Jason Parms

The value of SSL does not only lie in the transfer of encrypted information, but the benefit of having SSL also lies in its validation process. The validation methods of SSL certificate put the business in a front row over the web by providing a robust identity verification process carried out by CAs (Certificate Authorities). SSL validation method decides the price, delivery time, and authenticity level for an SSL certificate.

Certificate Authority follows three types of the validation process and it depends on which type of certificate you choose.

Domain Validation Process:

Domain validation is one of the basic and quick SSL certificate validation types that can be issued within minutes without requiring any legal documents by CAs.

To get Domain Validation Certificate, applicant must need a generic address to prove that the person is authorized and has control over the domain name.

  • admin@yourdomain.com
  • hostmaster@yourdomain.com
  • webmaster@yourdomain.com
  • administrator@yourdomain.com
  • postmaster@yourdomain.com

The applicant must confirm the ownership of the domain by providing the above email address.

The Domain validation certificate authority could check the WHOIS record (The ownership and contact information connected with the domain name) to confirm the provided email address.

CA confirms the company name and generic address that is presented with the certificate purchase order. CA could match the applicant is the same person who is shown in the WHOIS record.  Domain validation only confirms the domain authorship of an applicant; it does not validate the identity of an organization. For a new and small organization, domain validation certificate is a good start.

Organization Validation Process:

When you purchase Organization Validation Certificate, CA validates the organization details associated with certificate requester. Establish an identity over the web and let give customers chance to show the business details incorporated in a certificate. Business validation follows one-step advance process than domain validation. It not only verifies your domain name but also validates the company, furnishing dual trust for visitors/clients. The user can see HTTPS in the address bar of the browser, a padlock. The CA wants to validate some documentation before issuing a certificate is as follows.

  • Certificate authority can contact the secretary of state or local authority to verify the existence and validity of your business. In case, when the office is outside of the US, the CA can consider various databases.
  • If the information listed in the CSR does not match with collected information, the authority ask for further documentation like Articles Of Incorporation, Fictitious Name / Doing Business As Document, Business Licensing (state/city licensing, right to use tax permit), Bank Statement (must be printed, not from online sources), Merchant Account Statement (must be printed), and Utility/Telephone Bills.
  • If the business has no legal identity and in case an applicant wants to use a personal name on the SSL certificate, it requires government issued identification, driving license, and passport.

Extended Validation Process:

Extended Validation follows a strict authentication process by confirming business related legitimate documents along with the details of a certificate request. Certificate Authority will take a few days to verify the provided details and documents before issuance of the certificate. The CA investigates the following measurements before issuing an EV SSL certificate.

  • A customer wishing to get SSL certificate must have domain control. The CA could verify WHOIS record/website registration record.
  • The CA also checks whether the applicant is the same identity who has applied for the certificate. For that, The CA can contact the HR department of a company to verify the identity of a person who has signed the contract.
  • The company’s name printed in government records should match with the name given to the CA. If any alternate name is found, then it should be verified in qualified databases.
  • Certificate authority also verifies the address given in government databases against the address given for the certificate. If the given address is, differ than on-site visit becomes compulsory to solve out variation. Investigators may require taking pictures of business operations or talking with company personnel.
  • The CA can call the given telephone number to verify the number that should be the same as listed on the certificate application.

Extended Validation process carries the utmost level of validation therefore; visitors and customers can put trust on website by verifying detailed ownership information. Extended Validation Certificate helps to prevent phishing attack by enabling green address bar in the browser, which is encourage your customers to complete their online transactions. As a result, the overall sales of a company would increase.