Description of SSL certificate validation process

Every day we get a lot of questions about validation procedure for different SSL certificates. Therefore, we have prepared detailed instructions on how to pass the validation for issuing SSL certificates with domain validation, organization or extended validation.

Certificate validation process with domain validation (DV)

SSL certificates with domain validation are issued the fastest. Usually it takes 3-5 minutes to be verified and get a certificate. You don’t need any documents, all you have to do is prove that you manage the domain.

One single step – DCV (Domain Control Validation)

A domain control check is a domain ownership check. There are several different ways to verify a domain, such as checking by Email, via DNS CNAME, or using an HTTP/HTTPS Hash file.

Via E-mail (the most popular way)

DCV verification via e-mail is the most traditional way to pass domain ownership verification. The Certification Authority sends an email to your domain’s administrative contacts. The letter contains a unique code for validation and a link. Follow this link and enter the code to verify the domain

You may only use the following addresses for verification: admin@, administrator@, hostmaster@, webmaster@ and postmaster@. In some cases, you can use the email address listed in the WHOIS of your domain, to do this must be turned off in the domain hiding data.

Via DNS CNAME

To check a domain with a DNS CNAME record, you need to use the hash that comes from the CSR query you send. This can take up to 24 hours, depending on the TTL on your DNS server.

With HTTP/HTTPS hash file

Quick and easy way to pass domain validation – you just need to upload a text file (.txt) which contains hash of your CSR request. This file must be accessible via the web. Use the HTTPS method when an SSL certificate is already installed on your site and the site is accessible via HTTPS://

An additional step is brand validation (optional)

In some cases, the Certification Authority may request an additional manual check, for orders marked for brand validation. It usually takes 1-2 days to check and issue a certificate or reject the order.

Here are some situations in which a domain may be subject to manual verification:

  • The order came from countries such as South Korea, North Korea, Sudan, Afghanistan, Iran or Iraq.
  • The domain contains a well-known brand, such as sony-shop.net, dellshop.com or facebook.com. For example, the domain may be sibmama.com, but the verification system can read it as “sIBMama” and mark the brand “IBM”.
  • The domain contains “stop words” such as: pay, online, secure, booking, shop, bank, transfer, money, e-payment, payment, protection, violence and others.

Validation process of SSL certificates with organization validation (OV)

SSL certificate validation with organization validation includes three steps: domain ownership validation, organization validation and callback. The process can take 2-5 business days if all documents are in order and submitted on time.

The first step is the domain check or DCV check.

This step is completely identical to the same verification in certificates with domain validation, so we do not describe it again.

The second step is to check the organization

To pass the organization’s inspection, you may need to provide some official documents to the certification center. Usually this is a certificate of state registration or an extract from the register. Documents can be submitted by mail, fax, or e-mail in PDF/JPG format.

  • Option A (the most popular)
    Check the legal status of the company through the state public registers, using the company name or identification number (EDRPOU)
  • Option B
    The company can be verified through public private directories, such as
    Duns & Bradstreet
    Kompass.com
    Ua-region.com.ua
    Infobel.com.
    Hoovers
  • Option B
    The company can be verified by the following documents:
    – Constituent documents (with address)
    – Certificate of state registration (with address)
    – A copy of a recent company account statement (you can hide the account number)
    – A copy of the company’s recent phone bill
    – A copy of a recent large utility bill for the company (i.e., electric bill, water bill, etc.) Or a current lease agreement for the company

The third step is a callback

The last step is a callback. For certificates with organization verification, some certification centers use an automatic callback procedure.
For example, the Comodo robot calls a verification number and tells you a code to verify. To pass the validation of the official phone number there are these options:

  • Option A (GeoTrust/Thawte/Symantec only)
    The Certification Authority checks the phone number through public yellow pages or directory databases, such as http://www.numberway.com or http://world.192.com
  • Option B
    The Certification Authority can verify the number through trusted databases, such as
    Duns & Bradstreet, Hoovers and others.
  • Option B
    A letter on official letterhead or a letter signed by a notary. The Certification Center can check the notary.

SSL certificate verification process with extended validation (EV)

Extended EVSSL certificates are the certificates with the highest level of trust, and therefore with the most thorough verification. It usually takes 4-7 business days to go through all the paperwork.

The first step is to send the documents

Comodo can start checking by filling out two special forms, while Symantec/Thawte/GeoTrust first check the order (2-3) business days and then send you a special form.

The second step is to check the organization

This step is completely identical to the one for certificates with organization validation.

The third step is to check the domain

This step is completely identical to the one for certificates with domain validation and organization validation.

The fourth step is to call back

This step is completely identical to the one for certificates with organization validation.

 SSL Certificates
Total 0 Votes:
0

Tell us how can we improve this post?

+ = Verify Human or Spambot ?