Validation Process for OV & EV SSL Certificate

Apr 20, 2023

What Happens After You Purchased a OV & EV SSL Certificate

After you've purchased OV/EV SSL, follow the below steps to activate and implement HTTPS on your website or device.
  1. Enroll the SSL in your HTTPS.IN account.
  2. Complete DCV (Domain Control Validation)
  3. Complete the company verification process.
  4. Install the SSL on your Webserver.
In this knowledge base, we will discuss various domain control validation (choose anyone) & company verification process for OV/EV SSL certificates to get issued.

Company Verification:

The company/organization's validation process requires the CA to verify its current and legitimate registration in corporate registries and ensure that it is not listed in any anti-terrorism databases, fraud, phishing, or government-restricted entities.

Furthermore, the CA ensures that the organization that requests a certificate is the same organization that will receive it.

The following are the available options to validate a company.

Option A (Most popular):
Conduct legal existence checks through public government databases by using the company name or unique identification number such as a registration number. For example MCA (Ministry of Corporate Affairs) Database.

Option B:
Verify the company through public third-party databases such as Duns & Bradstreet, Hoovers, Justdial, Google Business Profile, etc.

Option C:
Confirm the company address by providing one of the following documents: Articles of Incorporation (with address), Partnership Deed in case of Partnership firm, Government Issued Business License (with address), Copy of a recent company bank statement (you may blacken out the Account Number), Copy of a recent company phone bill, Copy of a recent major utility bill of the company (such as power bill, water bill, etc.) or current lease agreement for the company.
Note:
  1. For Government organizations, CA checks the listing in https://igod.gov.in/.
  2. For Co-Operative Banks, CA verifies registration with RBI by sending an email
Call Verification Process
The ultimate step includes a call back procedure. SSL vendors use an automated call back system to validate OV/EV SSL, in which their team contacts the verified phone number and provides a verification code.

The CA verifies the organization's phone number by checking reliable directories like Google Business, DUNs & Bradstreet, etc., and making a call to the listed number.

If they can't reach anyone, an email may be sent to schedule a call back.

Additional Step for EV SSL Certificate:
After the customer complete the above-mentioned validation process, the SSL Vendor (Sectigo or DigiCert Family) will send an email approving the EV to the certificate's point of contact. When it is approved, the certificate will be issued.

Domain Control Validation (DCV) Methods

Email Validation:
When an organization or domain receives an initial request, an automated email requesting authorization will invariably be dispatched to the email contacts registered in the whois database. eg.  abc@gmail.com

Also, they will send the domain verification email along with above mentioned constructive email addresses:
  1. admin@domain.com
  2. administrator@domain.com
  3. webmaster@domain.com
  4. hostmaster@domain.com
  5. postmaster@domain.com
By utilizing the provided emails, you have the ability to endorse the certificate in a matter of seconds by following the instructions enclosed within.

DNS Verification:
If you don't have the above email addresses you can go with DNS TXT OR CNAME record creation to complete the domain validation process.
To complete domain verification using DNS, you'll need to add a CNAME or TXT record depending on your SSL vendor (Sectigo or DigiCert Family). The new record must be publicly visible using an online DNS lookup tool before your certificate can be issued. It may take 24-48 hours for your record to propagate, which is outside our control.

CNAME Record for Sectigo (formerly Comodo) certificates:
  1. Log in to your domain's hosting Control Panel 
  2. Select DNS Zone Manager. 
  3. Create a new CNAME Record with the unique values from your certificate enrolment page.
  4. Set TTL to 3600 or set it to default and save. 
  5. Wait for the record to propagate.
If this method does not work, you can opt for an alternative verification method by selecting "Change Approver Method" on your Certificate Enrolment page.

TXT Record for DigiCert/Symantec/Thawte/GeoTrust/RapidSSL certificates:
  1. Log in to your domain's hosting Control Panel 
  2. Select DNS Zone Manager
  3. Create a new TXT Record with the unique value from your Certificate Enrolment Page 
  4. Set TTL to 3600 or set to default and save.
  5. Wait for the record to propagate. 
If this method does not work, you can opt for an alternative verification method by selecting "Change Approver Method" on your Certificate Enrolment page.

How to Check if Your Record is Ready!
  1. Check if your CNAME record is validated using a DNS lookup tool like https://www.whatsmydns.net/. Enter the value from your Host Name field and select CNAME. If the "Points To" value is displayed with green check marks, your CNAME record is propagated, and your SSL should be issued soon.
  2. To check if your TXT record has propagated, use a DNS record lookup tool such as  https://www.whatsmydns.net.  Input your domain and select TXT from the drop-down menu, then hit “Search”. If you can see your TXT record’s unique value with green check marks, your TXT record is propagated, and your SSL should be issued soon.
HTTP/HTTPS File Verification:
To use the file-based method for SSL certificate validation, you need to place the unique verification file at a specific URL. Follow the steps below:
  1. Create a folder titled ".well-known" in your server's public or home directory.
  2. Generate a new folder called "pki-validation" under the "well-known" directory.
  3. place the distinct text file that you downloaded from your Certificate Enrolment page into the folder named "pki-validation". This ensures that the file is properly validated.
Example:
domain.com/.well-known/pki-validation/[a unique file name].txt
If this method does not work, you can opt for an alternative verification method by selecting "Change Approver Method" on your Certificate Enrolment page.




Have any Questions

Call HTTPS

If you have any questions, feel free to call us