What's the Validation Requirement to Get an OV SSL Certificate Issued?
Business Legitimacy Is Verified Before Issuing an Organization Validated SSL Certificate
Organization Validated SSL certificate is a great way to build trust with your customers and deal with the customer's and company's information. Purchasing OV (Organization Validated) SSL certificates from globally respected certificate authorities like Sectigo & Comodo and allowing them to verify the legitimacy of your business makes you trustworthy.
Likewise, your verified business details like company name and address go into your OV SSL certificate information, which can be viewed by anyone who wants to check. To get an OV SSL certificate issued, it takes around 1 to 3 business days, in which business legitimacy gets verified by the CA.
Here's How the CA Verifies Business to Issue Your OV SSL Certificate
You're required to go with the below steps and have to submit certain documents for completing verification of your business:
Organization Authentication
It's the first step where CAs like Comodo and Sectigo verify your company's registration documents to make sure your business is legit. Here CA looks at the registration information and verifies your business is active and registered in the mentioned location. It's recommended that you ensure every detail you provide within CSR and give it to the CA before validation is correct. For instance, even a single spelling mistake can delay OV SSL issuance.
Likewise, your company registration detail is verified against the government's online database. CA moves to the next step if the details you provided are correct and the same as the listed information. In addition, if your business is operated under trade names, DBAs, or assumed names, then all such registration information should be accurate, too. Lastly, CAs, check the government's online database and verify all the details you submitted are precisely like the details listed in the government database.
Locality Presence
Once Organization Authentication is completed, CA will move to the next step of verifying locality presence, in which it's verified your company has a legit physical address within the mentioned country or state where it's registered. But, again, CA doesn't need to verify the actual street address, and city, state, & country will do the job.
Likewise, CA like Sectigo and Comodo verifies information by looking at an Online Government Database. For instance, they'll verify if the database they're looking for has the exact matching company details you provided. And, if it doesn't, then you may need to go with another method for providing the presence of your company within the locality you mentioned, like
- Providing official registration documents
- Comprehensive DUNS Credit Report
- Legal Opinion Letter
Telephone Verification
It's the most straightforward requirement where CA, such as Sectigo, verifies your Telephone number. In other words, your publicly listed telephone number is verified by an acceptable online telephone directory. Likewise, the telephone number listed in the telephone directory should also display the exact business name and address, verified in an earlier step.
However, if the government database doesn't display the phone number, then no need to worry about it. Likewise, there are alternative method if your company have a telephone number listed, such as:
- Third-Party Directory
- Legal Opinion Letter
Likewise, some of the information required to be found in the listing to verify your telephone number is:
- The full legal name of your company includes corporate identifiers such as GMBH, PTY LTD, Inc, LLC, etc., matching with business registration documents.
- The telephone number that matches with the telephone number to be verified.
- Full street address of your company.
Telephone Verification
It's the most straightforward requirement where CA, such as Sectigo, verifies your Telephone number. In other words, your publicly listed telephone number is verified by an acceptable online telephone directory. Likewise, the telephone number listed in the telephone directory should also display the exact business name and address, verified in an earlier step.
However, if the government database doesn't display the phone number, then no need to worry about it. Likewise, there are alternative method if your company have a telephone number listed, such as:
- Third-Party Directory
- Legal Opinion Letter
Domain Verification
In this step, you're required to prove that the domain belongs to you for which you're purchasing an OV SSL certificate. Here CA verifies against your company information with the WHOIS registry record. The record should show the verified business name with the corporate identifier and physical address.
However, if the WHOIS record doesn't match or is not found, you can apply some alternate methods. For instance,
- Update WHOIS Record
- Getting email on the pre-approved email address
- Legal Opinion Letter
Final Verification Call
Once the mentioned requirement is completed, CA continues with its final verification step of calling you. Here, CA speaks with you or to the person who applied for an OV SSL certificate through your company's verified phone number to confirm the OV SSL details you ordered.
Likewise, CA will attempt to go through different ways if the telephone number doesn't connect to the concerned person directly and rings to the desk. For instance, some of the alternate methods CA allows are like:
- Going through Extension or IVR
- Transfer of call. For instance, CA will be patient enough to connect to reception until the call doesn't connect with you.
Nonetheless, if you fail to complete any of the mentioned processes, there's a high chance of your delay in issuing your OV SSL certificate. Though, there's an alternate method to take care of it. So, if you fail in any of the above methods, you can go through these alternate methods.
Alternate Methods to Complete Validation Requirements
Professional Opinion Letter
A professional opinion letter, an abbreviation of POL, also known as Legal Opinion Letter, is a document given by an accredited attorney or accountant that declares your company or organization is a legal entity.
Sometimes, this Professional Opinion Letter can be hard to get, but it's an invaluable document that satisfies many requirements. Similarly, Professional Opinion Letter (POL) helps to satisfy below mentioned four requirements to get your OV SSL certificate issued:
- Organization Authentication
- Locality Presence
- Telephone Verification
- Domain Verification
Dun & Bradstreet
Dun & Bradstreet is an American company that provides commercial data, analytics, and business insights. Likewise, CA accepts DUNS Credit Report for verifying certain company or an organization detail as their credit report is held in high regard with the CA. Similarly, it's also used for satisfying some of the verification requirements to get an OV SSL certificate issued.
- Organization Authentication
- Locality Presence
Pre-approved Email Address
Suppose your WHOIS record doesn't provide details about your website registration, or you've kept it hidden. In that case, there's another option of getting an email on a pre-approved email address to complete your domain verification step. Likewise, below are the pre-approved email address where you can get the domain verification link: