Validation Types Used When Obtaining SSL Certificates

АМ
Александр Мельников
September 26, 2019

Domain Validation (DV)

All certificates have to undergo the domain name validation process utilized to verify possession of a domain name.

There are 3 ways to check:

Email verification

You will receive an e-mail to the administrative mail box for your domain name. The letter will contain an one-of-a-kind verification code and a web link. By clicking the web link as well as getting in an one-of-a-kind code, you will certainly be confirmed.

Valid postal addresses:

  • admin @ <your domain>
  • administrator @ <your domain>
  • webmaster @ <your domain>
  • hostmaster @ <your domain>
  • postmaster @ <your domain>

The following domain verification methods are only available for Comodo certificates.

Checking with a DNS Record

The CSR you provide will be hashed. You will be provided with hash values, then enter your domain's DNS CNAME record.

The CNAME record format will look like this:

_<value of MD5 hash of CSR>.<ваш домен>. CNAME <value of SHA-256 hash of CSR>.[<uniqueValue>.]comodoca.com.

Notes:

  • the SHA-256 hash is separated by “.” (dot) into two labels, each 32 characters long;
  • to make the record completely correct, you must put a period at the end of the fully qualified domain name;
  • if you are ordering Multi-Domain Certificates, separate CNAME records must be created for each FQDN in your order.
  • the mnemonic name in the CNAME of the record for the domain with www, for which the certificate is ordered, must be without www (i.e. if your domain is www.example.com , then the record will be of the form: _<value of MD5 hash of CSR>.example. com.)

 

Example.

_09f7e02f1290be211da707a266f153b3.subdomain1.yourdomain.com. CNAME 3d874ab7b199418a9753111648448163.9eb1f2608f4da5aa3560154ca1b0df53.comodoca.com.
_9e107d9d372bb6826bd81d3542a419d6.subdomain2.yourdomain.com. CNAME 899826c9c46f25fc70ed08b5811dbb2b.ddf3e6b932e44c6a6a9dc5285057e9db.comodoca.com.
HTTP(S) validation

The CSR you provide will be hashed. You will be provided with hash values, next you need to create a text file and place it in the root directory of your site.

The file and its contents should be as follows:

  1. File URL:
    http://<your domain>/.well-known/pki-validation/<Upper case MD5 hash value>.txt
  2. Content:
    <SHA-256 hash value>
    comodoca.com

 

Notes:

  • validation will not be performed if there are redirects on the site;
  • check for /.well-known/ and /.well-known/pki-validation/ directories on the web server;
  • if you order a multi-domain certificate, each protected domain in the certificate must have a txt file in the root directory.
  • for www.example.com domains, verification goes through the URL without www (i.e. if you order a certificate for the www.example.com domain, then the file must be available at http(s)://example.com/.well-known/ pki-validation/<MD5 hash value in upper case>.txt)

 

Examples.

File name Content
subdomain1.yourdomain.com/.well-known/pki-validation/09F7E02F1290BE211DA707A266F153B3.txt 770423513bd0765c18e500000baec91976bcd8267a245437b32572665c6ac370 comodoca.com
subdomain2.yourdomain.com/.well-known/pki-validation/9E107D9D372BB6826BD81D3542A419D6.txt 87428fc522803d31065e7bce3cf03fe475096631e5e07bbd7a0fde60c4cf25c7 comodoca.com

example

Organization Validation (OV)

Step 1 Domain Check

The domain validation process is described in the previous paragraph.

Step 2 Organization Verification

Can be done in the following ways:

  • The certification center checks the existence of the company through the state register of organizations.
  • Public data registries such as: Duns & Bradstreet, Hoovers, Companies House GOV.UK, Lursoft.lv
  • Address verification can be done with one of the following documents:
    • charter of the organization (with address);
    • government-issued business license (with address);
    • a copy of the company's account statement for the last 6 months; (you can specify the account number)
    • a copy of the company's telephone bill for the last 6 months;
    • a copy of the company's utility bill (ie electricity, water, etc.) for the last 6 months or the current lease for the company.
  • Notarized letter (Legal Opinion Letter)

 

Step 3 Callback

Employees of the certificate authority (usually a robot) call to confirm the authenticity of the certificate request and complete the validation process.
Upon successful completion of all steps, the certificate will be signed and issued.

Extended Validation (EV)

Step 1 Filling out the forms of certification centers

The center will send you special forms to fill out.

Step 2 Organization Verification

The organization validation process is described in clause OV.

Step 3 Domain Check

The domain validation process is described in clause DV.

Step 4 Callback

The certification authority calls to validate the authenticity of
the certification demand and also complete the recognition process. Upon successful conclusion of all steps, the certification will be authorized and also released.

Collections of SSL certificates: DV certificate for domain , EV green line certificate , WC certificate for subdomains , SAN multi-domain certificate .

Start your cloud journey? Take the first step right now.