SSL Validation Processes

  Print
Type of SSL Certificate Validation:

1.Domain Validation (DV)
2.Organization Validation (OV)
3.Extended Validation (EV)

  • Domain Validation (DV):

    • Email Based Domain Validation
The aim of our domain validation process is to ensure that the individual requesting a certificate does, in fact, have authority to request a certificate for the domain in question.

Domain validation can include emails or phone calls to the contact listed in a domain's whois record, as well as emails to default administrative addresses at the domain. For example, we would be able to send an authorization email to administrator@domain.com or webmaster@domain.com, but not tech@domain.com. In cases where a domain is controlled by a party other than the party requesting a certificate, simple methods are in place to quickly complete the process of getting approval to issue a certificate from the actual domain owner.

Note: Domain validation can include emails or phone calls to the contact listed in a domain's WHOIS record, as well as emails to default administrative addresses at the domain

Selecting this method prompts the vendor to send an email to the registrant, requesting that they confirm the details of the certificate. Once this information has been confirmed, the vendor will send the registrant the certificate for installation onto the registrant's web server. The list of acceptable email addresses for any given domain are:

Upon submitting the order in the OpenSRS Control Panel, a DNS string is immediately provided, and should be added to the DNS for the domain.

There are two elements required for creating the DNS record to complete the validation, the random string and the timestamp. A subdomain is created with the random string pointing to the timestamp.

Example CNAME record: seQ456Ou5yjGbkYIGTO4MBhb91qnb5rE.brianc.com points to s20160723202445.brianc.com

Please note: The DNS CNAME provided is valid for 24 hours. After adding the CNAME to the zone records, please wait 24 hours for the validation process. If 24 elapses before this string is added to the registrant's DNS records, a new one must be obtained by querying the trust order details.

Here's how:

1. In the OpenSRS Control Panel, head to the product order, copy the new CNAME value and enter it in the zone information. After that, click on "Request validation from vendor.” Please wait up to 24 hours for the validation process before requesting another one. The timestamp on the CNAME will change every time the page is refreshed but the previous codes are valid for 24 hours.

OR

2. Use the get_order_info API command to view this information. See example 9 in our API XML guide.

Upon submitting the order in the OpenSRS Control Panel, a TXT file is immediately provided, and should be uploaded to the following directory:

<commonname>/.well-known/pki-validation/fileauth.txt

the vendor will check the website for this file and, after confirming it has been uploaded, validate the certificate.

  • Organization Validation (OV):
When corporate identity validation is important, an SSL Certificate for the organization assures customers that the website is trustworthy and secure. Only verified representatives of the organization may purchase these certificates and business licenses or other proof is required. The Certificate Authority will verify through phone call to ensure that the certificate request is legitimate.

  • Extended Validation (EV):
With Extended Validation, as well as displaying the certificate seal, the address bar is displayed in green, providing customers with an extra level of confidence. The green address bar is a strong visual indication that the site has an Extended Validation Certificate. The Security Status bar displays the organization name and the name of the Certificate Authority (CA).

In order to be approved for an Extended Validation certificate, the certificate authority will actively check the Organization and the individual applying for the certificate. This is to verify that the Organization is positively the Organization they claim to be, and the individual requesting the certificate is someone who is authorized to request a digital certificate. Extended Validation may take as long as one week to complete.

0 out of 0 people found this article useful.

Related Articles

Self-Hosted Help Desk Software by SupportPal.

Login

 
Forgot password?
Register now

Language