Microsoft PKI Services Corporate Certification Practice Statement (CPS) v3.1.7
© 2023 Microsoft Corporation Page 3 of 56
3.1.6 Recognition, Authentication, and Role of Trademarks ........................................................ 19
3.2 INITIAL IDENTITY VALIDATION ............................................................................. 20
3.2.1 Method to Prove Possession of Private Key ........................................................................... 20
3.2.2 Authentication of Organization Identity ................................................................................ 20
3.2.2.1 Identity ............................................................................................................................................. 20
3.2.2.2 DBA/Tradename .............................................................................................................................. 20
3.2.2.3 Verification of Country ................................................................................................................... 20
3.2.2.4 Validation of Domain Authorization or Control .......................................................................... 20
3.2.2.4.1 Validating the Applicant as a Domain Contact ..................................................................... 20
3.2.2.4.2 Email, Fax, SMS, or Postal Mail to Domain Contact ........................................................... 20
3.2.2.4.3 Phone Contact with Domain Contact ..................................................................................... 20
3.2.2.4.4 Constructed Email to Domain Contact .................................................................................. 20
3.2.2.4.5 Domain Authorization Document .......................................................................................... 20
3.2.2.4.6 Agreed-Upon Change to Website ........................................................................................... 21
3.2.2.4.7 DNS Change ............................................................................................................................. 21
3.2.2.4.8 IP Address ................................................................................................................................ 21
3.2.2.4.9 Test Certificate ......................................................................................................................... 21
3.2.2.4.10 TLS Using a Random Number ............................................................................................. 21
3.2.2.4.11 Any Other Methods ............................................................................................................... 21
3.2.2.4.12 Validating Applicant as a Domain Contact ......................................................................... 21
3.2.2.5 Authentication for an IP Address .................................................................................................. 21
3.2.2.6 Wildcard Domain Validation ......................................................................................................... 21
3.2.2.7 Data Source Accuracy ..................................................................................................................... 21
3.2.2.8 CAA Records ................................................................................................................................... 21
3.2.3 Authentication of Individual Identity .................................................................................... 21
3.2.4 Non-Verified Subscriber Information .................................................................................... 21
3.2.5 Validation of Authority ........................................................................................................... 21
3.2.6 Criteria for Interoperation ...................................................................................................... 22
3.2.7 Criteria for PKI Operating Groups ....................................................................................... 22
3.3 IDENTIFICATION AND AUTHENTICATION FOR RE-KEY REQUESTS .......... 22
3.3.1 Identification and Authentication for Routine Re-Key ........................................................ 22
3.3.2 Identification and Authentication for Re-Key After Revocation ......................................... 22
3.4 IDENTIFICATION AND AUTHENTICATION FOR REVOCATION REQUEST 22
4. CERTIFICATE LIFE-CYCLE OPERATIONAL REQUIREMENTS .......22
4.1 CERTIFICATE APPLICATION .................................................................................... 22
4.1.1 Who Can Submit a Certificate Application ........................................................................... 22
4.1.2 Enrollment Process and Responsibilities ............................................................................... 23
4.2 CERTIFICATE APPLICATION PROCESSING ......................................................... 23
4.2.1 Performing Identification and Authentication Functions .................................................... 23
4.2.2 Approval or Rejection of Certificate Applications................................................................ 23
4.2.3 Time to Process Certificate Applications ............................................................................... 23
4.3 CERTIFICATE ISSUANCE ............................................................................................ 23
4.3.1 CA Actions During Certificate Issuance ................................................................................ 23
4.3.2 Notification to Subscriber by the CA of Issuance of Certificate .......................................... 24
4.4 CERTIFICATE ACCEPTANCE .................................................................................... 24
4.4.1 Conduct Constituting Certificate Acceptance ....................................................................... 24