Personal tools

From HEXONET Wiki

Jump to: navigation, search
m (WikiAdmin moved page New SSL API Validation Info to SSL Certificate Validation Info without leaving a redirect)
 
Line 1: Line 1:
 
{{Sidebar}}
 
{{Sidebar}}
<div style="font-size: 150%;">'''New SSL API - Validation info'''</div><br/>
+
<div style="font-size: 150%;">'''SSL Certificate Validation Info'''</div><br/>
 
<p>
 
<p>
  

Latest revision as of 11:54, 3 November 2017

SSL Certificate Validation Info

[edit] Domain validated SSL certificates (DV)

For this type of certificate, only the control over the domain, for which the certificate is supposed to be issued, is validated (Domain Control Validation, DCV). Simply put, the applicant has to prove that it is indeed her domain, and not somebody else's.

Validation method EMAIL
The most common way to do this, is to approve a validation email that the certificate issuer sends to an email address that is connected to the domain. For example, if a certificate for example.com is requested, the issuer may send an email to [email protected]. The email usually contains an approval link that the applicant can click as soon as she receives the email.

Validation method DNSZONE
Another way to prove domain control is to modify the DNS: A certain DNS resource record must be added to the zone information of the domain. For example: abcde01234.example.com. CNAME vwxyz56789.example.com.

Validation method URL
When this method is chosen, domain control must be proven by placing a file with a certain content at the root of the domain. For example: http://example.com/abcde01234.txt having the content vwxyz56789.

[edit] Organization validated SSL certificates (OV)

OV certificates too must undergo Domain Control Validation (DCV) as described above. In addition, the certificate issuer validates the identity of the certificate applicant, requesting documents as required and checking:

  • that the organization name and address are correct
  • that they are coherent with the domain WHOIS data
  • that the phone number is correct (making a call)

[edit] Extended validation SSL certificates (EV)

The validation process for EV certificates is similar to the one performed for OV certificates, but stricter. There may also be additional checks like that signatures match or the bank account is valid.

EV certificates are considered the most trustworthy. When a website proves its authenticity with an EV certificate, many web browsers indicate this in a special way (by showing a green address bar, for example).