAC Legal Multi‑Domain License

Up to 3 websites. Delivered digitally.

About

Qualified Web Authentication Certificates

eIDAS QWAC certificates are TLS/SSL certificates that provide end-to-end data encryption between servers and clients. They attest to the fact that behind a website or server there is a natural or legal person identifiable by trustworthy information. These digital certificates encrypt data using encryption and algorithms and provide extended validation to identify EU organizations to users based on the eIDAS regulation. The certificate issuer must be a Qualified Trust Service Provider (QTSP).

QWACs

  • QWACs for enterprise/organizations are for legal entities to secure their websites.
  • QWACs are TLS/SSL certificates that encrypt sensitive data and provide extended validation to identify European Union organizations to users.
  • They are compatible with any TLS/SSL-capable server.
  • PSD2-specific QWACs are available.

Validation and Issuance - IMPORTANT

Getting Your Qualified Website Authentication Certificate from Sectigo®

Once an eIDAS certificate is ordered, you will be guided through the steps of passing the necessary validation checks so that your certificate can be issued. It's very important to understand the requirements for validation so your certificate can be issued as quickly as possible.

Once the order is placed, you will receive the Subscriber Agreement email. Follow the instructions in the email to agree to the agreement, after which the Complete Your eIDAS Request page is displayed, where you can monitor the progress of your order. The page shows all the steps that need to be completed for Sectigo to be able to issue your certificate.

Typically the CSR, where required, is submitted with the order. A CSR is only needed for QWACs or certificates that will be installed by you on an HSM or other device.

Once the order is placed, you will receive the Subscriber Agreement email. Follow the instructions in the email to agree to the agreement, after which the Complete Your eIDAS Request page is displayed, where you can monitor the progress of your order. The page shows all the steps that need to be completed for Sectigo to be able to issue your certificate.

For QWACs only, proof is required that you control the domain(s).

Any public domain name must pass Domain Control Validation (DCV) before Sectigo can issue certificates to it. DCV requires you to prove you have control of the primary domain.

The following are possible methods of completing DCV:

  • Email—Sectigo sends a challenge-response email to a mail address on the domain. You can choose the email address during setup. The email contains a link to validate ownership of the domain.
  • DNS CNAME—a hash value must be entered as DNS CNAME for the domain. Sectigo validates by checking the DNS CNAME of the domain.
  • HTTP/HTTPS File—a .txt file is placed on the root of the web server. Sectigo checks for the presence of the file.

For eIDAS QWACs ordered with multi domain, all the requested domains must pass DCV.

See also the Sectigo Knowledgebase article Domain Control Validation (DCV) Methods.

The individual making the order must provide proof of their identity.

Face to face verification is used to verify your identity. This requires completion of the face-to-face form that will be provided to you by Sectigo, along with instructions for completing the form. The completed form must be notarized and accompanied by:

  • A notarized copy of government-issued photo ID.
  • Status of Author to verify the licensing status of the notary.

The email address used for the order is verified.

You will receive an email verification email. Follow the instructions in the email to verify your email address.

For orders made on behalf of an organization, proof that the signer of the agreement is an authorized representative of the organization is required.

As part of the verification, Sectigo verifies the phone number provided with the order. You will receive an email with instructions, and the process will involve a callback to the phone number that was verified as part of the organization identity.

The callback verifies the following:

  • The phone number is that of the organization.
  • The authenticity of the order and that it was placed by the organization.
  • The signature on the agreement is confirmed by the signer.
  • The authority of the signer to enter into an agreement.

For orders involving legal persons, Sectigo will verify the physical, legal, and operational existence of the organization.

As part of the verification, Sectigo verifies the organization details provided with the order, including:

  • the legal identity and existence of the organization
  • the physical existence of the organization
  • the operational existence of the organization

You may be required to provide additional documentation and receive callbacks.

QWAC orders include an additional approval stage performed by Sectigo.

Once your identity has been validated, the information is checked by Sectigo, after which your certificate can be issued.

Once your QWAC is issued, Sectigo will arrange with you for delivery.

These certificates can be installed on a webserver/application server using a pfx/pkcs12 file or on SSL Accelerators.

For information on installing your QWAC on your server, consult your server documentation