Website Security Solutions | Latest Guides | Blog

The Domain Verification check for an Extended Validation SSL Certificate is a fairly straightforward one—it’s just like the one performed for DV and OV. The Certificate Authority simply confirms that your company owns the registered domain.

Completing Domain Verification

The first way that the Certificate Authority will try to verify that your company owns the domain in question is to check Who.is . Who.is, is a database that displays domain registrar information. Unfortunately, the EU’s GDPR has closed many of the WHOIS books and made it more difficult to perform this check.

However, some registrar’s WHOIS data is still visible and in use. If the CA is able to locate an email address from the WHOIS, they’ll send an email to that address. Once the steps listed in the email have been completed, you’ve satisfied this requirement.



Domain Confirmation Email

You can have the email sent to one of these five pre-approved alias emails:

  • Admin@yourdomain.com
  • Administrator@yourdomain.com
  • Webmaster@yourdomain.com
  • Hostmaster@yourdomain.com
  • Postmaster@yourdomain.com



File-Based Authentication

The CA provides you with a text file that contains a unique value. You just need to add 2 sub-folders to the publicly accessible directory for your domain and then put the text-file into those folders.

  • Folder #1: Must be named exactly “.well-known”
  • Folder #2: Must be created inside of Folder #1 and named exactly “pki-validation”

The goal of this validation method is to see the contents of your text file when you navigate to the following URL in your browser:
http:// yourdomain.com/.well-known/pki-validation/unique_filename.txt

Once the file is publicly accessible, the CA’s system will detect the file and issue out your certificate!
They check roughly every 30 minutes, if you do not get validated after the file is live for some time please contact our support team.



DNS CNAME-Based Authentication (Comodo)

Comodo will provide you with two unique hash values that will make up your CNAME record. You must use the following format:

  • Hostname Value: unique_value_1.yourdomain.com
  • Points To Value: unique_value_2.comodoca.com

Once the CNAME record is publicly visible, Comodo’s system will detect the CNAME record and use it to satisfy the Domain Validation requirement.



DNS TXT-Based Authentication (GeoTrust/Thawte/RapidSSL/DigiCert)

The CA provides you with a unique value that you will input into your DNS settings as a TXT record. The TXT record must use the following format:

  • The Host Name Value: Left blank or insert the @ symbol.
  • The TXT Value: The unique value as given by the CA.



Legal Opinion Letter

You can also get a Legal Opinion Letter, sometimes call a Professional Opinion Letter or POL. This is a document in which an Attorney or Accountant (that is licensed and in good standing with the governing body in your location) vouches for your company’s legitimacy. It carries a lot of weight in the eyes of the CA’s. A POL can be used to satisfy 5 out of the 7 requirements for obtaining an EV SSL.


Author: Paul Baka
Published:

    Next Guide...
    Extended Validation Organisation Authentication

    Much like with Organisation Validation, one of the checks during the Extended Validation process is called Organisation Authentication. What is Organisation Authentication? The Organisation Authentication requirement is straightforward – This is where the Certificate Authority verifies that your c…