eIDAS-Compliant Qualified Website Authentication Certificate (QWAC)
For Enterprises, Businesses, and Organizations
Sectigo’s eIDAS-compliant Qualified Website Authentication Certificates (QWACs) provide secure encryption, authentication, and identity verification. These digital certificates protect sensitive data, establish trust, and are compliant with eIDAS regulations across EU member states. Available in single domain and multi-domain options.
Sectigo QWAC Legal
For one website. Delivered digitally.
Sectigo QWAC Legal Multi‑Domain License
Up to 3 websites. Delivered digitally.
Trusted leader in SSL/TLS Certificates
QWACs for Enterprises and Organizations
Allow enterprises, organizations, and legal entities to secure their websites with strong authentication and encryption.
Encrypt sensitive communications to prevent data breaches.
Provide extended validation to verify the organization’s identity.
Are compatible with any SSL/TLS-capable server.
Are available as PSD2-specific QWACs.
Qualified Web Authentication Certificates
eIDAS QWAC certificates are SSL/TLS certificates that provide end-to-end data encryption for secure digital interactions between servers and clients. They attest to the fact that behind a website or server there is a natural or legal person identifiable by trustworthy information. These digital certificates encrypt data using encryption and algorithms and provide extended validation to identify EU organizations to users based on the eIDAS regulation. The certificate issuer must be a Qualified Trust Service Provider (QTSP).
Validation and issuance - IMPORTANT
Getting Your Qualified Website Authentication Certificate from Sectigo®
Once an eIDAS-compliant QWAC is ordered, you will be guided through the
steps to pass the necessary validation checks allowing your
certificate to be issued. It's critical to understand the
requirements for validation so your certificate can be issued as quickly
as possible.
If required, the Certificate Signing Request (CSR) should be submitted at the time of order. A CSR is necessary only for QWACs or certificates intended for installation on a hardware security model (HSM) or other secure device.
After the order is placed, a Subscriber Agreement email will be sent to you. Follow the instructions in the email to agree to the agreement, after which the Complete Your eIDAS Request page is displayed, where you can monitor the progress of your order. The page shows all the steps that need to be completed for Sectigo to be able to issue your certificate.
For QWACs only, proof is required that you control the domain(s).
Before Sectigo can issue a certificate, any public domain name must successfully complete Domain Control Validation (DCV), which verifies that you have control over the primary domain.
The following are possible methods of completing DCV:
- Email - Sectigo sends a challenge-response email to a mail address on the domain. You can choose the email address during setup. The email contains a link to validate ownership of the domain.
- DNS CNAME - A hash value must be entered as DNS CNAME for the domain. Sectigo validates by checking the DNS CNAME of the domain.
- HTTP/HTTPS File - A .txt file is placed on the root of the web server. Sectigo checks for the presence of the file.
For Multi-Domain eIDAS QWACs ordered with multi domain, all the requested domains must pass DCV.
See also the Sectigo Knowledgebase article Domain Control Validation (DCV) Methods.
The individual making the order must provide proof of their identity via face-to-face verification. This involves completing a verification form provided by Sectigo, following the included instructions. Once completed, the form must be notarized and submitted along with:
- A notarized copy of government-issued photo ID.
- Status of Author to verify the licensing status of the notary.
At this stage, you will receive an email verification request. Follow the provided instructions to confirm your email address.
For orders made on behalf of an organization, proof that the signer of the agreement is an authorized representative of the organization is required.
Sectigo will verify the phone number provided with your order. You will receive an email with instructions, followed by a callback to confirm the number associated with your organization’s identity.
The callback verifies the following:
- The phone number is that of the organization.
- The authenticity of the order and that it was placed by the organization.
- The signature on the agreement is confirmed by the signer.
- The authority of the signer to enter into an agreement.
For orders involving legal persons, Sectigo will verify the organization's physical presence, legal status, and operational existence.
As part of the verification, Sectigo verifies the organization details provided with the order, including:
- The legal identity and existence of the organization
- The physical existence of the organization
- The operational existence of the organization
You may be required to provide additional documentation and receive callbacks.
QWAC orders include an additional approval stage performed by Sectigo.
Once your identity has been validated, the information is checked by Sectigo, after which your certificate can be issued.
Once your QWAC is issued, Sectigo will coordinate the delivery with you.
These certificates can be installed on a webserver/application server using a pfx/pkcs12 file or on SSL Accelerators.
For information on installing your QWAC on your server, consult your server documentation
Need help?
Need help making a purchase? Contact us today to get your certificate issued right away.
Live chat
Click the button below or click "Chat with an Expert" to start chatting with us now!
