Domain Validation SSL certificates are the most basic of the three types of SSL/TLS certificates. While Organization Validation and Extended Validation require multiple steps in which the Certificate Authority vets the company or organization applying for the certificate, Domain Validation takes just a single step. The Certificate Authority must simply verify that the person or organization applying for the certificate owns the registered domain.
What is Domain Validation?
To satisfy the Domain Validation requirement you must prove you own the domain that was submitted with the order.
The easiest, and most preferred method for accomplishing this is via email-based authentication.
During email-based authentication, the CA will send an email to the WHOIS registrar email address asking them to verify that they did indeed register for a certificate. Once you respond to that email in the affirmative, the requirement is considered satisfied and the certificate is issued. This step can be done in just minutes.
If your domain's WHOIS record cannot be accessed due to international privacy laws or human verification requirements (i.e. CAPTCHA), the CA can also send the authentication email to one of five pre-approved email addresses associated with the website. The five pre-approved addresses are:
If you cannot satisfy the Domain Validation requirement via email, there are alternative methods as well.
There are two additional ways to satisfy the Domain Validation requirement if email does not work for you. The specific instructions and values/files required are provided to you after generating your SSL order.
- File-Based Authentication – The CA will provide you with a text file that you will need to upload to the root directory of your website. This will then be verified by the CA via HTTP or HTTPS.
- DNS-Based Authentication – The CA will provide you with two unique hash values. You, in turn, must create a DNS record on your domain with these values to complete validation.
Now all that's left is for the CA to issue you the SSL certificate, then you'll need to install it.