EV Validation Process Overview

Maximum website encryption protection. The new EV Certificates take a greater amount of validation in order for a certificate to be issued. We have to validate legal existence by checking government records, such as secretary of state (SOS).

Then, we have to check physical existence, such as using Dun & Bradstreet (however, not all are in DnB). When this occurs, there are a couple of options we can request including a legal opinion letter, a certified public accountant (CPA) opinion letter or a site visit can be performed.

So, depending on what needs to be processed for validation determines how long this section takes. We then have to get the business phone number from a 3rd party source (i.e. directory services) to verify the phone number of the company, then call the phone number to make sure that it is indeed the phone number of the company.

We then move on to operational existence. We can validate operational existence if the SOS records show that the business has been in operation for over three years or the business is found in both SOS records and a third party qualified independent information source such as Dun & Bradstreet.

If neither of those can be done, then we can validate operation existence by legal opinion letter, certified accountant letter or a letter from the bank stating that the business has an active demand deposit account.

Once all of this is complete, then we move on to domain validation. Domain validation is done several ways, the easiest would be to check the WHOIS search and ensure that the company, city and state match.

If the information does not match, we can ask for the customer to update their WHOIS information. If neither of those can be done, we can get legal opinion, CPA opinion or Exclusive right to use. This means that we contacted the owner of the domain listed in the WHOIS and obtain confirmation that the applicant does have the right to use the domain name in question.

In addition to the exclusive right to use, we will require an agreed upon change to the website (domain validation page).

There will be a certificate request that is created (not a CSR). The certificate request and a subscriber agreement will be sent to the applicant for signature. Once we receive that, we have to call the applicant to verify that the person who signed the forms has permission to do so.

Once it passes all of this initial validation, it has to go through approval by another validator that must review and approve all the provided information.

This can be a very lengthy process, approximately 12 to 14 business days (in some cases, even longer) for validation. Once the certificate has passed final approval, a CSR scan be requested so that the certificate can be issued.

Add Feedback