Domain Validated Certificates

The purpose of the verification process for Domain Validated (DV) Certificates is to confirm that the person applying for the SSL certificate is the same person who owns the domain name and website.

Domain Validation is applicable to the following SSL Certificates:

• GeoTrust Quick SSL Premium DV SSL Certificate
• GeoTrust Quick SSL Premium DV Multi-Domain SSL Certificate w/ 4 SAN
• Thawte DV Multi-Domain SSL Certificate w/ 2 SAN
• Thawte DV Wildcard SSL Certificate
• Sectigo DV SSL Certificate
• Sectigo PositiveSSL DV SSL Certificate
• Sectigo PositiveSSL DV Wildcard SSL Certificate
• Rapid SSL DV Wildcard SSL Certificate
• Rapid SSL DV SSL Certificate

Two verification steps are performed for Domain Validated Certificates

1. Confirmation that the Domain Name for the certificate is already registered
2. Confirmation that you have control over the Domain Name

Verification of domain control will be performed using either email or DNS record, based on the method you selected during Configuration in Step Two.

Validation via Email

Notice of Deprecation: Email Address for DCV SSL Certificate Verification Please note this important change in the domain control validation (DCV) process for SSL/TLS certificates. Effective January 15, 2025, the use of email addresses obtained via WHOIS for DCV will be deprecated. This change is in compliance with the CA/Browser Forum's Ballot SC-80v3, which mandates the discontinuation of WHOIS-based email DCV methods. Deprecation Date: Starting January 15, 2025, email addresses from WHOIS lookups will no longer be accepted for DCV. Alternative Methods: Constructed/generic email addresses (e.g. admin@ hostmaster@ etc) will continue to be available for use, however we recommend transitioning to alternative DCV methods such as DNS TXT records. Existing Validations: Existing domain validations using WHOIS email addresses will remain valid until July 15, 2025, but must be re-validated using non-WHOIS methods before this date. Impact: Failure to re-validate domains using accepted methods will result in the inability to issue or renew SSL/TLS certificates.

The Certificate Authority (CA) (which includes GeoTrust, RapidSSL, Digicert, etc) will send the verification email address selected during the Configuration process an Approval Email, which must be reviewed and the instructions followed. 

Once approval has been given via the instructions Email, the Certificate Authority will proceed to the next step of issuing the SSL Certificate.

If this Approval email is not received or is lost, the Reissuance process can be utilized to re-initiate the Approval process. Please refer to the Reissuance section of this document.

See also: Issuance

Validation via DNS Record

Querying for the DNS Record

The Certificate Authority (CA - GeoTrust, Symantec,Sectigo etc) will check for the existence of the required DNS record on a schedule of decreasing frequency. Initial queries for the existence of the Record occur every few minutes, followed by every half hour, hour and then several hours.

Once the required DNS record has successfully located, the Certificate Authority will proceed to the next step of issuing the SSL Certificate.

See also: Issuance

Reference

GeoTrust:   https://knowledge.digicert.com/solution/domain-approval-methods.html

 

Rapid SSL: https://help.rapidsslonline.com/support/solutions/articles/22000218602-domain-validated-dv-

Sectigo:https://sectigo.com/knowledge-base/product/Domain_Validated_DV_Certificates