Domain Verification

The next requirement for Organization Validated SSL is Domain Verification. This is where the Certificate Authority (CA) will attempt to verify that your organization owns the domain in question.

What is Domain Verification?

To satisfy the Domain Verification requirement you need to prove that your organization owns the domain that was registered for.

There are several ways to do this, but the CA is going to start by looking at the WHOIS registry. If your domain's WHOIS record is public and includes a valid contact email, the CA may be able to send the Domain Authentication email to the address listed on your WHOIS record. 

However, some WHOIS records require human verification via CAPTCHA, which means the CA's system cannot access the record or pull the email. There are also some international privacy laws that prevent WHOIS records from publishing website ownership information.

If the WHOIS option is unavailable, the CA can also send the authentication email to one of five pre-approved email addresses associated with the website. The five pre-approved addresses are:

• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]

If you cannot satisfy the Domain Validation requirement via email, there are alternative methods as well.

Alternative Methods

There are two additional ways to satisfy the Domain Validation requirement, though one of them is exclusive to Comodo. Those alternative methods are:

File-Based Authentication – The CA will provide you with a text file that you will need to upload to the root directory of your website in a specific URL. This will then be verified by the CA via HTTP or HTTPS.

DNS-Based Authentication – The CA will provide you with instructions for creating a special DNS record (a TXT record or CNAME record, depending on the CA) that will prove you control the domain.

All of these methods will satisfy the Domain Verification requirement.