For OV and EV certificate orders, industry standards require DigiCert to validate the organization included in your certificate request before we can issue your certificate.
These checks are used to make sure you are who you say you are, to verify the legal existence of the organization, and to see if an organization is trustworthy enough for an OV or EV TLS certificate.
To complete your organization's validation, DigiCert must:
Although we can't go into specifics about what goes on behind the scenes in our organization validation process, here are a few key things to help you understand what to expect after you place an order.
To verify your organization's existence, status, etc., we check corporate registries, such as local government registration records, Dun & Bradstreet and Google Maps, along with fraud, phishing, government restricted entities, and anti-terrorism databases.
Additionally, we must verify the organization requesting the certificate is, in fact, the organization that gets the certificate.
Here are some of things we check:
Most of the organization verification work is done on our end, we generally ask for very little help from you. However, a DigiCert validation agent may reach out to you for an "acceptable" document to help us confirm your organization is a legally and lawfully formed organization. For more information about providing "acceptable" documents, see SSL Certificate Validation Process.
To confirm your authority to order a certificate for the organization, we must first find a verified, publicly listed organization phone number, and not just any phone number will do. The organization's phone number must be from a 3rd party or independent listing.
Next, we use the verified phone number to speak with someone who represents the organization, such as an organization or technical contact, to verify your authority to request a certificate for the organization. We can also speak to you, the certificate requestor, if another representative is unavailable.
To help us confirm who we are looking for, we recommend listing your name in your company's directory and adding your name to your voicemail response.
Answer our phone call to confirm your authority (preferred method)*
After you submit your certificate order, make sure that the organization contact, technical contact, and your company's receptionist are aware that you’ve ordered a certificate and any one of them can answer our call.
Let them know the following:
We cannot issue your certificate until we confirm your authority.
Respond to the organization consent message
If the DigiCert validation agent can’t reach you directly or someone who represents you at the verified, publicly listed organization phone number, we'll leave a message that includes a call back phone number and a verification code.
Make sure you, the receptionist, organization contact, or technical contact responds to the message and provides us with the verification code.
Schedule a time for the call
If the DigiCert validation agent can’t reach someone who represents you at the verified, publicly listed organization phone number, you may also get an email to schedule a time for us to call back to complete the verification.
Use this link to schedule a time when the representative will be available to answer the call: https://digicert.simplybook.me/v2/#book. Appointments display in your local time. You don’t need to convert the time.