Home How to install SSL Certificate Verification via email to issue SSL-certificates

Verification via email to issue SSL-certificates

Posted on by editor

Verification of certificates based on an confirmation of email account ownership is the most common certificate validation mechanism used by certification authorities in case of ordering DV certificates. The purpose of validation is to ensure the authenticity of the certificate order before the release of the new certificate. Certification Authority before a certificate release must be sure that the domain that is specified in the certificate is registered, and the individual who is a domain administrator endorses request for certificate issuance.

Do you need SSL certificates? The store of certificates entrusted by years and millions of visitors — LeaderSSL. Buy a certificate from a trusted brand.

Validation of email account is a mandatory step, carried out by a certification authority on the basis of publicly available information.

How does the validation process work?

Validation via e-mail confirmation consists of the following steps:

When you ordering an certificate, a list of authorized e-mail addresses will be displayed. All of them are determined by the certification authority for the domain associated with the certificate. You will select the appropriate email from the list.

Certificate Authority sends you a verification email that is called DCV-email, with a unique link for the purpose of verification of certificate and validation of ownership of the domain. You would need to follow the link in order to validate and verify the certificate. In this case, validation will be confirmed and the CA generates the certificate.

Requirements for email

The main purpose of the validation process is to ensure that the certificate is requested by someone who has administrative power for the domain. Therefore, an email should be public and precisely associated with the user who is the owner or administrator of the domain specified in the certificate.

Administrative email is usually similar to the one of the following examples:

  • admin@example.com
  • administrator@example.com
  • hostmaster@example.com
  • postmaster@example.com
  • webmaster@example.com

In this case example.com is the domain for which the certificate is issued.

Alternatively, verification email could be sent to another email-address, but only if it is listed in WHOIS-domain information. This is the only way for the CA to make sure that the email is legit and associated with the domain.

To use the e-mail specified in WHOIS domain, privacy settings needs to be removed.

Related posts:

  1. Attackers can exploit the vulnerability in StartSSL for issuing SSL certificates
  2. Encrypting email – it always necessary certificates?
  3. How to order an SSL-certificate? What is required?
  4. Google, Microsoft and Yahoo want to make email resistant to MITM attacks
  5. DV SSL-certificates: what is it?
  6. 9000 erroneously issued GoDaddy SSL-certificates have been revoked
  7. The problems that come when renew SSL-certificates
  8. What is a Certificate Authority (CA)?
  9. Re-issue of the certificate due to setting domain name without the www
  10. General description of the SSL certificate and its purpose

Do you need SSL certificates? The store of certificates entrusted by years and millions of visitors — LeaderSSL. Buy a certificate from a trusted brand.

Posted in How to install SSL Certificate, Validation, What is an SSL-Certificate Tagged with: , , ,

All about SSL

This site is dedicated to SSL-certificates. You will learn what is an SSL certificate, how to issue and reissue it. FAQ SSL will be useful for both novices and pros. SSL Knowledgebase contains sections on validation, trust logo, vulnerabilities, SSL-certificates differences by type (Wildcard, EV, DV, etc.), as well as many other things.