Domain Validated Certificates
The purpose of the verification process for Domain Validated (DV) Certificates is to confirm that the person applying for the SSL
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the Internet.[1] TLS and SSL encrypt the segments of network connections at the Application Layer for the Transport Layer, using asymmetric cryptography for key exchange, symmetric encryption for confidentiality, and message authentication codes for message integrity. certificate is the same person who owns the domain name and website.
Domain Validation is applicable to the following SSL Certificates:
- GeoTrust Quick SSL Premium DV SSL Certificate SSL Certificates are created for a particular server and domain, and are issued by trusted, third-party Certificate Authority (CA) - comparable to your passport. As the Certification Authority, the SSL Certificate vendor authenticates the identity of the purchaser and verifies the business that owns the domain.
- GeoTrust Quick SSL Premium DV Multi-Domain SSL Certificate w/ 4 SAN The Subject Alternative Names (SAN) extension allows one SSL certificate to be used to secure one Web server with multiple names (such as a different DNS name, IP address or URI).
- Thawte DV Multi-Domain SSL Certificate w/ 2 SAN
- Thawte DV Wildcard SSL It is possible for a web hosting company to share a single SSL certificate - this allows the same SSL certificate to be used by many websites without the need to issue individual SSL certificates to each hosting customer. This allows the unlimited use of different sub domains on the same domain name. The Wildcard certificate allows the webhosting company to give each customer a secure sub domain, such as customer1.mydomain.ca, customer2.mydomain.ca, etc. The same can be applied for organizations wanting to secure multiple sub domains within the enterprise network. Certificate
- Sectigo DV SSL Certificate
- Sectigo PositiveSSL DV SSL Certificate
- Sectigo PositiveSSL DV Wildcard SSL Certificate
- Rapid SSL DV Wildcard SSL Certificate
- Rapid SSL DV SSL Certificate
Two verification steps are performed for Domain Validated Certificates
- Confirmation that the Domain Name A domain name is an identification string that defines a realm of administrative autonomy, authority, or control on the Internet. Domain names are formed by the rules and procedures of the Domain Name System (DNS). for the certificate is already registered
- Confirmation that you have control over the Domain Name
Verification of domain control will be performed using either email or DNS The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. A Domain Name Service resolves queries for these names into IP addresses for the purpose of locating computer services and devices worldwide. By providing a worldwide, distributed keyword-based redirection service, the Domain Name System is an essential component of the functionality of the Internet. record, based on the method you selected during Configuration in Step Two.
Validation via Email
|
Notice of Deprecation: Email Address for DCV SSL Certificate Verification Please note this important change in the domain control validation (DCV) process for SSL/TLS Deprecation Date: Starting January 15, 2025, email addresses from WHOIS lookups will no longer be accepted for DCV. Alternative Methods: Constructed/generic email addresses (e.g. admin@ hostmaster@ etc) will continue to be available for use, however we recommend transitioning to alternative DCV methods such as DNS TXT records. Existing Validations: Existing domain validations using WHOIS email addresses will remain valid until July 15, 2025, but must be re-validated using non-WHOIS methods before this date. Impact: Failure to re-validate domains using accepted methods will result in the inability to issue or renew SSL/TLS certificates. |
The Certificate Authority (CA) (which includes GeoTrust, RapidSSL, Digicert, etc) will send the verification email address selected during the Configuration process an Approval Email The validation processes of many SSL Certificates utilize an Approval Email process, by which the validity of the order is first established. The initial email address which is selected for this process is taken from the admin email address of the domain as per a WHOIS lookup. It is therefore important that the true admin email address not be obscured by a 3rd-party domain privacy service., which must be reviewed and the instructions followed.
Once approval has been given via the instructions Email, the Certificate Authority will proceed to the next step of issuing the SSL Certificate.
If this Approval email is not received or is lost, the Reissuance process can be utilized to re-initiate the Approval process. Please refer to the Reissuance section of this document.
Validation via DNS Record
Querying for the DNS Record
The Certificate Authority (CA - GeoTrust, Symantec,Sectigo etc) will check for the existence of the required DNS record on a schedule of decreasing frequency. Initial queries for the existence of the Record occur every few minutes, followed by every half hour, hour and then several hours.
Once the required DNS record has successfully located, the Certificate Authority will proceed to the next step of issuing the SSL Certificate.
Reference
GeoTrust: https://knowledge.digicert.com/solution/domain-approval-methods.html
Rapid SSL: https://help.rapidsslonline.com/support/solutions/articles/22000218602-domain-validated-dv-
Sectigo:https://sectigo.com/knowledge-base/product/Domain_Validated_DV_Certificates