Pre-vetting certificates

Pre-vetting of organisations and domains create a much smoother process for your certificate orders. All of it happens in TrustView and is automated.

How is SSL/TLS certificates validated?

We have in the following briefly listed the difference between certificate types and the benefits of pre-vetting.

When you order a SSL/TLS certificate there are 3 levels for the validation that is carried out. The 3 types are:

  • Domain Validated (DV)
  • Organization Validated (OV)
  • Extended Validation (EV)

There is a big difference between the validation process for the different types

Extended Validation (EV)

To get an EV certificate you have to go through a long and thorough validation process. On the other hand you get a green address bar in most browsers, signalling the user the higher level of security.

For an EV certificate you have to be both validates as with DV and OV. In addition to that the following items are checked:

  • The organisations legal, physical and operational existance
  • That the identity provided in the order matches the one officially noted in for example the CVR register
  • That the organisation has an exlusive right to the full domain name
  • That the organisation moreover complies with all requirements and has approved the rules for an EV certificate

For more details, see CA/B Forum, which has defined the requirements for the issuing of EV certificates

Organization Validated (OV)

For the issuing of an OV certificate, the CA will validate the identity of the organisation using among other things 3rd party registers. Additionally the CA will contact the organisation to verify that they actually ordered the certificate

In practice you will be contacted by phone (The person who is mentioned as contact on the order). When the certificate is issued it will contain the organisation name and confirm it has been verified. The users can then identify the organisation behind the website.

Domain Validated (DV)

DV certificates only verify the technical control over the domain itself. That is to say there is no verification about whether the organisation exists or if the order is made from the organisation who own the domain.

When buying a DV certificate you will be asked to pick an email address from a special list. You will need to be able to receive email on one of these as it will prove you control the domain. And therefore can get the certificate issued. The validation can also be completed using DNS if you prefer that.

The email address can either exist on the primary domain or on the subdomain you wish a certificate for. When the email is received on the chosen address, follow the link and you will be asked to confirm your order. When that is done the certificate will be sent over email after a short time.

Note that a DV certificate does not mention who owns the domain.

Get started with pre-vetting

So there are multiple different validation levels depending on what type of certificate you want. To optimize the process it is possible to pre-vet both organisation, identity and ownership of domains.

With pre-vetting set up it is possible to immediately get OV- and EV-certificates issued without delay. Both your organisation, your identity and your ownership of the domain is controlled. When it is approved you can immediately issue certificates through TrustView.

If you want to try pre-vetting, get us to contact you.

* We do not share your information with third parties