Redirecting you to

Qualified Website Authentication Certificates (QWAC) for Individuals

For Individual Use on Personal Websites

Sectigo QWAC Natural

For one website. Delivered digitally.

Sectigo QWAC Natural Multi‑Domain License

Up to 3 websites. Delivered digitally.


Qualified Web Authentication Certificates

Sectigo QWACs for natural persons are TLS/SSL certificates that are issued to individuals and provide end-to-end data encryption between servers and clients. They also attest to the fact that behind a website or server there is a natural or legal person identifiable by trustworthy information. The certificates encrypt data using encryption and algorithms and provide extended validation to identify EU organizations to users.


  • QWACs for natural persons (individuals) are for individuals that would like to, for example, secure their personal websites
  • QWACs are TLS/SSL certificates that encrypt sensitive data and provide extended validation to identify EU organizations to users.
  • QWACs are compatible with any TLS/SSL-capable server
  • QWACs require validation both of the identity of the natural person ordering the certificate, and that they control the domain for the certificate.

Validation and Issuance - IMPORTANT

Getting Your Qualified Certificate

Once a certificate is ordered, you will be guided through the steps of passing the necessary validation checks so that your certificate can be issued. It's very important to understand the requirements for validation so your certificate can be issued as quickly as possible.

Once the order is placed, you will receive the Subscriber Agreement email. Follow the instructions in the email to agree to the agreement, after which the Complete Your eIDAS Request page is displayed, where you can monitor the progress of your order. The page shows all the steps that need to be completed for Sectigo to be able to issue your certificate.

Typically the CSR, where required, is submitted with the order. A CSR is only needed for QWACs or certificates that will be installed by you on an HSM or other device.

For QWACs only, proof is required that you control the domain(s).

Any public domain must pass Domain Control Validation (DCV) before Sectigo can issue certificates to it. DCV requires you to prove you have control of the primary domain.

The following are possible methods of completing DCV:

  • Email—Sectigo sends a challenge-response email to a mail address on the domain. You can choose the email address during setup. The email contains a link to validate ownership of the domain.
  • DNS CNAME—a hash value must be entered as DNS CNAME for the domain. Sectigo validates by checking the DNS CNAME of the domain.
  • HTTP/HTTPS File—a .txt file is placed on the root of the web server. Sectigo checks for the presence of the file.

For QWACs ordered with multi domain, all the requested domains must pass DCV.

See also the Sectigo Knowledgebase article Domain Control Validation (DCV) Methods.

The individual making the order must provide proof of their identity.

Face to face verification is used to verify your identity. This requires completion of the face-to-face form that will be provided to you by Sectigo, along with instructions for completing the form. The completed form must be notarized and accompanied by:

  • A notarized copy of government-issued photo ID.
  • Status of Author to verify the licensing status of the notary.

The email address used for the order is verified.

You will receive an email verification email. Follow the instructions in the email to verify your email address.

QWAC orders include an additional approval stage performed by Sectigo.

Once your identity has been validated, the information is checked by Sectigo, after which you certificate can be issued.

Once your QWAC is issued, Sectigo will arrange with you for delivery.

QWACs can be installed on a webserver/application server using a pfx/pkcs12 file or on SSL Accelerators.

For information on installing your QWAC on your server, consult your server documentation