What is the validation process after purchasing an SSL certificate?

After purchasing an SSL certificate from Total Server Solutions, it must be validated before it is issued. This validation process varies depending on the type of certificate purchased. The validation is performed by the certificate issuer (Comodo, GeoTrust, or Globalsign). Listed below are the different types of certificates we offer, and the validation steps required for each.

 

DOMAIN VALIDATED CERTIFICATES

Domain-validated certificates only verify that you own your domain name, and do not perform ANY validation on your business or organization. Brands of domain-validated certificates include RapidSSL, EssentialSSL, QuickSSL, and the Free SSL included with our Professional and Enterprise shared hosting plans. These certificates usually take no more than a business day to be issued.

In order to validate this type of certificate, the Domain Control Validation (DCV) process must be completed. An email is sent from the SSL issuer to an email address associated with the domain name.  A link is included in the email that must be clicked, and an "approve" or "accept" button must be clicked in order to complete the DCV process.

You can learn more about Domain Control Validation and the email addresses that can be used by clicking here.

 

 

Note that ALL SSL certificates regardless of type must complete this DCV process before they are issued, including Organization and Extended Validation (EV) certificates.

 

ORGANIZATION VALIDATED CERTIFICATES

Organization-validated certificates not only verify that you own your domain name, but also perform several checks to ensure that your business or organization exists and is legitimate. Brands of organization-validated certificates include Comodo Multi-Domain SSL and GeoTrust True BusinessID. These certificates usually take between one and five business days to be issued.

In addition to the DCV process, the following additional validation steps are performed:

Step 1: Verify Identity and Address - This can be acquired using the following online resources:

If Applicant is an Organization (corporation, government agency, registered business entity, etc.):
The certificate issuer MUST verify Identity through one of the following (these may also be used to verify address if it's included):

A. A government agency in the jurisdiction of the Applicant’s legal creation, existence, or recognition;
B. A third party database that is periodically updated and considered a Reliable Data Source (see QIIS below);
C. A site visit by the Certificate Authority (CA) or a third party who is acting as an agent for the CA; or
D. An Attestation Letter.

QIIS (Qualified Independent Information Source)

www.dnb.com
www.hoovers.com
UK - http://www.companieshouse.gov.uk/

The certificate issuer MAY use the following to verify ADDRESS provided that identity has been verified as required above:

A. Articles of Incorporation (with address) 
B. Government Issued Business License (with address)
C. Copy of a recent company bank statement (you may blacken out the Account Number)
D. Copy of a recent company phone bill
E. Copy of a recent major utility bill of the company (i.e. power bill, water bill, etc.) or current lease agreement for the company

If the Applicant is an Individual:
The certificate issuer MUST obtain ALL of the following:

A. Copy of a valid driver's license or passport of the Applicant
B. Copy of a recent major utility bill (i.e. power bill, water bill, etc.) or bank statement of the Applicant
Note: If the Driver's License and Passport is not listing any address details or those details do not match with the account, then we need A. and 2 docs from B.

*Note:Recent=dated within the last 6 months

Step 2: WHOIS Verification (Registrant company name and address)

Step 3: Callback to a Verified Telephone Number (to verify applicant)

The phone number MUST be verified via one of the following:

A. Government database (QGIS)
B. Other third party database (QIIS)
C. Verified legal opinion or accountant letter.

Once the phone number is verified, validation staff will call the Applicant to verify the authenticity of the certificate request. Following successful completion of the elements above the certificate will be signed and released.

 

EXTENDED VALIDATION CERTIFICATES (EV)

Extended-validation (EV) certificates perform extended checks to ensure that your business or organization is legitimate. This extended validation process is indicated to your customers in their web browser with a "green bar", and by displaying information on your business. Brands of extended validation certificates include TSS SSL with EV upgrade and GeoTrust True BusinessID with EV. These certificates can take a week or longer to be issued.

ALL requirements for EV Certificates MUST be verified directly with the government registration authority, or a Qualified Independent Information Source, or via a legal opinion or accountant letter as applicable. The basic verification requirements are:

A. Verify Legal Existence and Identity
This entails verifying the organization registration directly with the incorporating or registration agency.

B. Verify Trade/Assumed Name as applicable.
Only applicable if company does business under a name which is different from the official name of their corporation. Trade name must be registered and verifiable.

C. Verify Operational Existence
This means that the certificate issuer must verify that the company is able to conduct business operations. Typically this means that the company has a current active demand deposit account with a regulated financial institution.

D. Verify Physical address and organization phone number

E. Verify Domain ownership

F. Verify the name, title, authority and signature of the person(s) involved in requesting the certificate and agreeing to the terms and conditions.

Please note that just as with all other certificate types, the DCV process must also be completed for EV certificates.

 

If you have any questions regarding the differences in certificate types, or the validation process required, please contact us at https://portal.my-tss.com/submitticket.php.

Reviewed 12/21/16

  • Email, SSL
  • 6 Users Found This Useful
Was this answer helpful?

Related Articles

How to Generate Private Key for SSL Certificate

How to Generate an SSL Key in cPanel: 1) Log into cPanel 2) Click on "SSL/TLS Manager": 3)...

How to Generate a Certificate Signing Request (CSR) using Cpanel

How to Generate a CSR: 1) Log into cPanel 2) Click on "SSL/TLS Manager": 3) Click on...

SSL Overview

So you want an SSL certificate but aren't sure where to start? Well this is a good place. Each of...

Install SSL through WHM

To install the SSL Certificate through your WHM you will need to log into WHM first.You will want...

Do you offer Private / Dedicated SSL Certificates?

Total Server Solution Hosting does offer Private / Dedicated SSL Certificates.There are many...