Most people realize that SSL is something that helps users stay secure while they're online. However, not everyone realizes that in order to purchase a SSL certificate for their website, there's a very specific approval process that you must go through depending on what kind of SSL certificate you're getting. This article explains the different kinds of SSL certificates and how the SSL certificate approval process differs depending on what kind you're getting.

The Different Kinds of SSL

There are three different kinds of SSL certificate classifications, each kind corresponds to how thuroughly the SSL certificate vendor - like GeoTrust, Thawte, Comodo, Symantec, etc - has valididated the owner of the site before issuing the SSL to whoever is purchasing it.

The job of the SSL provider is to make sure that SSL's are only granted to people who own the site that the SSL is being purchased for, rather than someone else who may be trying to impersonate the site. The amount at which an SSL vendor validates the site and its owner is broken down into the following three levels:

  • Domain Validation (DV) - For a DV SSL, the only thing that's checked is that the person requesting the SSL certificate has control over the domain that the SSL is being issued to. This validation is done by sending a confirmation email to a specific address, or by checking for the presence of a specific file on the website. The entire process is almost always fully automated.
     
  • Organization Validated (OV) - For OV SSL, an actual human almost always checks your business records with those from a reliable source, like state or other government records. During the order process, you will be asked for things like your business tax ID number or other official documents so that they can be verified.
     
  • Extended Validation (EV) - EV SSL are the most stringintly checked SSL certificates that we have currently. Not only are your government records checked, but other aspects of your business are also verified. This kind of certificate usually produces a green color in your browser's address bar - helping your visitors know that your site is secure.

DV Certificate Authorization

When ordering or renewing a DV SSL certificate and using email verification, the SSL vendor will send an email message with authorization instructions only to very specific email addresses. The idea is that by limiting the email addresses that can be used to verify a domain, you ensure that the person requesting the SSL has control over the domain they're ordering SSL for. You wouldn't want just anyone with a gmail.com email address to be able to get a SSL certificate for gmail.com would you? This is why the list of acceptable email addresses is very limited.

As a result, the ssl approval email address must be one of the following:

- The domain Administrative Contact (cannot be a "private" contact)
- The domain Technical Contact (cannot be a "private" contact)

Or one of the following addresses at the domain that the SSL certificate is being ordered for. In our examples below, we'll just use "thesecureddomain.com" as the example domain:

admin@thesecureddomain.com
administrator@thesecureddomain.com
hostmaster@thesecureddomain.com
webmaster@thesecureddomain.com
postmaster@thesecureddomain.com

If you do not already know what your domain's Administrative Contact or Technical Contact is set to for your domain, you can run a 'Whois' check on the domain or ask you can ask us and we'll check it for you.

You can check the whois data for a domain by visiting the following link and entering the domain into the text box then clicking the box marked 'Lookup': http://whois.icann.org

icann whois
Screen shot of the ICANN whois page.

 

This should tell you who your domain's Administrative Contact and Technical Contact are currently set to. If they're set to email addresses that you use regularly, you can use that email address to send the DV SSL Authorization Request Email to.

Once the order for the DV SSL is placed an SSL Authorization Request Email will be sent to the selected address and will include instructions for approving the new SSL certificate.

If anything about this article was confusing or unclear, just ask! We're always here to help!