Knowledgebase

The validation procedures are different and depend on the certificate validation type (DV, OV or EV). 
After ordering an SSL certificate it is necessary to send the CSR file that contains the encrypted information about the customer. The CSR file must match the private and/or companies documents. First, the domain name is verified. The owner of the domain name has to be the same person who is ordering the certificate. Data about the owner is usually checked in the public database of registered domain names, WHOIS. If the data is hidden or different from the data contained in the order, it is necessary to obtain an authorization letter from the owner of the domain. It must confirm that he applied for a SSL certificate. This protects the owner from fraud and verifies that he/she actually wants to protect the domain. There are also other methods to verify that the customer has the right to manage the domain (e.g. filling in specific information on the registration document etc.). Then the documents needed to issue OV and EV certificates are checked.

• Individual customers have to send a copy of an identification document (ID card, passport, or drivers license).
• Sole proprietorship must send a scanned copy (depends on the country) of the: VAT Number, Trade registration number, Business License,  Number of company, Merchant Certificate etc.
• Commercial companies must send a scanned copy of the: VAT Number, Companies trade registration number, and the firm’s registration (Company registration no., Partnership Agreement, no older than 3 months).
• When ordering an EV certificate the owner must also fill-out, sign, and send the Agreement and the Request to the Certification Authority.

All of the validation procedures are in English, and it is important that the contact person is able to willfully comply with the documents. The Certification Authority contacts the customer by mail and by phone. Sometimes it is required to submit additional documents. It can be for example a phone bill, which includes the name of the organization, it's address and phone number given as a public record, proof of independent parties certification (mostly D&B) or in the case of a company being present for less than 3 years, a verifying letter from a reliable bank stating that the company holds an account within that financial institution.

Vendors (e.g. Symantec VeriSign and Thawte) will also check whether the contact person is employed by the company, whether he/she is representative of the companies on-line security and whether he/she has the authorization to obtain a SSL certificate. If the person in this position is outside the organization, it is required to confirm the personal data by an authenticated deed, a business letter, or contacting a manager with the Certification Authority. Furthermore, the e-mail address to obtain the certificate must be created in the domain, which will be secured with the SSL certificate.

Authorization Center can also ask the lawyers, the accounting department, or refer to independent sources to verify the individual data.

If you have any questions about validation, please contact us: [email protected] or +1 626-377-9979 (Mon - Fri from 8 a.m. to 5 p.m. PST).

For all other questions please visit our Knowlegebase, Contact us page or submit a Support Ticket.