(2 votes, average: 5.00 out of 5)
The EV validation process might look challenging initially, but do not worry about it, as it is easy to complete, just like other SSL Types. The validation process includes a couple of steps more than an OV (organization validation) SSL certificate because EV promises the highest level of trust and security; that is why the certificate authority goes one extra mile to verify the authenticity of the organization.
We have listed seven steps involved between the generation of the order and the issuance of the certificate. This step-by-step guide will enable you to understand the entire process and will be helpful for you in case you stuck at any point in the validation process.
Like every SSL Type, Domain Control Validation (DCV) is essential; it will help the CA (Certificate Authority) verify that you own the domain name. Certificate issuers can use File-based, DNS-based, or Email-based methods to ensure Domain Control Validation.
Each organization must fill out the EV Enrollment form, so the certificate Authority can verify that they are the employee of the organization and authorized to purchase & request an EV SSL Certificate for the company. It is a digital form and needs only a few clicks to submit; however, if required, the user might need to download the form, fill it t manually, and send the scanned copy back to the CA.
An organization registered legally with the government can issue an EV SSL. Hence, in this step, the CA will verify the organization’s legal registration using government registration information; furthermore, the registration status should be “active.”
For EV SSL issuance, the organization should at least be in operation for more than three years. Do not worry if your organization is less than three years old; you can still complete this step by submitting a Professional Opinion Letter signed by a certified attorney or a public accountant.
Physical Address shows the location of the company’s establishment in the country or state. The certificate authority will not accept virtual offices or PO box addresses.
The CA will check the organization’s phone number registered with any online third-party database they trust; for example, Duns & Bradstreet. It must be a working phone number because they will be doing a call verification using that phone number.
The CA will now use the phone number verified from the online third-party database to call and verify the organization details and the employment of the contact person mentioned in the EV enrollment forms. The CA will call during local business hours; However, you can contact our support team to schedule a call according to your availability.
After all the above-given steps are complete, the order moves forward to the final approval team, who will verify all the details thoroughly before issuing your EV SSL certificate.
Certificate Attorney can sign the POL (Professional Opinion Letter) or Legal Opinion Letter and assure your organization’s legality. This letter can fulfill most validation requirements, such as operations existence, physical existence, and phone number verification. Once you submit the POL to the CA, they verify the attorney who has signed the letter by calling on their registered phone number on a trusted online third-party listing, and that is why it is vital to make sure that the POL must be signed only by a certified and online registered attorney or an accountant.
Ans: After completion of all validation steps, the order will move to the second approval team for final review, and then the CA will issue the Certificate; usually, it takes up to 5 days.
Ans: You can update the phone number on any trusted online third-party website, such as Duns & Bradstreet, etc., or contact our support to know the acceptable online source for your region. Alternatively, you can submit a Professional Opinion Letter (POL), also known as a Legal Opinion Letter, signed by a certified attorney or an accountant.
Ans: The CA checks the online third-party databases to verify the phone number. If you want to use your personal phone number, you have to update the same on the online third-party database.
Ans: Due to security reasons and guidelines administered by the CA/B forum, CA only validates independent and pre-approved sources. Personal websites do not qualify under this.
Enable the Highest level of Website Security and User Trust by obtaining Certera’s EV SSL Certificates