The validation a certificate authority performs depends on the type of SSL certificate you purchased. This reference article describes the three validation types: Domain Validation (DV), Organization Validation (OV), and Extended Validation (EV), and the checks each one involves.
Comparing the three validation types
There are three types of validation used depending on the type of SSL certificate purchased: Domain Validation, Organization Validation, and Extended Validation.
Validation type
Details
DV – Domain validation
Domain Control Validation (DCV) email is sent to the Approval Email Address.
Issue time of 1–7 days based on the information submitted.
OV – Organization validation
DCV email is still sent out to the Approval Email Address.
The certificate issuers validate the organization through the organization's online presence and/or DUNS (www.dnb.com) or other online business lookups.
They also require phone call verification with a public number listed for the organization.
EV – Extended validation
DCV email is still sent out to the Approval Email Address.
Confirms the existence of the company through third-party sources.
Verifies that the request has been made on behalf of the company.
If necessary, obtains mutual confirmation of the request between the certificate authority and the requesting party.
Requires phone call verification with a public number listed for the organization.
Typically a contract is sent at the end of the validation process to the requesting party. The contract must be signed by an authorized person.
Background checks performed.
A customer wishing to obtain an EV SSL certificate must own and control the domain name that will use the EV SSL certificate.
The certificate authority must verify that the individual requesting the certificate is acting as a legitimate agent for the requesting company.
A certificate authority checks to confirm that the business is legally recognized and that the formal name matches official government records.
The certificate authority is required to cross-check the address listed in the certificate application against a qualified government database.
The certificate authority confirms that the telephone number listed on the certificate application is the primary telephone number for the requesting organization.
