TLS certificate organization validation process
For OV and EV certificate orders, industry standards require DigiCert to validate the organization included in your certificate request before issuing the certificate. These checks verify the organization's legal existence, confirm the organization is trustworthy, and confirm your authority to order OV or EV TLS certificates.
How DigiCert validates your organization
Although we can't go into specifics about what goes on behind the scenes in our organization validation process, here are a few key things to help you understand what to expect after you place an order.
DigiCert checks corporate registries, including local government registration records, Dun & Bradstreet, and Google Maps, to verify the organization's existence and status. DigiCert also checks for a history of fraud or phishing, anti-terrorism databases, and government-restricted entity lists.
Specifically, DigiCert verifies the following:
Organization type — the type of entity being issued to, such as a business, bank, university, or non-profit
Organization type Organization status Legal address Blocklists Fraud and phishing lists Request authenticity
Organization status — whether the organization is active and in good standing
Legal address — the physical, legal address of the organization
Blocklists — whether the organization appears on any "do not issue" lists for organizations or for the country where the organization is located
Fraud and phishing lists — whether the organization appears on any known bad actor lists
Request authenticity — whether the certificate requestor has authority to order a certificate for the organization. See How DigiCert confirms your authority
Most of this verification work is completed by DigiCert. A DigiCert validation agent may contact you to provide a document confirming the organization is legally and lawfully formed. For more information about providing "acceptable" documents, see SSL Certificate Validation Process.
How DigiCert confirms your authority
DigiCert locates a verified, publicly listed organization phone number from a third-party or independent source. DigiCert calls this number to speak with someone who represents the organization and can confirm the authority to order certificates.
참고
As a best practice, add your name to your company's directory and to your voicemail response. This helps DigiCert's validation agent identify who to ask for when calling.
What you can do to help
After submitting your organization for validation, prepare your team:
Answer the DigiCert phone call (preferred method)* — inform the organization contact, technical contact, and company receptionist that you have submitted the organization for validation. Let them know
DigiCert calls a publicly listed number within 24 hours and needs to ask a few questions about you and your role in the organization. This is the preferred method.
Respond to the verification message — if DigiCert cannot reach anyone directly, a validation agent leaves a message with a call-back number and a verification code. The organization contact, technical contact, or receptionist must respond to that message and provide the verification code.
Make sure you, the receptionist, the organization contact, or the technical contact responds to the message and provides us with the verification code.
Schedule a callback — if DigiCert cannot reach anyone and leaves a message, you may also receive an email to schedule a callback time.
DigiCert cannot issue your certificate until we confirm your authority.
What's next
Submit an organization for validation to submit the organization and add verified contacts before ordering