SSL Certificate validation process

What is validation?

It is the process during which Certification Authority verifies accuracy and authenticity of the information that will be specified in the SSL certificate. The duration of validation and the documents required may vary depending on the type of certificate. 

Domain Control Validation (DCV)

DCV is the fastest way to receive SSL certificate both for business and private customers. No paper documents, calls or other information is required during DCV as it happens online. The validation process is fast and easy: you will be sent an email to which you should either reply or follow a link sent in it. 


Basic validation

During basic domain validation the customer receives an email with a unique validation code and a link. To confirm that you own the domain follow the link and enter the code. 

The customer can choose where the validation email shall be sent from the following standard domain addresses for which the certificate is being issued: admin@, administrator@, postmaster@, hostmaster@, webmaster@. 

Alternative validation methods (only Comodo certificates)

HTTP-based DCV. The CSR (certificate signing request) that is sent to Comodo, is encrypted in a unique code. This code is provided to the customer, after which it is necessary to create a text file and place it in the web root of the site for which the certificate is purchased. 

DNS CNAME validation. The CSR that is sent to Comodo, is encrypted in a unique code. This code should be added to DNS zone as CNAME-note for the domain itself. 

Alternative validation methods (Others)

HTTP-based validation. The CSR that is sent to the Certification Authority is encrypted in a unique code. This code is provided to the customer after which it is necessary to create a text file and place it in the web root of the site for which the certificate is purchased.


Business validation (BV)

For BV it is necessary to perform domain check validation and to send company documents for identification. BV is performed manually and takes several work days. This validation type is recommended for officially registered online business. 

Step 1 – Checking the domain

The checking process is fast and easy – after receiving the email with instructions you should either follow the link or reply to it. 

Step 2 – Presenting business documents

It is required to send the company documents to the Certification Authority by post, fax or email as PDF attachments. If the certificate is ordered for a commercial organization, one of the following documents should be added: company`s statute, business licenses, company number in Dun & Bradstreet

Step 3 – Checking contact information

To finalize the validation process, the Certification Authority makes a test call to the company. Usually, the phone number found in the open sources is used for the call.


Extended Validation (EV)

For EV it is necessary to perform domain check and to send company documents for identification. EV is performed manually and takes at least several work days. This validation type is recommended for officially registered online business that wishes to enhance its reputation using the green address bar.

Step 1 – Checking the domain  

The checking process is fast and easy – after receiving the email with instructions you should either follow the link or reply to it. 

Step 2 – Presenting business documents

It is required to send the company documents to the Certification Authority by post, fax or email as PDF attachments. If the certificate is ordered for a commercial organization, one of the following documents should be added: company`s statute, business licenses, company number in Dun & Bradstreet.

Step 3 – Presenting documents for EV

EV SSL Subscriber Agreement and the certificate request form should be sent to the Certification Authority. This process will take longer but the results are worth waiting. 

Documents for Comodo Certification Authority:

Certificate Request Form, EV SSL Agreement

Step 4 – Checking contact information 

To finalize the validation process, the Certification Authority makes a test call to the company. Usually, the phone number found in the open sources is used for the call.