Validation Types Used When Obtaining SSL Certificates
Domain Validation (DV)
All certificates have to undergo the domain name validation process utilized to verify possession of a domain name.
There are 3 ways to check:
You will receive an e-mail to the administrative mail box for your domain name. The letter will contain an one-of-a-kind verification code and a web link. By clicking the web link as well as getting in an one-of-a-kind code, you will certainly be confirmed.
Valid postal addresses:
- admin @ <your domain>
- administrator @ <your domain>
- webmaster @ <your domain>
- hostmaster @ <your domain>
- postmaster @ <your domain>
The following domain verification methods are only available for Comodo certificates.
Checking with a DNS Record
The CSR you provide will be hashed. You will be provided with hash values, then enter your domain's DNS CNAME record.
The CNAME record format will look like this:
_<value of MD5 hash of CSR>.<ваш домен>. CNAME <value of SHA-256 hash of CSR>.[<uniqueValue>.]comodoca.com.
- the SHA-256 hash is separated by “.” (dot) into two labels, each 32 characters long;
- to make the record completely correct, you must put a period at the end of the fully qualified domain name;
- if you are ordering Multi-Domain Certificates, separate CNAME records must be created for each FQDN in your order.
- the mnemonic name in the CNAME of the record for the domain with www, for which the certificate is ordered, must be without www (i.e. if your domain is www.example.com , then the record will be of the form: _<value of MD5 hash of CSR>.example. com.)
|_09f7e02f1290be211da707a266f153b3.subdomain1.yourdomain.com. CNAME 3d874ab7b199418a9753111648448163.9eb1f2608f4da5aa3560154ca1b0df53.comodoca.com.|
|_9e107d9d372bb6826bd81d3542a419d6.subdomain2.yourdomain.com. CNAME 899826c9c46f25fc70ed08b5811dbb2b.ddf3e6b932e44c6a6a9dc5285057e9db.comodoca.com.|
The CSR you provide will be hashed. You will be provided with hash values, next you need to create a text file and place it in the root directory of your site.
The file and its contents should be as follows:
- File URL:
http://<your domain>/.well-known/pki-validation/<Upper case MD5 hash value>.txt
<SHA-256 hash value>
- validation will not be performed if there are redirects on the site;
- check for /.well-known/ and /.well-known/pki-validation/ directories on the web server;
- if you order a multi-domain certificate, each protected domain in the certificate must have a txt file in the root directory.
- for www.example.com domains, verification goes through the URL without www (i.e. if you order a certificate for the www.example.com domain, then the file must be available at http(s)://example.com/.well-known/ pki-validation/<MD5 hash value in upper case>.txt)
Organization Validation (OV)
Step 1 Domain Check
The domain validation process is described in the previous paragraph.
Step 2 Organization Verification
Can be done in the following ways:
- The certification center checks the existence of the company through the state register of organizations.
- Public data registries such as: Duns & Bradstreet, Hoovers, Companies House GOV.UK, Lursoft.lv
- Address verification can be done with one of the following documents:
- charter of the organization (with address);
- government-issued business license (with address);
- a copy of the company's account statement for the last 6 months; (you can specify the account number)
- a copy of the company's telephone bill for the last 6 months;
- a copy of the company's utility bill (ie electricity, water, etc.) for the last 6 months or the current lease for the company.
- Notarized letter (Legal Opinion Letter)
Step 3 Callback
Employees of the certificate authority (usually a robot) call to confirm the authenticity of the certificate request and complete the validation process.
Upon successful completion of all steps, the certificate will be signed and issued.
Extended Validation (EV)
Step 1 Filling out the forms of certification centers
The center will send you special forms to fill out.
Step 2 Organization Verification
The organization validation process is described in clause OV.
Step 3 Domain Check
The domain validation process is described in clause DV.
Step 4 Callback
The certification authority calls to validate the authenticity of
the certification demand and also complete the recognition process. Upon successful conclusion of all steps, the certification will be authorized and also released.