The Domain Authentication requirement for an Extended Validation SSL Certificate is a fairly straightforward one. The Certificate Authority simply confirms that your company does indeed legally own the domain that was submitted with the order.
Completing Domain Authentication
The first way that the Certificate Authority will try to verify that your company owns the domain in question is to check the domain’s WHOIS registration details. The CA can send an email to an address listed on a public WHOIS record.
In order for the CA to verify site ownership via WHOIS, the WHOIS record must be publicly available. Due to international privacy laws, some domain registrars cannot publish domain ownership information on WHOIS. Depending on your domain registrar, the WHOIS email method may not be available to complete Domain Authentication for your SSL order.
Alternative Methods for Satisfying the Domain Authentication Requirement
If checking WHOIS doesn’t help verify domain ownership, there are still other ways for your company to satisfy the requirement.
- Pre-approved Alias Email – If WHOIS cannot be used, you can still satisfy the Domain Authentication requirement by having an email sent to one of five pre-approved alias emails:
- Admin@YourDomainName.com
- Administrator@YourDomainName.com
- Webmaster@YourDomainName.com
- Hostmaster@YourDomainName.com
- Postmaster@YourDomainName.com
- File-Based Authentication – For this method the CA will provide a text file, which you (or your web admin) then upload to the root directory of your company’s website on a specific URL directory. The CA will then verify the file is in the correct place on your website, and the Domain Authentication requirement will officially be satisfied.
- DNS – Similar to the file-based authentication method, the CA will provide instructions for creating a special DNS record (TXT or CNAME, depending on the SSL provider) to confirm domain ownership.