loading image
What type of validation

What type of validation is required?

Learn about SSL certificate validation types while issuance

A trust hierarchy demands that entities "vouch" for each other. Companies that issue SSL certificates are in the business of establishing that entities on the web are, in fact, who they claim to be. The potential for criminal activity on the web (in relevance to SSL anyway), is in online "hijacking" of sites or connections to siphon encrypted data. Persons so inclined can easily "copy" web site interfaces and pose as well-known vendors, simply to collect confidential data.

SSL certificates work to prevent this through ensuring that www.abc.com is, in fact, ABC Company. In the "real world" we use identification procedures like photo IDs, telephone calls and papers of incorporation to verify who we're dealing with. If products or services are defective, buyers can seek recourse. In the "online world", companies looking to use SSL certificates must prove to the Certification Authority that they have the right to present themselves online as ABC Company.

This is done through a variety of means that differ by SSL product. For simplicity, consider the method started and championed by Symantec™, as the "traditional" model. The process involves certificate petitioners faxing their Articles of Incorporation, and then waiting several days to be granted a certificate to do business online under that name. There is a fair amount of overhead related to this task, as these credentials are examined and reviewed, and full-service products in this arena can cost hundreds of dollars.

There are newer, lower-cost alternatives in which certificates are issued more quickly. These certificates verify that the certificate holder is the owner of that domain, ensuring customers that domain name "owners" are who they claim to be.

There are also other validation options, like two-way, real-time telephony. Certificate applicants are required to provide telephone numbers, and Certification Authorities call to verify basic information, providing yet another way to seek recourse in the event of problems.

So there are essentially two types of validation available - manual and automated.

Manual Validation

This type involves the validation of domain name ownership and business legitimacy using humans. This process is traditionally slow and takes up to two working days, often longer. A manually validated certificate usually contains the following information within the certificate:

Manual Validation Image

Auto-Validation

With this method computer, databases and automated routines validate domain name ownership and business legitimacy. The process takes minutes rather than days. The GeoTrust® QuickSSL product and RapidSSL Certificates and Chained SSL products use automated validation to issue SSL certificates within ten minutes. Their automated validation processes are WebTrust- compliant and use Domain Control validation and Unique Business Registration to validate the applicant before issuing the certificate.

An automatically validated certificate, such as GeoTrust® or RapidSSL® certificates, contain the following information within the certificate:

Auto Validation Image
Why RSO Image

Why Choose Us?

As an SSL Pioneer and a top Symantec Specialist Partner, there have been 400,000+ site owners that love our convenient selection of the world’s most popular solutions, streamlined support, awesome experts and unlimited resources & tools to get the job done right at an EXTREMELY AFFORDABLE RATE!

  • Firefox web browser image
  • Google Chrome web browser image
  • Internet Explorer web browser image
  • Opera web brower image
  • Safari web browser image
  • Netscape web browser image
  • AOL web browser image

Our certs are supported on 99.9% of web browsers, iPhones & mobile devices

Our Awesome Customers

View SSL reviews & testimonials
Live Chat