GlobalSign is an external service who verify market participants and messages. They act as the Certificate Authority (CA), which means they are a trusted organisation that issues digital certificates to verify the identity of websites, people, or devices online.
How the vetting works
GlobalSign will call the number for your company headquarters that they have uncovered from their secure vetting process. It does not matter if the contact is located there or not, only that their call is transferred to the contact so they can speak with them, or they are given the contact’s phone number (landline or mobile) or email address so they can contact them.
If neither of these happen, GlobalSign will send a letter by post for that contact to the registered business address, so that they can contact GlobalSign directly.
Domain registration
Domain registration verifies domain ownership and is an important aspect in issuing digital certificates.
The Certificate Admin will work with their own DNS admin to allow GlobalSign to verify ownership. The Certificate Admin will be asked to input the domain name used for GlobalSign verification. GlobalSign will then create an input that needs to be placed into the DNS record.
GlobalSign checks the DNS record of the domain to see if the ‘Name’ = ‘@’ and the VALUE is a ‘txt’. This will be added by the DNS admin into the record. This proves ownership as only the domain owner can change the DNS record.
Why is this step needed?
The DIP will check that messages are being sent from the right address using the information provided in domain registration. The domain registration is used in conjunction with the PKI (x.509 certificate) to allow multiple identities to be associated with a single certificate.
A DIP user may have multiple market roles. For example, a DNO will have a UMSO, REGS and LDSO role. Rather than having three different certificates you will only require one, as these function all come from the same domain. This simplifies the certificate management process.