Organisation Assurance in Belgium
These notes are Belgium specific. In fact, some stuff is optimized to my own workflow, so another organisation assurer might deviate from this.
I wrote this in the form of a checklist. Please walk through it before sending your COAP. Because some stuff is very specific, some words are in Dutch.
Some things are more strict than is strictly required by CACert policy. I'm doing it this way because I'm rather sure than having doubt.
A. Is your company legally registered?
Please go to the Kruispuntbank and verify you can lookup your organisation in this database. After clicking the search button, click on your organisation number. On the next page at "Maatschappelijke naam" there's the official name registered for your organisation. "Maatschappelijk adres" is the registered address. Click on "Aantal vestigingseenheden: #". You can find "Naam vestigingseenheid" here.
For a "eenmanszaak" you can choose which of the 2 names you use on your COAP. For other types of organisations you can only use the first one, listed at "Maatschappelijke naam" (Rule not really final, contact me if you believe this rule should be changed).
B. Filling in the COAP correctly
B.1 Organisation Identity Information
I'll refer to the company details as you can find on Kruispuntbank.
Name of organisation: fill in as determined by A.
Address: this should match "Maatschappelijk adres" as in A.
Type: specify in Dutch, exactly as it says in "Rechtsvorm".
Registered trade names: only fill this in if you have any. You have to provide proof that you own these names when filled in.
Registration: fill in your "Ondernemingsnummer".
Internet domains: you'll want to list the domain names that you own. You will only be able to issue certificates for these domains after the assurance. For each domain name you list here, verify with the whois information on the domain that the domain owner is the same as what you filled in with "Name of organisation".
Organisation Administrator: List the name of the person in your organisation which will get access and permissions to issue certificates for the specified domains. The organisation administrator must be a CACert Assurer and thus also have a CACert account. The emailaddress listed here must be the emailaddress that he uses to login to cacert.org. The organisation administrator must also have passed the assurer's challenge.
B.2 Organisation's Statement
This has to be filled in by someone who is authorized to sign for the company. Who this is depends on the type of company ("rechtsvorm"). I might add specifics later, currently just make sure you can convince me that the name under "Director" is authorized to sign for the company. You probably need to send me a copy of your "statuten". Please mark references to the name of the director to make it easy for me to verify he's authorized to sign.
The Organisation Administrator must verify, like when doing a regular assurance, that the person signing next to the director's name really is who he claims to be. So I will verify the director is authorized to sign, the organisation administrator verifies that the signature belongs to the director.
B.3 Organisation Assurer's Statement
That's for me to fill in. Don't write in this area.
C. Sending me all the documents
I prefer you send everything by email. Put all documents in an archive (like .tar.gz) and digitally sign this in a way that I can verify it's really you (eg with a cacert certificate, or with your gpg key which is signed by cacert).
I require that you put a text file in the archive saying exactly this:
I, <your name>, witnessed the signing of the section "Organisation's Statement" and I verified the identity of the signer to be <director's name>. I am CACert assurer with at least 100 points and I passed the assurer's challenge.