SSL Certificate Validation Requirements | SSL.com

SSL Certificate Validation Requirements

Expedite issuance while maintaining SSL.com certificate compliance

Overview

SSL certificates represent the underpinnings of trust in most Web and Internet transactions. As such, there is great responsibility for globally trusted certificate authorities like SSL.com to perform accurate but timely validation checks so that legitimate entities can continue to operate in a secure and trusted manner.

Validation Types

Depending on which SSL.com certificate is issued, different validation requirements need to be met in order for all parties to maintain strict adherence to SSL.com's Certification Practices Statement. At minimum, the customer (or subscriber) will be required to validate domain control by responding to an email sent to a predetermined email address. The customer purchasing the SSL.com certificate may be required to submit validation artifacts and documents attesting to the ownership of or authorization to represent the original entity who registered the domain name listed as the subject in the ssl certificate.

Domain Control Validation
applies to certificates
Free SSL
validation level
minimal
description
An email from SSL.com Validation Services is sent to a predetermined email address associated with the domain name represented by the ssl certificate. A user with access to the email address then clicks on a link embedded within the email. This will confirm that the customer or authorized party has control of the domain name. Click here to learn what email address choices can be used.
Organization Validation
applies to certificates
High Assurance SSL, Multi-subdomain Wildcard SSL, Multi-domain UCC SSL
validation level
high assurance
description
To supplement domain control validation, high assurance validation utilizes supporting documentation to provide additional assurance that the customer owns or is authorized to represent the organization listed as the owner of the domain. The documents can be submitted through each SSL.com certificate's order page or through the the SSL.com RESTful API. The accepted documents are as follows:
  • Articles of Association
  • Business License
  • Certificate of Compliance
  • Certificate of Incorporation
  • Certificate of Authority to Transact Business
  • Tax Certification
  • Corporate Charter
  • Official letter from an authorized representative of a government organization
  • Official letter from office of Dean or Principal (for Educational Institutions)
Extended Validation
applies to certificates
Enterprise EV SSL, Enterprise EV Multi-domain UCC SSL
validation level
highest standard
description
Extended validation ssl certificate represent the highest in security standards for SSL.com. EV SSL certificates that have gone through the extended validation progress display the browser address bar with a green background. In addition to using domain control and organization validation, extended validation requires that an authorized signer submit a completed EV SSL request form which can be found below:
  • Full EV Authorization Form (click here to download form Pdf icon)
    This form of the EV Request should be used when more than one individual are acting in the roles of Certificate Requester, Certificate Approver and Contract (Subscriber Agreement) Signer.)
  • Simplified EV Authorization Form (click here to download form Pdf icon)
    This form should be used if one person is to act in all three roles, Certificate Requester, Certificate Approver and Contract (Subscriber Agreement) Signer.