Více

Validation

  • What is validation process for issuing an SSL certificate?

    The procedures are different and depend on certificate validation type (DV, OV or EV).

    After ordering it is necessary to send the CSR file that contains encrypted information about the customer.

    DV - domain verification, after filling the data in the wizard SSL, you will receive a link with the code for approval. Mail is sent to the address of the domain for which the certificate is issued, eg admin@example.com, webmaster@example.com. For some certificates are also available alternative methods of validation, which inform the assistant SSL.

    OV - The entity data contained in the CSR must be consistent with the data in the official databases. Verification entity may consist of several stages and is dependent on the certificate issuer and the entity that is applying for a certificate.

    1. Domain Verification by checking domain ownership and sending a code for verification.

    2. Verification of the data in the governmental databases. 

    3. In some cases, verification by an external entity along with a written confirmation of the existence of the entity applying for an SSL certificate or paper application along with the documents of the entity applying for a certificate.

    4 Verification with popular telephone books in the country along with telephone confirmation of the data.

    For EV certificates is required to send the agreement along with the application for an SSL certificate.

  • What do the different validations mean?

    DV certificates (Domain Validation) are issued in a very short time. Verification of the data needed is done remotely. Details of certified organization are not verified and displayed.

    OV certificates (Organization Validation) display the details of verified organization that owns the SSL certificate.

    EV certificates (Extended Validation) is a special type of SSL certificates with an extended validation. Websites with domains protected by EV certificates show the full verification of the entity by changing the color of the address bar (to green). Visitors can be sure that transactions on the secured website are safe and trustworthy.

  • Which validation is right for me?

    Before you choose a validation type, consider what kind of benefits (except encryption) a certificate should offer your site.

     

    Owners of smaller scale websites that treat securing data transfers as the most important issue will probably decide to install a DV certificate.

     

    However when the service should inform clearly: who the owner of the site is, which organization is responsible for securing it, and the legality of the business – the best validation at a  minimum is OV.

     

    For large websites that transfer sensitive data – banking systems, government sites, or health care services – EV validation is recommended. It is the most time consuming validation process because it verifies all the relative details about the named company. After the EV application process is complete, the website operates with an exclusive SSL certificate showing the name of the website owner. Additionally, the address bar of a EV secured websites changes to a shade of green which gives visual confirmation to the user that the website is encrypted and it is now safe to share personal/financial information.

  • Why do you ask for documentation before the application?

    Strong validation is essential for e-commerce growth. Before issuing a SSL we check that the applicant owns or has legal rights to the domain name and is a legal entity. 

  • Methods of Domain Validation
    All standard SSL certificates (DV, OV, EV) must pass through domain validation before the SSL certificate will be issued. Domain Validation (DV) proves ownership and control of registered name.
     
    Methods of validation:
     

    1. E-mail

    A message with a link and a verification code will be sent to one of the administrative e-mail addresses in the domain for which the certificate is being processed. Clicking on the link and entering the code will confirm the management of the domain and the certificate will be issued. The available address names are admin @ administartor@, hostmaster@, postmaster@, and webmaster@.
    The addresses mentioned are imposed by the issuer and cannot be changed. In the case of some domains that provide an e-mail address in the WHOIS database, it is possible to select this address. It is then on the list to choose from. Unable to enter any e-mail address.
     

    2. DNS TXT

    • DIGICERT / GEOTRUST / RAPID / THAWTE

    Download the generated token and enter it in the DNS zone of the certified domain as a TXT record. We always add the record for the base domain and choose the shortest TTL. The token is valid for 30 days, after which it is reset and you should contact support for reissue. Depending on the hosting service provider, always enter the token string in the "value" field or its equivalent, leave the "address" / "host" / "record" field blank.

    • CERTUM
    In the case of a Certum certificate, the DNS TXT record is sent to the e-mail address provided in the CSR. The sent e-mail message contains a detailed instruction on how to execute it, a token and a verification link. After adding the TXT record to the DNS zone, wait a while and click the link from the email. Then click the "verify" button and then "refresh". If everything is correct, a confirmation message will appear. The e-mail received is valid for 7 days.
     

    3. FILE

    • DIGICERT / GEOTRUST / RAPID / THAWTE

    Create a fileauth.txt file, the content of which will contain the downloaded token. Put the value of the given file in accordance with the received path, so that it is visible on the Internet. Download fileauth.txt and place it in the location:
    [http(s)://yourdomain.com]/.well-known/pki-validation/fileauth.txt]

    • CERTUM

    In the case of a Certum certificate, the data regarding the file method are sent to the email address provided in the CSR. The sent e-mail contains detailed instructions on how to implement it, a token and a verification link. After adding the file at the address provided in the e-mail:
    yourdomainname.TLD / .well-known / pki-validation / certum.txt
    the content of which must include the activation code received in the email For example:
    e2dd8ae07f0b7005545b8b6252320f0c60a96a620332a0fa7a77f267a063eb0-certum.pl
    click on the link from the email. Then click the "verify" button and then "refresh". If everything is ok, information about positive verification will appear. The received e-mail is valid for 7 days.

    • SECTIGO / SUPERFAST SSL / DOMENY SSL
    We have a choice of two HTTP / HTTPS protocols, choose one of them and create a file with a specific name, e.g. 880E9D1268FE4185F2CB17B7FE29A74F.txt (copy from the panel) and put it under the given path, e.g.

    http://yourdomain.tld/.well-known/pki-validation/880E9D1268FE4185F2CB17B7FE29A74F.txt or https://yourdomain.tld/.well-known/pki-validation/880E9D1268FE4185F2CB17B7FE29A74F.txt

    The FULL content of the file must be displayed at the address, without additional whitespace, e.g.

    2A911C4BB2FE93527A565E79A1AA0E0AA158B04C63B9FDCBBAB0358F7367F1C1
    sectigo.com
    a9dsd12gou5hzdj8f09b

    4. DNS CNAME

     
    The hashes are as:<MD5 hash of CSR>.yourdomain.com.  CNAME  <SHA1 hash of CSR>.companyca.com.Note: Fullstops after each domain name is required to make the entry fully-qualified.
     >

    5. HTTP

    CA hashes your CSR and the hashed values are provided to you. You must create a simple text file and place it on your server and served just over HTTP.
     
    The file should be:
    http://yourdomain.com/<Upper Case MD5 hash of CSR>.txt. Content:<SHA1 hash of CSR>
    your_ca.com
     
    Note: Serving the page over HTTPS or HTTP 302 will fail. Please use only HTTP for this procedure.