In January 2015, Mike waited just under a month for GoDaddy to validate a company for an EV HTTPS certificate.
We launched the first version of CertSimple on March 16th: an EV focused workflow without software to install, command line questions, or unnecessary work.
In April we added company autocomplete for 62 countries. In June we started checking your company registration and status before you pay.
Most customers pass pre-checks, but those who don't avoid wasting their time and their money.
Eight months in, and a lot of customers later, we've got a few more tweaks we've made to accelerate the EV process even further.
CertSimple 3 includes a number of significant changes we've been quietly testing over the last few months:
We now instantly create a keypair and CSR during the application process: you no longer need to paste anything onto your server. This is done securely using the SSL implementation of your browser, using WebCrypto feature build into current browsers. Your private key never leaves your machine and we can't see it.
If you prefer to generate your own keys (or your browser doesn't have WebCrypto), we still provide per-user commands for Unix/OpenSSL and Windows Powershell/certreq. Just paste the command and you'll have a CSR instantly - no answering questions in a terminal! Paste the results into the box provided and we'll get to work validating your company and turning into that CSR into an EV certificate.
One of the EV requirements is the Qualifying Independent Information Source - ie, a business directory like Dunn and Bradstreet. If a customer doesn't already meet the QIIS requirement - which is fairly common amongst smaller companies - they'll need to request that a QIIS reviews and publishes an entry for their business. Not all QIISs are relevant in every country, nor are all of them relevant to every order. We send customers to the single fastest-updating QIIS for their individual order.
While we officially quote an average validation 5 hours, but recently many of our EV validations have been occuring in less than an hour. We now validate in real time - you can watch live as as a human inspects your domain names, performs further research into your company, and other EV validation steps are completed. As soon as the certificate is issued your browser will update and the certificate will download automatically.
We now inspect a customer's existing infrastructure and provide the instructions for both installing their certificate and configuring their SSL termination to pass both SSL Labs and browser checks.
We consider the application servers, load balancers, and hosting providers being used, preferring the latter in that list. It's a little work for us, but for customers it means the right help for SSL on their infrastructure.
Most of our customers are startups, and the US ones are often registered in Delaware. However Delaware are one of the hardest Secretaries of State for access to business data. It took some work but we now have all 3 million plus registered business entries for Delaware.
We're already the best place for companies to prove their identities online, but we've got so much we want to do in future. If you've got questions, ideas or feedback, here's my email address - Mike.
Mike MacCana, founder at CertSimple.
An EV HTTPS certificate verifies the company behind your website. But getting verified is a slow painful process. CertSimple provides EV HTTPS certificates 40x faster than other vendors. We check your company registration, network details, physical address and flag common errors before you pay us, provide verification steps specific for your company, update in realtime during the process, and even check your infrastructure to help you set up HTTPS securely.
Verify your site now!