In this section, you will learn how to get your organization validated. It is simple, and if doesn’t appear so, we have got you covered.
Prior to discuss more about OV (Organization Validation), let’s look at what is validation is all about.
A validation is the formal process handled by the Certificate Authorities (CA). The purpose of validation is to verify the authenticity and accuracy of the information supplied by the certificate applicant prior to the issuance of a certificate. The validation duration may vary depending on the type of SSL certificate.
There are 3 types of validation used by CA depending on the type of SSL that you have purchased: Domain Validation (DV), Organization Validation (OV), and Extended Validation (EV).
As you are clear with what’s validation is all about, let’s talk more about the Organization Validation (OV).
When you purchase OV SSL Certificate, a certificate issuing CA will validate your company/organization active existence, domain name and other information through the use publicly available databases. Once the CA verifies all the information successfully, the OV certificate will be issued which contains the company or organization name. Because of manual additional checks, this OV (also sometimes referred as Business Validation or BV) SSL certificate takes several days for issuance.
Let’s look at the Validation Requirements for OV SSL Certificates. The Business/Organization validation process is divided into below phases: domain ownership authentication, company verification, physical address confirmation, telephone verification and a final verification callback. Let’s learn more about each phase below.
A DCV process is a first step in organization validation. DCV is a process used to confirm ownership or control of a registered domain name. A certificate applicant needs to verify the domain ownership. There are three DCV methods available. It is possible for you to validation domain control using one of the methods.
When you opt for this method, you’re required to create a CNAME entry in your domain’s DNS record. The values for the CNAME record will be provided to you by Certificate Authority.
To complete the domain control verification with this method, you are provided with a text (.txt) file which you need to upload to the "/.well-known/pki-validation” folder. The Certificate Authority system will validate the file and its content.
Getting through the organization authentication is first among the steps of Organization Validation process. During a Business/Organization validation, the Certificate Authority (CA) makes sure that the organization is a legitimate and registered with an official government registration agency and in good standing in the location listed in your order.
Primarily, CA will try to verify company/business legal existence by checking the public government databases. You will pass this phase if your company details match up.
If, in case it is not successful, don’t worry, there alternative options are available for you.
Option A:Company legal existence and address can be verified using one of the documents.
Option B:Company can be checked via public 3rd party databases like
Option C:Company legal existence and authenticity can be checked with a Legal Opinion Letter (sometimes known as a Professional Opinion Letter). You can obtain POL (Professional Opinion Letter) from an attorney or accountant.
The next step to Organization Validation is proving the organization locality presence (physical address confirmation). During this phase, the CA checks and confirms the legal presence of the company and physical address in its registered location. Please note that the CA will only verify the City, State or Country.
If organization details are not listed in the Government agency record, the CA will verify the organization’s registered, physical address through one of the following options.
Telephone Verification is rather a straightforward step of this entire process. All you need is an organization’s active telephone listing in one of the acceptable online telephone directories.
If your organization’s telephone number is not listed in the Government agency record, the CA will confirm the organization’s telephone number using one of the following methods.
Please note that in order to fulfil the telephone number confirmation/verification, you need to have,
This is the final obligatory step in Organization Validation. The purpose of this callback process is to verify organization contact and certificate applicant is authorized to request an OV SSL Certificate on behalf of the organization. The CA will send a final verification callback email to certificate requester once all the documentary validation is complete. This callback email includes the instruction on how to receive an automated call to the phone numbers listed for your organization.
You can schedule a callback as per your suitable time and, you can request a manual callback, where you will receive a call from CA agent to validate the order.
n case, due to some reason if this final verification call doesn't get through to you, don’t worry...The CA will attempt to contact you through other alternative methods.
The CA will be able to work through your phone system if it uses extensions or IVR (Interactive Voice Response).
If any alternative number is provided to the CA via registration, e.g. of the receptionist or the manager, then these sources can also provide the CA your actual number.
For genuine organizations this process goes smoothly and quickly. Remember that an OV certificates distinguish the legitimate companies/businesses from the pretenders including scammers and hackers.
We always welcome feedback or comments from our customers and site visitors. Please contact us , if your questions or doubts are not covered here.