More

Validation

  • What is validation process for issuing an SSL certificate?

    The procedures are different and depend on certificate validation type (DV, OV or EV).

    After ordering it is necessary to send the CSR file that contains encrypted information about the customer.

    DV - domain verification, after filling the data in the wizard SSL, you will receive a link with the code for approval. Mail is sent to the address of the domain for which the certificate is issued, eg admin@example.com, webmaster@example.com. For some certificates are also available alternative methods of validation, which inform the assistant SSL.

    OV - The entity data contained in the CSR must be consistent with the data in the official databases. Verification entity may consist of several stages and is dependent on the certificate issuer and the entity that is applying for a certificate.

    1. Domain Verification by checking domain ownership and sending a code for verification.

    2. Verification of the data in the governmental databases. 

    3. In some cases, verification by an external entity along with a written confirmation of the existence of the entity applying for an SSL certificate or paper application along with the documents of the entity applying for a certificate.

    4 Verification with popular telephone books in the country along with telephone confirmation of the data.

    For EV certificates is required to send the agreement along with the application for an SSL certificate.

  • What do the different validations mean?

    DV certificates (Domain Validation) are issued in a very short time. Verification of the data needed is done remotely. Details of certified organization are not verified and displayed.

    OV certificates (Organization Validation) display the details of verified organization that owns the SSL certificate.

    EV certificates (Extended Validation) is a special type of SSL certificates with an extended validation. Websites with domains protected by EV certificates show the full verification of the entity by changing the color of the address bar (to green). Visitors can be sure that transactions on the secured website are safe and trustworthy.

  • Which validation is right for me?

    Before you choose a validation type, consider what kind of benefits (except encryption) a certificate should offer your site.

     

    Owners of smaller scale websites that treat securing data transfers as the most important issue will probably decide to install a DV certificate.

     

    However when the service should inform clearly: who the owner of the site is, which organization is responsible for securing it, and the legality of the business – the best validation at a  minimum is OV.

     

    For large websites that transfer sensitive data – banking systems, government sites, or health care services – EV validation is recommended. It is the most time consuming validation process because it verifies all the relative details about the named company. After the EV application process is complete, the website operates with an exclusive SSL certificate showing the name of the website owner. Additionally, the address bar of a EV secured websites changes to a shade of green which gives visual confirmation to the user that the website is encrypted and it is now safe to share personal/financial information.

  • Why do you ask for documentation before the application?

    Strong validation is essential for e-commerce growth. Before issuing a SSL we check that the applicant owns or has legal rights to the domain name and is a legal entity. 

  • Methods of Domain Validation
    All standard SSL certificates (DV, OV, EV) must pass through domain validation before the SSL certificate will be issued. Domain Validation (DV) proves ownership and control of registered name.
     
    Methods of validation:
     

    1. E-mail

    A message with a link and a verification code will be sent to one of the administrative e-mail addresses in the domain for which the certificate is being processed. Clicking on the link and entering the code will confirm the management of the domain and the certificate will be issued. The available address names are admin @ administartor@, hostmaster@, postmaster@, and webmaster@.
    The addresses mentioned are imposed by the issuer and cannot be changed. In the case of some domains that provide an e-mail address in the WHOIS database, it is possible to select this address. It is then on the list to choose from. Unable to enter any e-mail address.
     

    2. DNS TXT

    • DIGICERT / GEOTRUST / RAPID / THAWTE

    Download the generated token and enter it in the DNS zone of the certified domain as a TXT record. We always add the record for the base domain and choose the shortest TTL. The token is valid for 30 days, after which it is reset and you should contact support for reissue. Depending on the hosting service provider, always enter the token string in the "value" field or its equivalent, leave the "address" / "host" / "record" field blank.

    • CERTUM
    In the case of a Certum certificate, the DNS TXT record is sent to the e-mail address provided in the CSR. The sent e-mail message contains a detailed instruction on how to execute it, a token and a verification link. After adding the TXT record to the DNS zone, wait a while and click the link from the email. Then click the "verify" button and then "refresh". If everything is correct, a confirmation message will appear. The e-mail received is valid for 7 days.
     

    3. FILE

    • DIGICERT / GEOTRUST / RAPID / THAWTE

    Create a fileauth.txt file, the content of which will contain the downloaded token. Put the value of the given file in accordance with the received path, so that it is visible on the Internet. Download fileauth.txt and place it in the location:
    [http(s)://yourdomain.com]/.well-known/pki-validation/fileauth.txt]

    • CERTUM

    In the case of a Certum certificate, the data regarding the file method are sent to the email address provided in the CSR. The sent e-mail contains detailed instructions on how to implement it, a token and a verification link. After adding the file at the address provided in the e-mail:
    yourdomainname.TLD / .well-known / pki-validation / certum.txt
    the content of which must include the activation code received in the email For example:
    e2dd8ae07f0b7005545b8b6252320f0c60a96a620332a0fa7a77f267a063eb0-certum.pl
    click on the link from the email. Then click the "verify" button and then "refresh". If everything is ok, information about positive verification will appear. The received e-mail is valid for 7 days.

    • SECTIGO / SUPERFAST SSL / DOMENY SSL
    We have a choice of two HTTP / HTTPS protocols, choose one of them and create a file with a specific name, e.g. 880E9D1268FE4185F2CB17B7FE29A74F.txt (copy from the panel) and put it under the given path, e.g.

    http://yourdomain.tld/.well-known/pki-validation/880E9D1268FE4185F2CB17B7FE29A74F.txt or https://yourdomain.tld/.well-known/pki-validation/880E9D1268FE4185F2CB17B7FE29A74F.txt

    The FULL content of the file must be displayed at the address, without additional whitespace, e.g.

    2A911C4BB2FE93527A565E79A1AA0E0AA158B04C63B9FDCBBAB0358F7367F1C1
    sectigo.com
    a9dsd12gou5hzdj8f09b

    4. DNS CNAME

     
    The hashes are as:<MD5 hash of CSR>.yourdomain.com.  CNAME  <SHA1 hash of CSR>.companyca.com.Note: Fullstops after each domain name is required to make the entry fully-qualified.
     >
    • SECTIGO 

    5. HTTP

    CA hashes your CSR and the hashed values are provided to you. You must create a simple text file and place it on your server and served just over HTTP.
     
    The file should be:
    http://yourdomain.com/<Upper Case MD5 hash of CSR>.txt. Content:<SHA1 hash of CSR>
    your_ca.com
     
    Note: Serving the page over HTTPS or HTTP 302 will fail. Please use only HTTP for this procedure.

Other questions from General Information

Other categories

cyber_Folks S.A. – Cookie settings

Do you like good cookies? We too! Some cookies are required for the website to function properly. Also accept additional cookies related to service performance, social networking and marketing. Cookies are also used to personalize ads. Thanks to them, you will get the best experience of our website, which we are constantly improving. The consent granted voluntarily may be withdrawn or modified at any time. More information about the cookies used can be found in our privacy policy. If you prefer to specify your preferences precisely - see the types of cookies below.

Functional (always active)

These are cookies that are necessary for the website to function. The website will not function fully properly without accepting these types of cookies. Example: A cookie that saves your consent or objection is needed so that we know if we have your consent for certain actions on the website, they will also allow you to log in to the Customer Panel, place an order or contact us via chat.

Analytical and performance

They will make it possible to collect information on how to use the website. These files will allow us to count visits and traffic sources to our site, so we can measure and improve its performance, as well as find out which pages are the most and least popular, and understand how visitors navigate our site. They help us analyze website performance and collect synthetic information. Example: We can make heatmaps, so we know which content is readable and which is not, and this allows for better website design. Thanks to them, we can also see which blog entries were read more often and which less often, which allows us to develop more interesting content. The main tool we use is Google Analytics.

Social

It is social platform cookies that will enable you to be associated with your social media accounts. You can share content from our website there. Social network files (from third parties, such as Facebook) collect information to provide personalized advertising content. For example: Ads on your social media are better suited to you and you reduce the chance of seeing excess ads for already purchased services or products.

Marketing

These are files related to the operation of marketing automation systems and ad accountability. Thanks to them, we limit, for example, the number of views of a given advertisement. They also allow us to perform comparative tests, thanks to which we constantly improve the operation of our website. By testing multiple page layouts, it is easier to get one that provides the best readability for users. Communication also becomes more personalized. For example, we may give you an article on how to find a domain name when we see that you are looking for a domain and it is difficult for you to find a suitable name. We can also, for example, show you a hint about logging in, if we see several unsuccessful attempts in a row. Based on the information from these cookies and activity on other websites, your interest profile is built. We mainly use the Google and Facebook advertising network.