Every day we get a lot of questions about validation procedure for different SSL certificates. Therefore, we have prepared detailed instructions on how to pass the validation for issuing SSL certificates with domain validation, organization or extended validation.
Certificate validation process with domain validation (DV)
SSL certificates with domain validation are issued the fastest. Usually it takes 3-5 minutes to be verified and get a certificate. You don’t need any documents, all you have to do is prove that you manage the domain.
One single step – DCV (Domain Control Validation)
A domain control check is a domain ownership check. There are several different ways to verify a domain, such as checking by Email, via DNS CNAME, or using an HTTP/HTTPS Hash file.
Via E-mail (the most popular way)
DCV verification via e-mail is the most traditional way to pass domain ownership verification. The Certification Authority sends an email to your domain’s administrative contacts. The letter contains a unique code for validation and a link. Follow this link and enter the code to verify the domain
You may only use the following addresses for verification: admin@, administrator@, hostmaster@, webmaster@ and postmaster@. In some cases, you can use the email address listed in the WHOIS of your domain, to do this must be turned off in the domain hiding data.
Via DNS CNAME
To check a domain with a DNS CNAME record, you need to use the hash that comes from the CSR query you send. This can take up to 24 hours, depending on the TTL on your DNS server.
With HTTP/HTTPS hash file
Quick and easy way to pass domain validation – you just need to upload a text file (.txt) which contains hash of your CSR request. This file must be accessible via the web. Use the HTTPS method when an SSL certificate is already installed on your site and the site is accessible via HTTPS://
An additional step is brand validation (optional)
In some cases, the Certification Authority may request an additional manual check, for orders marked for brand validation. It usually takes 1-2 days to check and issue a certificate or reject the order.
Here are some situations in which a domain may be subject to manual verification:
- The order came from countries such as South Korea, North Korea, Sudan, Afghanistan, Iran or Iraq.
- The domain contains a well-known brand, such as sony-shop.net, dellshop.com or facebook.com. For example, the domain may be sibmama.com, but the verification system can read it as “sIBMama” and mark the brand “IBM”.
- The domain contains “stop words” such as: pay, online, secure, booking, shop, bank, transfer, money, e-payment, payment, protection, violence and others.
Validation process of SSL certificates with organization validation (OV)
SSL certificate validation with organization validation includes three steps: domain ownership validation, organization validation and callback. The process can take 2-5 business days if all documents are in order and submitted on time.
The first step is the domain check or DCV check.
This step is completely identical to the same verification in certificates with domain validation, so we do not describe it again.
The second step is to check the organization
To pass the organization’s inspection, you may need to provide some official documents to the certification center. Usually this is a certificate of state registration or an extract from the register. Documents can be submitted by mail, fax, or e-mail in PDF/JPG format.
- Option A (the most popular)
Check the legal status of the company through the state public registers, using the company name or identification number (EDRPOU) - Option B
The company can be verified through public private directories, such as
Duns & Bradstreet
Kompass.com
Ua-region.com.ua
Infobel.com.
Hoovers - Option B
The company can be verified by the following documents:
– Constituent documents (with address)
– Certificate of state registration (with address)
– A copy of a recent company account statement (you can hide the account number)
– A copy of the company’s recent phone bill
– A copy of a recent large utility bill for the company (i.e., electric bill, water bill, etc.) Or a current lease agreement for the company
The third step is a callback
The last step is a callback. For certificates with organization verification, some certification centers use an automatic callback procedure.
For example, the Comodo robot calls a verification number and tells you a code to verify. To pass the validation of the official phone number there are these options:
- Option A (GeoTrust/Thawte/Symantec only)
The Certification Authority checks the phone number through public yellow pages or directory databases, such as http://www.numberway.com or http://world.192.com - Option B
The Certification Authority can verify the number through trusted databases, such as
Duns & Bradstreet, Hoovers and others. - Option B
A letter on official letterhead or a letter signed by a notary. The Certification Center can check the notary.
SSL certificate verification process with extended validation (EV)
SSL certificates with extended EV validation are the certificates with the highest level of trust, and therefore with the most thorough validation. It usually takes 4-7 business days to go through all the paperwork.
The first step is to send the documents
Comodo can start checking by filling out two special forms, while Symantec/Thawte/GeoTrust first check the order (2-3) business days and then send you a special form.
- Only Comodo
Please fill out these 2 forms and send to Comodo:
Certificate Request Form
EV SSL Subscriber Agreement - Symantec/GeoTrust/Thawte
You will receive a customized form 2-3 days after ordering
The second step is to check the organization
This step is completely identical to the one for certificates with organization validation.
The third step is to check the domain
This step is completely identical to the one for certificates with domain validation and organization validation.
The fourth step is to call back
This step is completely identical to the one for certificates with organization validation.