September 7th, 2011 by peter.bassill
In a moment of madness for which I must apologize, I decided it would get a great idea to get an EV certificate for my site. I can almost hear the people falling of their chairs, but serious how hard could it be. Well, here is how hard:
Lets use GoDaddy. Why? The process seems simple and I have some domain names with them so why not also switch to DNSSec while I am at it. Good idea so far? I thought so.
GoDaddy’s EV process: Fix the following:
Dear Secure Certificate Customer,
Thank you for your recent extended validation certificate request. We will need additional information to verify your request.
Phone Bill
We were unable to find a listing for the phone number on your application with your exact company name using the online verification sources that are approved by our auditors. In order to proceed with your Secure Certificate application we will need you to provide us a verifiable phone bill that shows the phone number on your application. The bill will need to be in your company’s name, show the address listed on your application, and cannot be older than 6 months. You can send this documentation through either fax or email.
Whois Update
The domain is registered to a different company name then the company requesting the certificate. We need to verify the requesting company has sole ownership to this domain. The easiest way of confirming this information is to update the whois registrant to be “Hedgehog Security Ltd”. Please make this update. When this is complete or if this can not be completed, please contact us.
HR Contact
Part of our verification process requires us to confirm the name, title, and agency of the approver/signer contact(s) in the application by contacting a member or person who acts as an HR representative of the company. The HR representative cannot also be the requestor, approver, or signer. Please provide us the name of an HR representative, we can contact at the phone number for your company, to validate the approver/signer’s title in the application.
Let me know if I can be of further service.
Step 1 – Well, try searching the UK and not the USA or Canada. Now, I dont know about anywhere else, by BT do NOT list the businesses phone number on the bill. They do however list the company name, account number and reference, but not the phone number.
Step 2 – Have the customer get their WHOIS details correct. Ok, simple enough and a fair enough comment. It was a little out that the chance could be perceived to be picky but ok, lets make it very accurate.
Step 3 – Do what? HR contact? Blimey….. Ok, ill use my accounts, that will be fine.
So, we fix a few items such as the company name on the phone bill and submit.
Hello Peter,
Thank you for sending the phone bill. Unfortunately we will not be able to use the phone bill provided because it is not in the Companies name. Please see the requirements below and send an updated phone bill.
In order to proceed with your Secure Certificate application we will need you to provide us a verifiable phone bill that shows the phone number on your application. The bill will need to be in your company’s name, show the address listed on your application, and cannot be older than 6 months.
Let me know if I can be of further service.
Yes it is. It is clearly in the Companies name, it is listed there just above the address……
So I contacted GoDaddy and it appears that unless I can have BT put the business phone number of the bill then no dice. Ok, how about a refund then? Oh, you cant because you gave me free products?
Godaddy? Go fail at providing services people paid for by asking for documents that simply dont exist.
Seems I am joining the mass of customers leaving then.
