The Domain Authentication requirement for an Extended Validation SSL Certificate is a fairly straightforward one. The Certificate Authority simply confirms that your company does indeed legally own the domain that was submitted with the order.
Completing Domain Authentication
The first way that the Certificate Authority will try to verify that your company owns the domain in question is to check Who.is. Who.is, is a database that displays domain registrar information.
In order for the CA to verify site ownership, the record must be publicly available and it must display the correct information. For instance, the verified business name and physical address must match the information listed on the certificate and Enrollment Form.
If the information does not match up, or is not publically available, you may need to update the Who.is record, then request that that CA check the details again.
Alternative Methods for Satisfying the Domain Authentication Requirement
If checking Who.is doesn’t verify domain ownership, there are still other ways for your company to satisfy the requirement.
- Domain Confirmation Email – If you can’t update your Who.is registry, you can still satisfy the Domain Authentication requirement by having an email sent to the listed address on the Who.is entry for your domain. Alternatively, you can also have the email sent to one of five pre-approved alias emails (Admin@YourDomainName.com, Administrator@YourDomainName.com, Webmaster@YourDomainName.com, Hostmaster@YourDomainName.com and Postmaster@YourDomainName.com).
- File-Based Authentication – For this method the CA (Comodo only) will send you a text file, which you (or your web admin) then upload to the root directory of your company’s website. The CA will then verify this and the Domain Authentication requirement will officially be satisfied.
- POL – As with most other requirements, a Legal Opinion Letter (also known as a Professional Opinion Letter or POL) will satisfy this requirement. You need only get an attorney or an accountant to sign one for you and the CA will accept it as proof of domain ownership.