SSL Certificate Validation

This article explains the end-to-end SSL certificate validation process that begins after an SSL certificate is purchased and submitted for issuance. It outlines how the Certificate Authority (CA) verifies domain ownership and, where applicable, organizational identity before issuing the certificate for installation. 

 

Overview of the SSL Certificate validation 

After purchase, SSL validation follows a structured sequence: 

1. Certificate request, using the CSR, is submitted to the Certificate Authority.  
2. The CA initiates validation based on certificate type (DV, OV, or EV).  
3. Required ownership or identity checks are completed.  
4. The CA approves or rejects the request.  
5. The SSL certificate is issued once validation is successful.  

The exact steps depend on the validation level of the certificate: 

• Domain Validation (DV) 
• Organization Validation (OV) 
• Extended Validation (EV) 

 

Domain Validation (DV) 

Domain Validation is the most basic validation type and focuses only on proving control over the domain name included in the certificate request. 

The validation process is completed using one of the methods provided by the Certificate Authority. The following methods are commonly used: 

• Email-based validation 
  
  The CA sends a validation email to a predefined administrative address associated with your domain such as admin@, administrator@, or [email protected]. You must open the email and click the validation link or follow the provided instructions to approve the certificate request.
   
• DNS-based validation 
  
  The CA provides a unique DNS record (usually a CNAME or TXT record). You must add the DNS record to the domain’s DNS zone file. Once the CA detects the record, domain ownership is confirmed automatically.
   
• HTTP/HTTPS file validation 
  
  The CA provides a validation file or token. You must upload this file to a specific directory on the website (commonly a .well-known path). The CA then accesses the file via HTTP or HTTPS to confirm domain control.  

Once any of the above methods is successfully completed, the CA marks the domain as validated and proceeds with certificate issuance. 

 

Organization validation (OV) 

Organization Validation includes both domain ownership verification and organization identity verification. This process is used to confirm that the business requesting the certificate is a legally registered entity. 

The validation process typically includes the following steps: 

1. Domain ownership validation 
   
   The same methods used in DV validation (email, DNS, or HTTP file validation) are first completed to confirm control over the domain.
    
2. Organization verification review 
   
   The CA reviews official business records such as registration documents, government listings, or business directories. The legal name, address, and operational status of the organization must match the information submitted during the certificate request.  
    
3. Telephone or third-party verification 
   
   The CA may perform a verification call using publicly listed contact information. This step is used to confirm that the organization is reachable and that the certificate request is authorized.  

Once both domain and organization checks are approved, the certificate is issued. 

 

Extended validation (EV) 

Extended Validation involves the most detailed verification process and follows strict CA/Browser Forum guidelines. It is designed to validate both domain ownership and the legal identity, physical presence, and operational status of the organization. 

The validation process includes the following stages: 

1. Initial domain validation 
   
   Domain ownership is confirmed using DNS, email, or HTTP file validation, similar to DV and OV processes.  
    
2. Legal identity verification 
   
   The CA validates official incorporation records, business registration documents, and legal entity status. The organization name must match government or official registry records exactly.  
    
3. Physical address verification 
   
   The CA confirms that the organization has a verifiable physical address. This is typically validated through official records or trusted third-party databases.  
    
4. Operational verification 
   
   The CA may verify that the organization is actively conducting business. This can include checking public listings, business activity records, or official contact confirmation.  
    
5. Telephone verification and authorization confirmation 
   
   The CA contacts the organization using independently verified phone numbers. An authorized representative must confirm approval of the SSL certificate request.  

Once all verification steps are completed and approved, the CA issues the EV SSL certificate. 

 

Certificate issuance after validation 

After successful validation, regardless of certificate type, the Certificate Authority issues the SSL certificate files. These files are then made available for installation in your Crazy Domains account. Read the Manage Your Crazy Domains SSL Certificate guide to learn how to download and install your SSL Certificate. 

If any validation step is not completed or fails verification, the issuance process remains pending until the required information or confirmation is successfully provided.