Domain Validated Certificates

The purpose of the verification process for Domain Validated (DV) Certificates is to confirm that the person applying for the SSL SSL is an acronym for Secure Sockets Layer. It is used for securely transmitting data via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message. Many websites, including those that utilize ecommerce or facilitate banking transactions use the protocol to transmit confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with https: instead of http: certificate is the same person who owns the domain name and website.

Domain Validation is applicable to the following SSL Certificates:

• GeoTrust Quick SSL Premium DV SSL Certificate SSL Certificates are created for a particular server and domain, and are issued by trusted, third-party Certificate Authority (CA) - comparable to your passport. As the Certification Authority, the SSL Certificate vendor authenticates the identity of the purchaser and verifies the business that owns the domain.
• GeoTrust Quick SSL Premium DV Multi-Domain SSL Certificate w/ 4 SAN The Subject Alternative Names (SAN) extension allows one SSL certificate to be used to secure one Web server with multiple names (such as a different DNS name, IP address or URI).
• Thawte DV Multi-Domain SSL Certificate w/ 2 SAN
• Thawte DV Wildcard SSL It is possible for a web hosting company to share a single SSL certificate - this allows the same SSL certificate to be used by many websites without the need to issue individual SSL certificates to each hosting customer. This allows the unlimited use of different sub domains on the same domain name. The Wildcard certificate allows the webhosting company to give each customer a secure sub domain, such as customer1.mydomain.ca, customer2.mydomain.ca, etc. The same can be applied for organizations wanting to secure multiple sub domains within the enterprise network. Certificate
• Sectigo DV SSL Certificate
• Sectigo PositiveSSL DV SSL Certificate
• Sectigo PositiveSSL DV Wildcard SSL Certificate
• Rapid SSL DV Wildcard SSL Certificate
• Rapid SSL DV SSL Certificate

Two verification steps are performed for Domain Validated Certificates

1. Confirmation that the Domain Name for the certificate is already registered
2. Confirmation that you have control over the Domain Name

Verification of domain control will be performed using either email or DNS record, based on the method you selected during Configuration in Step Two.

Validation via Email

Notice of Deprecation: Email Address for DCV SSL Certificate Verification Please note this important change in the domain control validation (DCV) process for SSL/TLS TLS is short for Transport Layer Security. The TLS protocol is designed to one day supersede the SSL protocol, however at present few organizations use it instead of SSL. certificates. Effective January 15, 2025, the use of email addresses obtained via WHOIS for DCV will be deprecated. This change is in compliance with the CA/Browser Forum's Ballot SC-80v3, which mandates the discontinuation of WHOIS-based email DCV methods. Deprecation Date: Starting January 15, 2025, email addresses from WHOIS lookups will no longer be accepted for DCV. Alternative Methods: Constructed/generic email addresses (e.g. admin@ hostmaster@ etc) will continue to be available for use, however we recommend transitioning to alternative DCV methods such as DNS TXT records. Existing Validations: Existing domain validations using WHOIS email addresses will remain valid until July 15, 2025, but must be re-validated using non-WHOIS methods before this date. Impact: Failure to re-validate domains using accepted methods will result in the inability to issue or renew SSL/TLS certificates.

The Certificate Authority (CA) (which includes GeoTrust, RapidSSL, Digicert, etc) will send the verification email address selected during the Configuration process an Approval Email The validation processes of many SSL Certificates utilize an Approval Email process, by which the validity of the order is first established. The initial email address which is selected for this process is taken from the admin email address of the domain as per a WHOIS lookup. It is therefore important that the true admin email address not be obscured by a 3rd-party domain privacy service., which must be reviewed and the instructions followed. 

Once approval has been given via the instructions Email, the Certificate Authority will proceed to the next step of issuing the SSL Certificate.

If this Approval email is not received or is lost, the Reissuance process can be utilized to re-initiate the Approval process. Please refer to the Reissuance section of this document.

See also: Issuance

Validation via DNS Record

Querying for the DNS Record

The Certificate Authority (CA - GeoTrust, Symantec,Sectigo etc) will check for the existence of the required DNS record on a schedule of decreasing frequency. Initial queries for the existence of the Record occur every few minutes, followed by every half hour, hour and then several hours.

Once the required DNS record has successfully located, the Certificate Authority will proceed to the next step of issuing the SSL Certificate.

See also: Issuance

Reference

GeoTrust:   https://knowledge.digicert.com/solution/domain-approval-methods.html

 

Rapid SSL: https://help.rapidsslonline.com/support/solutions/articles/22000218602-domain-validated-dv-

Sectigo:https://sectigo.com/knowledge-base/product/Domain_Validated_DV_Certificates