We are working with a new company who has just acquired one of our customers. The new owners have set up a new company and are changing the domain name before launching a larger line of products. One of many things on our list was a new SSL certificate.
We use Thawte SSL certificates for our customers. We like Thawte for many reasons. The level of SSL that we use gives the merchant a seal to put on their site to show shoppers that the site is secure and that the ownership is verified. With this latest project though we have run into some issues with the verification of ownership.
1) The Domain registration was anonymous. This is a great service and it can help to reduce SPAM and those deceptive "invoices" from DROC (in Canada) but it can get in the way of ownership certification when ordering an SSL certificate. Thawte (and other vendors like Verisign who also establish proof of right before issuing an SSL certificate) needs to confirm that the domain name you are registering an SSL certificate for is in fact yours. With an anonymous domain registration, they can't do this. Leave your primary registration public. Your other domains can ally be anonymous if you like.
2) Certificate of Incorporation: This is another piece of the authentication process. As a new company, they didn't have this yet which caused a few delays. This has to match the details of the domain registration and SSL application.
3) Business License: This is a fall back piece of documentation and should list your business name and address and it should match the domain registration and SSL application details.
4) Phone Number: This was a new one for us and caught us out of the blue. The business was so new that they were not listed in any public directories that Thawte uses to confirm legitimacy. Thawte needed a recent phone bill in the name of the company (matching the other details) or lacking that, a notarised letter on company letterhead.
For the sake of expediency, we switched to another provider and an SSL that did not require proof of ownership BUT we believe it is much better to use a reputable vendor that takes the time to establish proof of identity. Without this, anyone can set up a site, slap on an SSL and start to collect credit cards. Maybe I am paranoid, but if I am shopping from a site I have never heard of, I will check their SSL details and their vendor. If they are running a $20 SSL from a discount SSL vendor, they don't get my business.
A reputable SSL vendor increases trust and can increase your conversion rate. Be prepared to do it right.