They’re being a little silly; they can get the information for themselves and check it against a public CA, assuming that’s how you’ve set things up; they’ve probably just not checked whether this info is verifiable. (If it wasn’t signed by a public CA, they’d be right to ask as there’s just no way to be sure that you’re not already being spoofed.) Still, there’s no harm in giving the information out through other channels too.

What they want is the public part of the key pair (not the private part!) that is used to establish the server’s identity for HTTPS. It’s fine to hand that out; you could also have a copy of it printed in your local newspaper and that would not decrease your security at all. There’s a fair chance you’ve got the information still from when you were setting the server up; it’s the information that is returned to you from the certificate authority (usually in a PEM file). If not, you can extract the information from your server’s keypair with keytool:

keytool -exportcert -rfc -file publickey.pem -keystore path/to/keystore -alias theAlias

There are many other options to keytool (e.g., for different formats of keystore) and you might need to experiment to get the right set.