3 Validation methods
Domain Validation - DV
Organisation Validation - OV
Extended Validation - EV
Domain Validation - DV
The quickest way to obtain a SSL certificate is to choose Domain Validation. Your company info will not be included in the certificate.
Domein controle
CAA Check
Uitgifte
Domain verification
It is issued after verification of your domain control. This can be done in the following ways:
Option 1 - Approver email
This approver email can only be sent to standard domain email addresses such as admin, administrator, webmaster, hostmaster, postmaster@domain.extension It could also be sent to the email address which is mentioned in the Whois. This Whois mail address can only be used when the CA can see the Whois.
Option 2 - DNS approver
If you don’t have an email address available, or you prefer to validate a TXT record in the DNS, that is no problem. Just ask us for your random value code and give the ready signal. Please do not delete the code until your certificate has been issued.
Option 3 - File approver
When using this option you place a TXT file in a predefined location. This TXT file contains the code which you have obtained by asking us. Afterwards you give the ready signal. Please do not delete the code until your certificate has been issued.
For certificates by Networking4all DV, Digicert, Thawte, Geotrust en RapidSSL create the next location:
http(s)://domain/.well-known/pki-validation/fileauth.txt
Voor Globalsign, en AlphaSSL certificaten maakt u deze locatie aan:http(s)://domain/.well-known/pki-validation/gsdv.txt
CAA Check
Before the Certificate Authority may issue a certificate, a CAA check needs to be done.
The CAA record is a DNS record that provides companies with some extra control over the SSL certificates issued for their domains. A CAA record indicates which CA may issue certificates for your domains. CAs are obligated to check the CAA record per domain. It has been part of the issuance of certificates since September 2017. Companies are not obligated to use the record.
When a CAA record of another CA has been added to the domain, an extra CAA record needs to be added behind the requested certificate. One can also remove all CAA records on the domain.
The CAA record for GlobalSign and AlphSSL is:
CAA 0 issue "globalsign.com"
The CAA record for Networking4all DV, Geotrust, Thawte and Rapidssl is:
CAA 0 issue "digicert.com"
Wildcard certificates need to have 2 CAA records online:
CAA 0 issue wild "globalsign.com"
CAA 0 issue "globalsign.com"
CAA 0 issue wild "digicert.com"
CAA 0 issue "digicert.com"
Issuance
The validation process is checked by a second agent to make sure no mistakes were made. Then, the certificate is issued. The applicant will receive the certificate by email in a zip file at the email address mentioned in the application.
Organisation Validation - OV
An Organisation Validation certificate mentions your company’s registration information. You will receive your OV certificate after the following steps:
Domain
Organization
Phone Verification
CAA Check
Issuance
Domain verification
Finding proof that the applicant has control over the domain. This can be done in the following ways:
Option 1 - Approver email
This approver email can only be sent to standard domain email addresses such as admin, administrator, webmaster, hostmaster, postmaster@domain.extension It could also be sent to the email address which is mentioned in the Whois. This Whois mail address can only be used when the CA can see the Whois.
Option 2 - DNS approver
If you don’t have an email address available, or you prefer to validate a TXT record in the DNS, that is no problem. Just ask us for your random value code and give the ready signal. Please do not delete the code until your certificate has been issued.
Option 3 - File approver
When using this option you place a TXT file in a predefined location. This TXT file contains the code which you have obtained by asking us. Afterwards you give the ready signal. Please do not delete the code until your certificate has been issued.
For certificates by Networking4all DV, Digicert, Thawte, Geotrust en RapidSSL create the next location:
http(s)://domain/.well-known/pki-validation/fileauth.txt
For Globalsign, en AlphaSSL use this location:http(s)://domain/.well-known/pki-validation/gsdv.txt
Verification of the company in the trade register
We check your registration documents to make sure you have an active legal presence in your registered location.
For Networking4all OV and GlobalSign OV certificates we check these sources:
Foreign sources:
For Digicert OV, Geotrust OV and Thawte OV certificates we check:
Verification phone call with applicant
The CA will call the contact person on the number found in a general source. Valid sources are:
For Networking4all OV and GlobalSign OV certificates:
Foreign sources:
For Digicert OV, Geotrust OV and Thawte OV certificates:
CAA Check
Before the Certificate Authority may issue a certificate, a CAA check needs to be done.
The CAA record is a DNS record that provides companies with some extra control over the SSL certificates issued for their domains. A CAA record indicates which CA may issue certificates for your domains. CAs are obligated to check the CAA record per domain. It has been part of the issuance of certificates since September 2017. Companies are not obligated to use the record.
When a CAA record of another CA has been added to the domain, an extra CAA record needs to be added behind the requested certificate. One can also remove all CAA records on the domain.
The CAA record for Networking4all OV and GlobalSign is:
CAA 0 issue "globalsign.com"
The CAA record for Digicert, Geotrust and Thawte is:
CAA 0 issue "digicert.com"
Wildcard certificates need to have 2 CAA records online:
CAA 0 issue wild "globalsign.com"
CAA 0 issue "globalsign.com"
CAA 0 issue wild "digicert.com"
CAA 0 issue "digicert.com"
Issuance
The validation process is checked by a second agent to make sure no mistakes were made. Then, the certificate is issued. The applicant will receive the certificate by email in a zip file at the email address mentioned in the application.
Extended Validation - EV
A certificate with an Extended Validation is the one that provides the maximum level of consumer confidence. It displays your verified company name. All your company’s information is mentioned on a EV certificate. You will receive your EV certificate after the following steps:
Domain
Organization
Phone verification
EV contract
CAA check
Issuance
Domain verification
Finding proof that the applicant has control over the domain. This can be done in the following ways:
Option 1 - Approver email
This approver email can only be sent to standard domain email addresses such as admin, administrator, webmaster, hostmaster, postmaster@domain.extension It could also be sent to the email address which is mentioned in the Whois. This Whois mail address can only be used when the CA can see the Whois.
Option 2 - DNS approver
If you don’t have an email address available, or you prefer to validate a TXT record in the DNS, that is no problem. Just ask us for your random value code and give the ready signal. Please do not delete the code until your certificate has been issued.
Option 3 - File approver
When using this option you place a TXT file in a predefined location. This TXT file contains the code which you have obtained by asking us. Afterwards you give the ready signal. Please do not delete the code until your certificate has been issued.
For certificates by Networking4all DV, Digicert, Thawte, Geotrust en RapidSSL create the next location:
http(s)://domain/.well-known/pki-validation/fileauth.txt
For Globalsign, en AlphaSSL use this location:
http(s)://domain/.well-known/pki-validation/gsdv.txt
Verification of the company in the trade register
We check your registration documents to make sure you have an active legal presence in your registered location.
For Networking4all OV and GlobalSign OV certificates we check these sources:
Foreign sources:
For Digicert OV, Geotrust OV and Thawte OV certificates we check:
Verification phone call with applicant
The CA will call the contact person on the number found in a general source. Valid sources are:
For Networking4all OV and GlobalSign OV certificates:
Foreign sources:
For Digicert OV, Geotrust OV and Thawte OV certificates:
Globalsign
The contracts for GlobalSign EV certificates are sent by email to the email address of the applicant. You’ll receive the “Subscriber agreement” and the “Request form” which you will need to sign and date. Please do not make any other changes to the document and send the signed documents to vetting-emea@globalsign.com with order@networking4all.com in cc.
Networking4all, Digicert, Geotrust en Thawte
During the verification phone call for Networking4all, Digicert , Geotrust en Thawte EV certificates, you’ll receive an email which contains an approver button to sign the EV contract digitally. For a Digicert EV certificate the applicant will receive a Final Approver email. This message will be sent to the email address of the applicant and contains a link with the applicant’s approval.
CAA Check
Before the Certificate Authority may issue a certificate, a CAA check needs to be done.
The CAA record is a DNS record that provides companies with some extra control over the SSL certificates issued for their domains. A CAA record indicates which CA may issue certificates for your domains. CAs are obligated to check the CAA record per domain. It has been part of the issuance of certificates since September 2017. Companies are not obligated to use the record.
When a CAA record of another CA has been added to the domain, an extra CAA record needs to be added behind the requested certificate. One can also remove all CAA records on the domain.
The CAA record for GlobalSign is:
CAA 0 issue "globalsign.com"
The CAA record for Networking4all EV, Digicert, Geotrust and Thawte is:
CAA 0 issue "digicert.com"
Wildcard certificates need to have 2 CAA records online:
CAA 0 issue wild "globalsign.com"
CAA 0 issue "globalsign.com"
CAA 0 issue wild "digicert.com"
CAA 0 issue "digicert.com"
Issuance
The validation process is checked by a second agent to make sure no mistakes were made. Then, the certificate is issued. The applicant will receive the certificate by email in a zip file at the email address mentioned in the application.
Would you like to know more?
Get in touch today.
Read in-depth articles
Do you want to know more about online security and our mission to make the internet safer for everyone?
Become our partner
Networking4all is ready to make the next entry in our timeline. We would love to include you in the next step as our partner. Do you want to read more about our mission and the possibility of a partnership?
Cyber attacks can cause significant damage to your company and your data. The importance of a solid defense against online criminals cannot be overstated. The security services of Networking4all provide insight in your digital security and show exactly how, and where, your assets are most vulnerable.
Dutch