What type of validation is required?
Learn about SSL certificate validation types while issuance
A trust hierarchy demands that entities "vouch" for each other. Companies that issue SSL certificates are in the business of establishing that entities on the web are, in fact, who they claim to be. The potential for criminal activity on the web (in relevance to SSL anyway), is in online "hijacking" of sites or connections to siphon encrypted data. Persons so inclined can easily "copy" web site interfaces and pose as well-known vendors, simply to collect confidential data.
SSL certificates work to prevent this through ensuring that www.abc.com is, in fact, ABC Company. In the "real world" we use identification procedures like photo IDs, telephone calls and papers of incorporation to verify who we're dealing with. If products or services are defective, buyers can seek recourse. In the "online world", companies looking to use SSL certificates must prove to the Certification Authority that they have the right to present themselves online as ABC Company.
This is done through a variety of means that differ by SSL product. For simplicity, consider the method started and championed by DigiCert, as the "traditional" model. The process involves certificate petitioners faxing their Articles of Incorporation, and then waiting several days to be granted a certificate to do business online under that name. There is a fair amount of overhead related to this task, as these credentials are examined and reviewed, and full-service products in this arena can cost hundreds of dollars.
There are newer, lower-cost alternatives in which certificates are issued more quickly. These certificates verify that the certificate holder is the owner of that domain, ensuring customers that domain name "owners" are who they claim to be.
There are also other validation options, like two-way, real-time telephony. Certificate applicants are required to provide telephone numbers, and Certification Authorities call to verify basic information, providing yet another way to seek recourse in the event of problems.
So there are essentially two types of validation available - manual and automated.