OV (Organization Validation) of TLS certificates
In this article, you will learn how to verify your organization using the OV process. Certificates issued with this verification contain complete information about the holder in detail and, in contrast to DV certificates, allow their authentication.
This verification procedure applies to the following TLS certificates:
- Thawte Web Server
- DigiCert Standard SSL
- DigiCert Secure Site
- DigiCert Secure Site Pro
- GeoTrust True BusinessID
The OV SSL/TLS certificate verification process is simple and consists of three steps that can be automated
- Domain ownership validation
- Applicant company verification
- Final confirmation and order completion
Domain ownership validation
The certificate for a given domain does not necessarily have to be requested by its owner, but every certificate order for a certain domain must be confirmed by its holder (owner, administrator, an employee of the organization).
Domains are confirmed separately in the certificate order, but the validation is valid even in the future; see the green notice above.
Emails (five addresses given by the certification authority) can be used for domain verification and, where there is no mail, alternative verification using a DNS record or FTP file can be used. For more information, see the article on DV certificate validation.
Applicant company verification
Information about the company that will subsequently hold the SSL/TLS certificate is verified in the Commercial Register. The organization listed as the applicant of the certificate must have its identification number; if issuing a certificate for self-employed persons, the same condition applies.
There is no need for the applicant's cooperation in this step and it is purely done by the CA. Recurring orders are subject to prior verification, which can be valid for up to 27 months.
Final confirmation and order completion
The certificate verification process is completed by contacting the certification authority with the authorization contact from the order, which should be an employee from the organization requesting the certificate. This contact had previously been strictly verified via telephone, based on publicly verified telephone number sources. However, it is possible to confirm the certificate via e-mail if the certification authority succeeds in verifying the applicant's e-mail address.
If a call is needed, the certification authority will obtain a phone number from public telephone sources (Google Businesses, DnB). If the CA is not able to locate some information publicly, it will request (in exceptional cases) subsequent verification via forms. The certificate’s issue is thus extended by the subsequent verification time.
Once the verification process is complete, the generated SSL/TLS certificate is sent to the technical contact email, or you can obtain it at any time by logging in to your customer account.