3 Validation methods

Domain Validation - DV

Domain verification
CAA Check
Issuance

Organisation Validation - OV

Domain verification
Verification of the company in the trade register
Verification phone call with applicant
CAA Check
Issuance

Extended Validation - EV

Domain verification
Verification of the company in the trade register
Verification phone call with applicant
EV contract
CAA Check
Issuance

Domain Validation - DV

The quickest way to obtain a SSL certificate is to choose Domain Validation. Your company info will not be included in the certificate.

Domain verification

It is issued after verification of your domain control. This can be done in the following ways:

Option 1 - Approver email

This approver email can only be sent to standard domain email addresses such as admin, administrator, webmaster, hostmaster, postmaster@domain.extension It could also be sent to the email address which is mentioned in the Whois. This Whois mail address can only be used when the CA can see the Whois.

E-mail address 1 admin
E-mail address 2 administrator
E-mail address 3 webmaster
E-mail address 4 hostmaster
E-mail address 5 postmaster
Whois E-mail address 1 (when visible)
Whois E-mail address 2 (when visible)

Option 2 - DNS approver

If you don’t have an email address available, or you prefer to validate a TXT record in the DNS, that is no problem. Just ask us for your random value code and give the ready signal. Please do not delete the code until your certificate has been issued.

Option 3 - File approver

When using this option you place a TXT file in a predefined location. This TXT file contains the code which you have obtained by asking us. Afterwards you give the ready signal. Please do not delete the code until your certificate has been issued.

For certificates by Networking4all DV, Digicert, Thawte, Geotrust en RapidSSL create the next location:
http(s)://domain/.well-known/pki-validation/fileauth.txt

Voor Globalsign, en AlphaSSL certificaten maakt u deze locatie aan:http(s)://domain/.well-known/pki-validation/gsdv.txt

CAA Check

Before the Certificate Authority may issue a certificate, a CAA check needs to be done.

The CAA record is a DNS record that provides companies with some extra control over the SSL certificates issued for their domains. A CAA record indicates which CA may issue certificates for your domains. CAs are obligated to check the CAA record per domain. It has been part of the issuance of certificates since September 2017. Companies are not obligated to use the record.

When a CAA record of another CA has been added to the domain, an extra CAA record needs to be added behind the requested certificate. One can also remove all CAA records on the domain.

The CAA record for GlobalSign and AlphSSL is:
CAA 0 issue "globalsign.com"

The CAA record for Networking4all DV, Geotrust, Thawte and Rapidssl is:
CAA 0 issue "digicert.com"

Wildcard certificates need to have 2 CAA records online:

CAA 0 issue wild "globalsign.com"
CAA 0 issue "globalsign.com"
CAA 0 issue wild "digicert.com"
CAA 0 issue "digicert.com"

Issuance

The validation process is checked by a second agent to make sure no mistakes were made. Then, the certificate is issued. The applicant will receive the certificate by email in a zip file at the email address mentioned in the application.

Organisation Validation - OV

An Organisation Validation certificate mentions your company’s registration information. You will receive your OV certificate after the following steps:

Domain verification

Finding proof that the applicant has control over the domain. This can be done in the following ways:

Option 1 - Approver email

This approver email can only be sent to standard domain email addresses such as admin, administrator, webmaster, hostmaster, postmaster@domain.extension It could also be sent to the email address which is mentioned in the Whois. This Whois mail address can only be used when the CA can see the Whois.

E-mail address 1 admin
E-mail address 2 administrator
E-mail address 3 webmaster
E-mail address 4 hostmaster
E-mail address 5 postmaster
Whois E-mail address 1 (when visible)
Whois E-mail address 2 (when visible)

Option 2 - DNS approver

If you don’t have an email address available, or you prefer to validate a TXT record in the DNS, that is no problem. Just ask us for your random value code and give the ready signal. Please do not delete the code until your certificate has been issued.

Option 3 - File approver

When using this option you place a TXT file in a predefined location. This TXT file contains the code which you have obtained by asking us. Afterwards you give the ready signal. Please do not delete the code until your certificate has been issued.

For certificates by Networking4all DV, Digicert, Thawte, Geotrust en RapidSSL create the next location:
http(s)://domain/.well-known/pki-validation/fileauth.txt

For Globalsign, en AlphaSSL use this location:http(s)://domain/.well-known/pki-validation/gsdv.txt

Verification of the company in the trade register

We check your registration documents to make sure you have an active legal presence in your registered location.

For Networking4all OV and GlobalSign OV certificates we check these sources:

The trade register
hoovers.com
kompass.com

Contact us for sources outside of The Netherlands.

For Digicert OV, Geotrust OV and Thawte OV certificates we check:

Google Business
hoovers.com

Verification phone call with applicant

The CA will call the contact person on the number found in a general source. Valid sources are:

For Networking4all OV and GlobalSign OV certificates:

Trade register
Online phone book
Yellow pages online
hoovers.com
kompass.com

Contact us for sources outside of The Netherlands.

For Digicert OV, Geotrust OV and Thawte OV certificates:

Google Business
Trade register
Online phone book
Yellow pages online
hoovers.com
kompass.com

CAA Check

Before the Certificate Authority may issue a certificate, a CAA check needs to be done.

The CAA record is a DNS record that provides companies with some extra control over the SSL certificates issued for their domains. A CAA record indicates which CA may issue certificates for your domains. CAs are obligated to check the CAA record per domain. It has been part of the issuance of certificates since September 2017. Companies are not obligated to use the record.

When a CAA record of another CA has been added to the domain, an extra CAA record needs to be added behind the requested certificate. One can also remove all CAA records on the domain.

The CAA record for Networking4all OV and GlobalSign is:
CAA 0 issue "globalsign.com"

The CAA record for Digicert, Geotrust and Thawte is:
CAA 0 issue "digicert.com"

Wildcard certificates need to have 2 CAA records online:

CAA 0 issue wild "globalsign.com"
CAA 0 issue "globalsign.com"
CAA 0 issue wild "digicert.com"
CAA 0 issue "digicert.com"

Issuance

The validation process is checked by a second agent to make sure no mistakes were made. Then, the certificate is issued. The applicant will receive the certificate by email in a zip file at the email address mentioned in the application.

Extended Validation - EV

A certificate with an Extended Validation is the one that provides the maximum level of consumer confidence. It displays your verified company name. All your company’s information is mentioned on a EV certificate. You will receive your EV certificate after the following steps:

Domain verification

Finding proof that the applicant has control over the domain. This can be done in the following ways:

Option 1 - Approver email

This approver email can only be sent to standard domain email addresses such as admin, administrator, webmaster, hostmaster, postmaster@domain.extension It could also be sent to the email address which is mentioned in the Whois. This Whois mail address can only be used when the CA can see the Whois.

E-mail address 1 admin
E-mail address 2 administrator
E-mail address 3 webmaster
E-mail address 4 hostmaster
E-mail address 5 postmaster
Whois E-mail address 1 (when visible)
Whois E-mail address 2 (when visible)

Option 2 - DNS approver

If you don’t have an email address available, or you prefer to validate a TXT record in the DNS, that is no problem. Just ask us for your random value code and give the ready signal. Please do not delete the code until your certificate has been issued.

Option 3 - File approver

When using this option you place a TXT file in a predefined location. This TXT file contains the code which you have obtained by asking us. Afterwards you give the ready signal. Please do not delete the code until your certificate has been issued.

For certificates by Networking4all DV, Digicert, Thawte, Geotrust en RapidSSL create the next location:
http(s)://domain/.well-known/pki-validation/fileauth.txt

For Globalsign, en AlphaSSL use this location:
http(s)://domain/.well-known/pki-validation/gsdv.txt

Verification of the company in the trade register

We check your registration documents to make sure you have an active legal presence in your registered location.

For Networking4all OV and GlobalSign OV certificates we check these sources:

The trade register
hoovers.com
kompass.com

Contact us for sources outside of The Netherlands.

For Digicert OV, Geotrust OV and Thawte OV certificates we check:

Google Business
hoovers.com

Verification phone call with applicant

The CA will call the contact person on the number found in a general source. Valid sources are:

For Networking4all OV and GlobalSign OV certificates:

Trade register
Online phone book
Yellow pages online
hoovers.com
kompass.com

Contact us for sources outside of The Netherlands.

For Digicert OV, Geotrust OV and Thawte OV certificates:

Google Business
Trade register
Online phone book
Yellow pages online
hoovers.com
kompass.com

Globalsign

The contracts for GlobalSign EV certificates are sent by email to the email address of the applicant. You’ll receive the “Subscriber agreement” and the “Request form” which you will need to sign and date. Please do not make any other changes to the document and send the signed documents to vetting-emea@globalsign.com with order@networking4all.com in cc.

Networking4all, Digicert, Geotrust en Thawte

During the verification phone call for Networking4all, Digicert , Geotrust en Thawte EV certificates, you’ll receive an email which contains an approver button to sign the EV contract digitally. For a Digicert EV certificate the applicant will receive a Final Approver email. This message will be sent to the email address of the applicant and contains a link with the applicant’s approval.

CAA Check

Before the Certificate Authority may issue a certificate, a CAA check needs to be done.

The CAA record is a DNS record that provides companies with some extra control over the SSL certificates issued for their domains. A CAA record indicates which CA may issue certificates for your domains. CAs are obligated to check the CAA record per domain. It has been part of the issuance of certificates since September 2017. Companies are not obligated to use the record.

When a CAA record of another CA has been added to the domain, an extra CAA record needs to be added behind the requested certificate. One can also remove all CAA records on the domain.

The CAA record for GlobalSign is:
CAA 0 issue "globalsign.com"

The CAA record for Networking4all EV, Digicert, Geotrust and Thawte is:
CAA 0 issue "digicert.com"

Wildcard certificates need to have 2 CAA records online:

CAA 0 issue wild "globalsign.com"
CAA 0 issue "globalsign.com"
CAA 0 issue wild "digicert.com"
CAA 0 issue "digicert.com"

Issuance

The validation process is checked by a second agent to make sure no mistakes were made. Then, the certificate is issued. The applicant will receive the certificate by email in a zip file at the email address mentioned in the application.

Would you like to know more?
Get in touch today.

{{ notification.title }}

Read in-depth articles

Do you want to know more about online security and our mission to make the internet safer for everyone?

Visit our blog (Dutch)

Download whitepapers

Sign up for our newsletter

Become our partner

Networking4all is ready to make the next entry in our timeline. We would love to include you in the next step as our partner. Do you want to read more about our mission and the possibility of a partnership?

Become a partner