If it was for an organization, you only got the cert because they didn't catch it. For some reason, my account got flagged as high-risk, and every cert I request needs manual review. During one of those reviews, they rejected my cert request and told me that since it was for an organization, I needed organizational validation. This was for a standard certificate—not extended validation. I think they must've either visited the company website or checked whois.
Their FAQ alludes to this, but doesn't really make it explicit:
> The certificate is for my company, what shall I do?
> In the Class 1 settings (free), the only possible relationship between StartCom and the subscriber is
> with individuals, i.e. natural persons. StartCom has no relationship with the organization a subscriber
> may represents and acknowledges only the subscriber. All responsibilities according to the StartCom
> CA Policy are that of the subscriber personally, even in case he/she decides to obtain certification as
> an employee or representative of an organization.
> Organizations should perform Class 2 validation and an organization name may only appear in a digital
> certificate at Class 2 level and higher.
Their FAQ alludes to this, but doesn't really make it explicit:
> The certificate is for my company, what shall I do?
> In the Class 1 settings (free), the only possible relationship between StartCom and the subscriber is > with individuals, i.e. natural persons. StartCom has no relationship with the organization a subscriber > may represents and acknowledges only the subscriber. All responsibilities according to the StartCom > CA Policy are that of the subscriber personally, even in case he/she decides to obtain certification as > an employee or representative of an organization. > Organizations should perform Class 2 validation and an organization name may only appear in a digital > certificate at Class 2 level and higher.
http://www.startssl.com/?app=25#2