Skip to main content

Organization Validation (OV)

Important

As of February 24, 2026, the domain validation reuse period is limited to 199 days. Learn more about Domain validation requirements and reuse periods.

DigiCert confirms domain control and verifies the legal existence of the organization named in the certificate. OV certificates include verified organization identity and are appropriate for business websites and services.CertCentral supports three validation levels for public TLS/SSL certificates:

  • Requires: Domain control validation and organization validation

  • Organization identity: Included and verified

  • Prevalidation: Supported. Domain validation can be validated before ordering

  • Domain validation reuse: Within the allowed reuse period

  • OV organization validation reuse: Within the allowed reuse period

Certificate types that require organization validation

The following certificate types require an organization to be included in the request and validated before issuance:

  • OV TLS/SSL certificates

  • EV TLS/SSL certificates

  • Code signing certificates

  • EV code signing certificates

  • Verified Mark Certificates (VMC)

  • Document signing certificates

  • Secure email (S/MIME) certificates

What DigiCert verifies

To validate your organization, DigiCert checks corporate registries — including local government registration records, Dun & Bradstreet, and Google Maps — to verify the organization's existence and status. DigiCert also confirms the organization does not appear in fraud, phishing, government-restricted entity, or anti-terrorism databases. Additionally, DigiCert verifies that the organization requesting the certificate is the organization to which the certificate is issued, and verifies the organization's contacts.

Specifically, DigiCert verifies the following:

  • Organization type — the type of entity, such as a business, bank, university, or non-profit

  • Organization status — whether the organization is active and in good standing

  • Legal address — the physical, legal address of the organization

  • Blocklists — whether the organization appears on any "do not issue" lists for organizations or the country where the organization is located

  • Fraud and phishing lists — whether the organization appears on any known bad actor lists

  • Request authenticity — whether the certificate requestor has authority to order a certificate for the organization

Most of this verification work is completed by DigiCert. A DigiCert validation agent may contact you to provide a document confirming the organization is legally and lawfully formed.

How DigiCert confirms your authority

DigiCert locates a verified, publicly listed organization phone number from a third-party or independent source and calls to speak with someone who represents the organization.

Notice

As a best practice, add your name to your company's directory and to your voicemail response. This helps DigiCert's validation agent identify who to ask for when calling.

After submitting your organization for validation, inform your organization contact, technical contact, and company receptionist that DigiCert will call a verified, publicly listed phone number within 24 hours. They should be ready to confirm a few details about you and your role in the organization. DigiCert cannot issue your certificate until this authority is confirmed.

If DigiCert cannot reach anyone directly, a validation agent leaves a message with a call-back number and a verification code. The organization contact, technical contact, or receptionist must respond with that verification code. You may also receive an email to schedule a callback time.

What's next

Review the pre-onboarding checklist to confirm domain and organization readiness before beginning account setup

In diesem Abschnitt: