• Organization Validation SSL Overview

    Organizaition Validation SSL: Fast & Easy Approval

    So you've purchased an Organization Validation SSL certificate -now what? How does one get their organization validated? It may seem like a tall order, but don’t worry. It’s really quite simple. And you’ve got us in your corner. Trust us, this will be easy.

    What are the Organization Validation Requirements?

    The requirements for an Organization Validation SSL certificate are the same regardless of which CA you go with. These requirements are:

    • Organization Authentication
    • Locality Presence
    • Telephone Verification
    • Domain Authentication
    • Final Verification Call

    As long as you’re a legitimate organization this process will go smoothly. Remember, part of the reason this process even exists is to differentiate the legitimate businesses from the pretenders—including scam artists and cybercriminals. So, if you’re working for an actual business, then you have nothing to worry about.

    Plus, we’ll be here helping you the whole way. You’ll have the benefit of our many years of experience behind you. Typically, the CA’s like to tell you issuance takes 1-3 business days—that’s to give themselves some cushion. But if you’re in a hurry, we can even expedite the process for you.

    So what are you waiting for? Let’s get started!

  • Organization Authentication

    Enrollment Forms

    The first requirement for an Organization Validation SSL certificate is called Organization Authentication. This is where the Certificate Authority (CA) will attempt to verify that your organization is a legitimate legal entity.

    What is Organization Authentication?

    The Organization Authentication requirement is perhaps the most involved of all the OV requirements. The CA will be checking that your organization is registered and active within your state or country. It’s absolutely vital that all of the listed information from your organization’s registration matches the details that you supplied during enrollment. It’s also worth noting that if your organization operates under any trade names, assumed names or DBAs, that all of that registration information needs to be up to date and accurate as well.

    The primary way that the CAs will attempt to verify this information is by checking the Online Government Database in your local municipality, state or country—whatever government site publically displays your business entity registration status. You can check on your registration information here .

    If all the details match up, then you’ll have satisfied this requirement. If not, don’t worry. There are alternative methods your CA and you can utilize to authenticate your organization. .

    • Official Registration Documents – You can use the business registration documents that have been issued by your local government to satisfy this requirement. Examples of these types of documents include articles of incorporation, chartered licenses and DBA statements—anything from the government showing your company is a legitimate legal entity.
    • Dun & Bradstreet – You can use a comprehensive DUNS Credit Report to verify specific details associated with your business entity. Dun & Bradstreet is an organization that does financial reporting on other businesses. Their credit reports are held in high esteem by the CAs and can be used to satisfy multiple requirements.
    • POL – Though Legal Opinion Letters, often called Professional Opinion Letters or POLs, can be a hassle to obtain, they are exceptionally useful during the validation process. They satisfy four of the five requirements for Organization Validation. Essentially you are having an attorney or accountant vouch for the legitimacy of your organization by signing a letter from your CA. You can learn more about POL’s here.
  • Locality Presence

    Locality Presence

    After Organization Authentication , the next requirement for an Organization Validated SSL certificate is proving Locality Presence. For this requirement, the Certificate Authority (CA) will try to verify that your organization or company has an active legal presence in its registered location.

    What is Locality Presence

    To fulfill the Locality Presence requirement, the Certificate Authority needs to verify that your organization has a legitimate physical presence within the country or state it’s registered in. The CA doesn’t need to verify the actual street address, just the city, state or country in the address.

    Usually the CA will attempt to verify this information by searching an Online Government Database . It will look in the relevant database and check the registration details – the city/state/country in your address – against the details you provided at the outset of the process.

    If everything checks out, you’re good to go—you have satisfied this requirement. However, if everything doesn’t match exactly, you’ll need to utilize another method to prove your locality presence.

    Fortunately, there are three other ways to satisfy this requirement.

    Other Methods for Organization Authentication

    There are two other methods for satisfying the Organization Authentication requirement.

    • Official Registration Documents – The CAs will accept documents from your local government (city, state or country) that verify the information you provided them during enrollment. This includes documents such as articles of incorporation, chartered licenses and DBA statements.
    • Dun & Bradstreet – Providing a comprehensive DUNS Credit Report will allow the CA to verify the physical address associated with your organization. Dun & Bradstreet credit reports are incredibly useful for the purpose of validation as they can satisfy both this requirement and the Organization Authentication requirement.
    • POL – A legal opinion letter, which is sometimes called a POL or professional opinion letter, is a document in which an accountant or attorney (they must be in good standing) verifies the legitimacy of your business. They can be used to satisfy four of the five requirements for an OV SSL Certificate.
  • Telephone Verification

    Telephone Verification

    One of the more straightforward requirements in the Organization Validation process is Telephone Verification. Do you have a telephone number listed? Is it verifiable by a third-party directory? Boom. Done.

    What is Telephone Verification?

    In order to satisfy the Telephone Verification requirement, you must have an active telephone listing that’s verifiable by an acceptable online telephone directory. The listing must display the exact same business name and physical address as you’ve already had verified.

    To check this, the first place the CAs will go are the Online Government Databases. If your number is listed and the organization name and address match up, you’re good to go—you’ve satisfied this requirement.

    Unfortunately, the majority of government databases don’t display the phone number. This complicates things a bit for the CA, but not for you, as long as your organization does have a number listed.

    • Third-Party Directory – The CAs can use an existing or new telephone listing from an acceptable third-party directory. Examples of these accepted directories include the Yellow Pages, Scoot, 192.com, etc. But keep in mind, the business name and physical address must be exactly the same.
    • Dun & Bradstreet – Providing a comprehensive DUNS Credit Report will allow the CA to verify the physical address associated with your organization. Dun & Bradstreet credit reports are incredibly useful for the purpose of validation as they can satisfy both this requirement and the Organization Authentication requirement.
    • POL – A legal opinion letter, which is sometimes called a POL or professional opinion letter, is a document in which an accountant or attorney (they must be in good standing) verifies the legitimacy of your business. They can be used to satisfy four of the five requirements for an OV SSL Certificate.
  • Domain Verification

    Domain Verification

    The next requirement for Organization Validated SSL is Domain Verification. This is where the Certificate Authority (CA) will attempt to verify that your organization owns the domain in question.

    What is Domain Verification?

    To satisfy the Domain Verification requirement you need to prove that your organization owns the domain that was registered for.

    There are several ways to do this, but the CA is going to start by looking at the WHOIS registry. WHOIS, is an internet database that stores domain registrar information. For this approach to work the record must be publically available, and the record must display the verified business name with corporate identifier (if applicable) along with the physical address.

    If the WHOIS registry is publically available and checks out against the information you supplied during enrollment, then you’ve cleared this requirement. If not, there are three other ways to satisfy the Domain Verification requirement.

    Alternative Methods to Complete Domain Verification

    • Updating your WHOIS Record – If the details in your WHOIS record are outdated or incorrect, or if a privacy setting is enabled, you can update the record and request that the CA check your WHOIS details again.
    • Proof of Right Email – You can use a comprehensive Dun & Bradstreet credit report to verify the physical address of your company. Dun & Bradstreet is a large company that does credit reports on businesses, the CAs view DUNS as an unimpugnable source of information when vetting organizations.([email protected], [email protected], [email protected], [email protected] and [email protected]).
    • Legal Opinion Letter – If your details can’t be seen or updated, you can also have an attorney or an accountant (who must be in good standing) sign a letter verifying your ownership of the domain. This is called a Legal Opinion Letter (also known as a Professional Opinion Letter or POL). While obtaining a POL can be a pain, it’s usefulness is undeniable—it can be used to satisfy four of the five OV requirements.
  • Final Verification Call

    Final Verification Call

    The Final Verification call is the last requirement for an Organization Validated SSL certificate. It’s simple, the Certificate Authority (CA) will call the telephone number associated with your organization to verify the details of the order.

    What is the Final Verification Call?

    To finish the Organization Validation process and issue your SSL certificate, the Certificate Authority will need to call and speak with you or your specified applicant (your site admin) via your organization’s verified telephone number in order to confirm the details of your order.

    This really is as simple as it sounds. Just make sure you (or your site admin) are available to pick up the phone and answer the questions. They’re not hard questions, either. Just generally things like, “did you order this?” or “what is the name of your company?” Simple. And it takes less than five minutes.

    Now, if the listed telephone number doesn’t ring directly to your desk – as does sometimes happen – do not worry. The CA will attempt to contact you a couple of different ways.

    • Extension or IVR – If your phone system uses extensions or Interactive Voice Response (IVR), then the CA will work through the phone system to connect to you. So as long as your extension is listed (or you have provided it) or your phone can be reached by the IVR, you’ll be alright. .
    • Transfer or Alternative Number – If you don’t have an extension or IVR, the CA can also have the receptionist (or whoever answers your phones) transfer them or provide them with your direct number.

    From there, just answer the CA’s questions (like we said, they’re not trying to trick you with anything too challenging) and you’ll have satisfied the final requirement.

    Now all that’s left is for the CA to issue you the SSL certificate. Then you’ll need to install it. For more help installing your SSL Certificate, click here.