Getting Your SSL Certificate Issued
A trust hierarchy demands that entities "vouch" for each other. Companies that issue SSL Certificates are in the business of establishing that entities on the internet are, in fact, who they claim to be.
The potential for criminal activity on the internet (in relevance to SSL), is in the online hijacking of websites or connections to syphon encrypted data. Persons so inclined can easily copy website interfaces and pose as well known vendors, simply to collect data. The use of an SSL Certificate prevents this from occurring because we will only issue an SSL Certificate to a legitimate entity.
There are new, low cost alternatives in which SSL Certificates can now be issued quickly. These SSL Certificates verify that the holder is the owner of that domain, ensuring customers that the owner of the SSL Certificate is who they claim to be.
The type of SSL Certificate purchased will determine the Validation process your SSL Certificate must go through before issuance.
Trustico® offers 3 types of SSL Certificates Domain Validated (DV), Organizational Validated (OV) and Extended Validation (EV). Each of these SSL Certificate types have their own validation procedures, that must be met before issuance of the SSL certificate can happen.
Domain Validation (DV) Requirements
Domain Validated SSL Certificate products are authenticated using the one of three validation methods.
- Approver E-Mail Domain Control Validation (DCV)
- HTTP / File Based Domain Control Validation (DCV)
- DNS CNAME Based Domain Control Validation (DCV)
In the event an order is queued for review the administrative contact must be a full time employee of the company for successful issuance. A verification telephone call with the administrative contact may be required.
Orders for major corporations, well known trademarks and financial institutions may be queued for further security reviews prior to issuance.
More information on Domain Validated SSL Certificates validation methods can be found here.
Approver E-Mail Verification System
When choosing to purchase a Domain Validated SSL Certificate an approver will be chosen during the ordering process. We will send an Approver E-Mail to the designated approver. The following generic e-mail addresses are currently able to be used :
The above addresses are generic addresses. Applicants must choose a generic address to prove that they administer the domain name purchasing the SSL Certificate. If we are able to retrieve the contact e-mail address from the WHOIS database it can also be used.
If during the ordering process we are unable to retrieve the contact e-mail address from the WHOIS database, please proceed by choosing a generic address and then Contact Us as it may be possible for us to manually update the order with the contact e-mail address from the WHOIS database.
Organization Validation (OV) Requirements
Organization Validated SSL Certificate products assist with consumer confidence as they require strict authentication and include an organization name within the SSL Certificate.
During the ordering process you must ensure the organization you specify is an active entity and can be confirmed by the government authority responsible for registering the entity within the specific jurisdiction.
An exact match between the organization name specified during the order process and the government authority is required.
More information on Organisation Validated SSL Certificates validation methods can be found here.
Extended Validation (EV) Requirements
Extended Validation SSL Certificates achieve the highest level of consumer trust through the strictest authentication standards of any SSL Certificate. Extended Validation verification guidelines require us to obtain and verify multiple pieces of identifying information.
An Extended Validation SSL Certificate offers more than just encryption, as it also enables the organization behind the website to present its own validated identity of legal, physical and operational existence and hence authenticate itself to website visitors.
A trust hierarchy demands that entities "vouch" for each other. Companies that issue SSL Certificates are in the business of establishing that entities on the internet are, in fact, who they claim to be. The potential for criminal activity on the internet (in relevance to SSL), is in the online hijacking of websites or connections to siphon encrypted data. Persons so inclined to can easily copy web site interfaces and pose as well-known vendors, simply to collect data. The use of an EV SSL certificate prevents this from occurring because we will only issue an EV SSL certificate to a legitimate entity.
To ensure your SSL Certificate request is processed quickly, you will be required to provide authentication documents. More Information
Manual Verification For OV & EV
Organizational Validated (OV) and Extended Validated (EV) products require manual verification. When a product requires manual verification certain requirements must be met and will be stated within the product information pages.
Sample documents that may be required to support the SSL Certificate application are :
- Articles Of Incorporation
- Fictitious Name / Doing Business As Document
- Business Licensing
- Bank Statement
- Merchant Account Statement
- Utility & Telephone Bills
The administrative contact of the order will be contacted for further information if documentation is required.
A verification telephone call with the administrative contact will usually be required before issuance. The telephone number must be publicly listed in an approved telephone directory.
It is recommended that the organization be listed at Dun & Bradstreet as it is one of the world's leading sources of commercial information and insight on businesses - which external companies rely on to make critical business decisions.
Additional Validation Information
All certificate types (Single Domain SSL Certificates, Wildcard SSL Certificates, Multi Domain SSL Certificates/Unified Communication Certificate) can be validated with any of the available DCV (Domain Control Validation) mechanisms. Multi Domain Certificates can use different mechanisms for each FQDN (Fully Qualified Domain Name) in the request.
We no longer consider proof of control of 'www.DOMAIN.com' as also proving control of 'DOMAIN.com'. Previously, if you ordered a certificate from us for the 2 FQDNs (www.example.com and example.com) and validated e.g. using HTTP_CSR_HASH on www.example.com, we took that to also demonstrate control of example.com. That is no longer the case.
It remains the case that validating control of example.com is sufficient for the validation of an SSL Certificate to contain both example.com and www.example.com.
Order Queuing & Fraud Prevention
In the event an authentication procedure fails or our system suspects possible fraudulent activity, the order may be queued for manual review. Also, occasionally orders are randomly queued for manual review. Please Contact Us if your order is queued and you require further assistance.
Authentication engines are programmed to automatically flag certain orders for a quality review before issuance. The system looks for specific information within new and renewal orders. For example, orders from certain countries or containing certain words may be flagged.