More

Validation

  • What is validation process for issuing an SSL certificate?

    The procedures are different and depend on certificate validation type (DV, OV or EV).

    After ordering it is necessary to send the CSR file that contains encrypted information about the customer.

    DV - domain verification, after filling the data in the wizard SSL, you will receive a link with the code for approval. Mail is sent to the address of the domain for which the certificate is issued, eg admin@example.com, webmaster@example.com. For some certificates are also available alternative methods of validation, which inform the assistant SSL.

    OV - The entity data contained in the CSR must be consistent with the data in the official databases. Verification entity may consist of several stages and is dependent on the certificate issuer and the entity that is applying for a certificate.

    1. Domain Verification by checking domain ownership and sending a code for verification.

    2. Verification of the data in the governmental databases. 

    3. In some cases, verification by an external entity along with a written confirmation of the existence of the entity applying for an SSL certificate or paper application along with the documents of the entity applying for a certificate.

    4 Verification with popular telephone books in the country along with telephone confirmation of the data.

    For EV certificates is required to send the agreement along with the application for an SSL certificate.

  • What do the different validations mean?

    DV certificates (Domain Validation) are issued in a very short time. Verification of the data needed is done remotely. Details of certified organization are not verified and displayed.

    OV certificates (Organization Validation) display the details of verified organization that owns the SSL certificate.

    EV certificates (Extended Validation) is a special type of SSL certificates with an extended validation. Websites with domains protected by EV certificates show the full verification of the entity by changing the color of the address bar (to green). Visitors can be sure that transactions on the secured website are safe and trustworthy.

  • Which validation is right for me?

    Before you choose a validation type, consider what kind of benefits (except encryption) a certificate should offer your site.

     

    Owners of smaller scale websites that treat securing data transfers as the most important issue will probably decide to install a DV certificate.

     

    However when the service should inform clearly: who the owner of the site is, which organization is responsible for securing it, and the legality of the business – the best validation at a  minimum is OV.

     

    For large websites that transfer sensitive data – banking systems, government sites, or health care services – EV validation is recommended. It is the most time consuming validation process because it verifies all the relative details about the named company. After the EV application process is complete, the website operates with an exclusive SSL certificate showing the name of the website owner. Additionally, the address bar of a EV secured websites changes to a shade of green which gives visual confirmation to the user that the website is encrypted and it is now safe to share personal/financial information.

  • Why do you ask for documentation before the application?

    Strong validation is essential for e-commerce growth. Before issuing a SSL we check that the applicant owns or has legal rights to the domain name and is a legal entity. 

  • Methods of Domain Validation
    All standard SSL certificates (DV, OV, EV) must pass through domain validation before the SSL certificate will be issued. Domain Validation (DV) proves ownership and control of registered name.
     
    3 methods of validation:
     
    1. E-mail
    Certificate Authority (CA) sends an e-mail to the administrative contact for your domain. It contains the link and validation code. You have to click the link and enter the code.
     
    2. DNS CNAME
    CA hashes your CSR and the hashed values are provided to you. It must be entered as a DNS CNAME record for your domain.
     
    The hashes are as:<MD5 hash of CSR>.yourdomain.com.  CNAME  <SHA1 hash of CSR>.companyca.com.Note: Fullstops after each domain name is required to make the entry fully-qualified.
     
    3. HTTP
    CA hashes your CSR and the hashed values are provided to you. You must create a simple text file and place it on your server and served just over HTTP.
     
    The file should be:
    http://yourdomain.com/<Upper Case MD5 hash of CSR>.txt. Content:<SHA1 hash of CSR>
    your_ca.com
     
    Note: Serving the page over HTTPS or HTTP 302 will fail. Please use only HTTP for this procedure.