FAQs

Here are the steps that you need to do in order to pass OV (Organization Validation) for your S/MIME Class 2 email SSL Certificate:

Open a ticket with us and let us know the following info:

A. Your Company Info:

• Legal Company Name
• Organization Phone Number – This should be a number that can be verified against an online third-party address listing (e.g. Google business). DigiCert will call your verified organization phone number to confirm your organization for your SSL.
• Company Address – Address, City, State, Country, Zip Code

B. Your Company Contact Info:

• First Name
• Last Name
• Email
• Phone Number

C. The Email address, First Name, and Last Name the SSL will be issued for.

Copy Link

You can check if you have a Business Validation SSL Certificate by looking at the attributes of your SSL Certificate. Please open the two screenshots on the right in order to see where you can find the information about the validation type of your SSL Certificate.

Different SSL Certificate brands have different Business Validation procedures. Please read the section that applies to your SSL Certificate brand below.

DigiCert (including Thawte & GeoTrust)

If you bought a Business Validation SSL Certificate with Thawte, GeoTrust, DigiCert, then the certificate authority will work on validating the legal existence of your organization via local public databases, as a part of the Business Validation process. This may take between 1-3 working days. Please wait until one of the certificate authority representatives contacts you about any additional information that they may need you to provide them.

If you do not hear from the Certificate Authority representatives in the next 5-7 days, then please call +1 (877) 438-8776 to check the status of your SSL Certificate with the Certificate Authority. Please note that Thawte, GeoTrust, DigiCert are all owned by DigiCert, and they all have the same phone number provided above.  When you talk to them, you will need to provide the “Partner Order ID”, which you can find on the details page of your SSL Certificate inside your SSL Dragon account. See the screenshot on the right.

Sectigo/GoGetSSL

Please send the necessary forms described below to Sectigo by opening a ticket with Sectigo Validation Center at https://sectigo.com/support. Click on “Submit a ticket”, select Validation Department, and submit your request. Please mention your “Partner Order ID” in your message.

You can find your “Partner Order ID” on the details page of your SSL Certificate inside your SSL Dragon account. See the screenshot on the right.

I. New Orders

STEP 1: Business Validation
To pass Business validation, you may have to provide an official registration document, such as Business License, Article of Incorporation, and or Registration application.
Here are the BV options:

A. No paperwork. Your company’s legal existence will be checked via public government database using your company name and your unique Registration/Identification number OR via verified public 3rd party databases, such as GLEIF, Duns & Bradstreet, Hoovers, Companies House GOV.UK.

B. Paperwork. Your company will be verified using:

• an official registration document, such as Articles of Incorporation, Government Issued Business License, or
• a copy of a recent: company bank statement, company phone bill, or major company utility bill  (i.e. power bill, water bill, etc.).

STEP 2: Callback process
The last step is a callback process called Phone Validation. Sectigo will call you and asks to confirm your name and order to validate the official company’s phone number.
Below are the 4 callback options. You don’t have to do all four things from below. Doing just one of them will be enough.

– Sample Accountant Letter
– Sample Legal Opinion Letter

II. Renewal/Reissue Orders
For reissues and renewal order, instead of Step 1 and 2, you must contact Sectigo Validation Center at https://sectigo.com/support. Click on “Submit a ticket”, or choose Live Chat, select Validation Department and submit the following request (please replace [] fields with the corresponding info):

Reason for the ticket: Validation
Order number: [Your Partner Order ID]
Subject: Business Validation 

Dear Sectigo!
Please validate order [Partner Order ID] using the company name [Your Company Name], with [Registration/ID number] and [DUNS number].

Sectigo will then contact you for Step 2 or any necessary updates to the Step 1.

Copy Link

Here are the steps that you need to do in order to reissue your Sectigo CPAC Certificate:

1) Login at https://secure.trust-provider.com/products/frontpage?area=ssl using the username and password that you used when you configured your Sectigo CPAC initially;
2) Once you are logged in, find the “Replace” button and click on it;
3) You will start the reissue process for your Sectigo CPAC SSL.
4) Follow the steps and instructions that come next, until you complete the Sectigo CPAC Certificate reissue.

Copy Link

If your router has a public IP address, you can still validate that IP address.

HTTP/HTTPS validation is the only method available for IP address validation. The HTTP/HTTPS validation method consists of adding a TXT file on your IP address and having Sectigo scan that IP address and validate it. There is no way to upload a TXT file on your router. The solution to get the IP address validated is to reroute the IP address to a server, put the TXT file on that server, pass the IP validation, and then reroute the IP addresses back to the router.

You can read more information on what the TXT file should include and where to upload it in the following FAQ item: https://www.ssldragon.com/faq/pass-validation-public-ip-address-ssl-certificate/

Copy Link

This article will help you determine which multi-domain SSL Certificate you should get. We have categorized the multi-domain SSL Certificates in 4 groups, and we would recommend you to read about each group and then choose a multi-domain SSL Certificate from the group that meets your preferences best:

1. Domain validated multi-domain certificates. There are two certificates in this category: PositiveSSL Multi-Domain and SSL UCC DV. These certificates will secure your websites by making it open from a permanent HTTPS link, will display a padlock icon next to the URL bar, and will make your website show as “Secure” in all web and mobile browsers. These multi-domain certificates are the quickest and easiest to get, so as you only have to prove the domain ownership.
2. Business validated multi-domain certificates & Extended validated multi-domain certificates. You need to have a registered company to be eligible for a business validated SSL Certificate. Besides the HTTPS link and the padlock icon near your website’s URL, the people who visit your website will be able to see your company name when they search whom the SSL Certificate was issued to, and they will also see your company name and address when they roll over or click on the dynamic site seal which comes with your SSL Certificate and which you can add to your website. This type of certificate is issued within 1-7 days.
3. Multi-domain Wildcard certificates. These certificates allow you to secure one main domain and multiple wildcard domains using one single SSL Certificate. You can get a PositiveSSL Multi-Domain Wildcard SSL if you want a domain validated SSL, or a Multi-Domain Wildcard SSL if you prefer a business validated certificate. You can learn more about how multi-domain wildcard certificates work at this link.

Copy Link

You have to pass the Business Validation when you buy a new or reissue/renew a BV SSL Certificate.

At the same time, the process of completing the Business Validation is easier the following years, so as the Certificate Authority has more information about your company in their system, based on your previous BV SSL Certificates requests.
Please check the Renew/Reissue BV instructions.

Copy Link

When requesting an SSL Certificate you have to prove that you own or you have management rights over the domain or sub-domain that you are requesting an SSL Certificate for.

Important! As of June 16, 2021, Sectigo no longer accepts WHOIS-based email addresses for Domain Control Validation (DCV).

STEP 1: Domain Validation (DV)

A. EMAIL

If you have an SSL Certificate issued by Sectigo, GoGetSSL, GeoTrust, Thawte, DigiCert, and RapidSSL, then you can complete the domain validation is by responding to an automated domain validation message sent to your email address. You will be given a list of emails to choose from, and the automated domain validation message will be sent to the email address that you choose.

Always check your email address (including your Spam folder) so as you should receive an email message from the Certificate Authority with instructions on how to validate (prove the ownership of) your domain name. The email message will ask you to copy a unique code and paste it on a specific link provided in the same email message.

Important: Only 5 e-mail addresses are allowed for domain validation: admin@, administrator@, hostmaster@, webmaster@, and postmaster@.
In some cases, the Certificate Authority may allow your administrative e-mail from WHOIS, too, but ONLY IF the Private registration is disabled.

B. HTTP / HTTPS method

This method is Not Available for Wildcard SSL Certificates

The HTTP validation consists of uploading a TXT validation file to a pre-defined location on your website. You have to make sure that you can access this file and link from any web browser. Once you proceed with this domain validation method, the CA will run a scan of your website and will look particularly for this file at the given link. Your SSL Certificate will pass the domain validation within a few minutes after the CA’s crawler system finds the TXT file on your website.

The HTTPS validation method is the same validation method as described above. You should choose the HTTPS option if you already have an SSL Certificate installed on your website.

C. DNS method

You can also add a pre-defined domain record to your domain registrar (the website where you registered your domain name). Make sure that your firewall doesn’t block the CA’s validation robot.

Sectigo and GoGetSSL require CNAME DNS type, which looks like:

_b2013ea8353c9760c0221c49dc3e8ca7.yourwebsite.com CNAME
165b83449f4fdf83021de4e6f6ee795a.4ae75dbefe3r7bb8a1878616d8b5ae4.5r4r46855d28f6903.comodoca.com

while DigiCert (Thawte, GeoTrust, RapidSSL) require TXT DNS type, which looks like:

yourwebsite.com TXT “w34f54t4t45t354eer98rn4jf4449nfrf”

or

dnsauth.yourwebsite.com TXT “w34f54t4t45t354eer98rn4jf4449nfrf”

Please note that newly added DNS records take between 10-48 minutes to propagate. This means that you will have to wait up to 48 hours to pass the domain validation if you go with this method. That is why we recommend the Email, HTTP, and HTTPS methods better because they would allow you to pass the domain validation instantly.

STEP 2: CAA Check

As of 8th September 2017, all Certificate Authorities (CAs) are obliged to respect your CAA policy, as a security measure.

The CAA record should allow the CA to issue the SSL for your domain name, otherwise, the order would be set as Pending until you update the record.

By default, if no CAA record found, any CA may issue SSL for your domain name. Otherwise, you should update your CAA record.

Here is how to do it:
– https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA01N000000zFMO
– https://docs.digicert.com/manage-certificates/dns-caa-resource-record-check/

Here is how to test the record:
– https://toolbox.googleapps.com/apps/dig/#CAA/
– https://caatest.co.uk/scan.org.ua

Optional (Rare) – Brand Validation (Manual Check)

In some cases, the CAs may require manual verification if your order fails any internal rules of Brand Validation.

It takes around 24-48 hours to pass this manual check, and the CA will either issue or reject an order in such cases.

Here are the reasons why your order is under Brand Validation.

How to change the domain validation method?

If you chose one of these domain validation methods described above, and you see that your domain doesn’t get validated, then you can always change your domain validation method. Please go to this link to learn how to do that.

Copy Link

You have to pass the Extended Validation when you buy a new or reissue/renew an EV SSL Certificate.

At the same time, the process of completing the Extended Validation is easier the following years, so as the Certificate Authority has more information about your company in their system, based on your previous EV SSL Certificates requests.
Please check the Renew/Reissue EV instructions.

Copy Link

You can check if you have an Organization Validation SSL Certificate by looking at the attributes of your SSL Certificate. Business Validation equals to Organization Validation. This being said, wherever you see “Business Validation” it also means “Organization Validation”. Please open the two screenshots on the right in order to see where you can find the information about the validation type of your SSL Certificate.

Different SSL Certificate brands have different Organization Validation procedures. Please read the section that applies to your SSL Certificate brand below.

DigiCert (including Thawte & GeoTrust)

If you bought an Organization Validation SSL Certificate with Thawte, GeoTrust, DigiCert, then the certificate authority will work on validating the legal existence of your organization via local public databases, as a part of the Organization Validation process. This may take between 1-3 working days. Please wait until one of the certificate authority representatives contacts you about any additional information that they may need you to provide them.

If you do not hear from the Certificate Authority representatives in the next 5-7 days, then please call +1 (877) 438-8776 to check the status of your SSL Certificate with the Certificate Authority. Please note that Thawte, GeoTrust, DigiCert are all owned by DigiCert, and they all have the same phone number provided above.  When you talk to them, you will need to provide the “Partner Order ID”, which you can find on the details page of your SSL Certificate inside your SSL Dragon account. See the screenshot on the right.

Sectigo/GoGetSSL

Please send the necessary forms described below to Sectigo by opening a ticket with Sectigo Validation Center at https://sectigo.com/support. Click on “Submit a ticket”, select Validation Department, and submit your request. Please mention your “Partner Order ID” in your message.

You can find your “Partner Order ID” on the details page of your SSL Certificate inside your SSL Dragon account. See the screenshot on the right.

I. New Orders

STEP 1: Organization Validation
To pass Organization validation, you may have to provide an official registration document, such as Business License, Article of Incorporation, and or Registration application.
Here are the BV options:

A. No paperwork. Your company’s legal existence will be checked via public government database using your company name and your unique Registration/Identification number OR via verified public 3rd party databases, such as GLEIF, Duns & Bradstreet, Hoovers, Companies House GOV.UK.

B. Paperwork. Your company will be verified using:

• an official registration document, such as Articles of Incorporation, Government Issued Business License, or
• a copy of a recent: company bank statement, company phone bill, or major company utility bill  (i.e. power bill, water bill, etc.).

STEP 2: Callback process
The last step is a callback process called Phone Validation. Sectigo will call you and asks to confirm your name and order to validate the official company’s phone number.
Below are the 4 callback options. You don’t have to do all four things from below. Doing just one of them will be enough.

– Sample Accountant Letter
– Sample Legal Opinion Letter

II. Renewal/Reissue Orders
For reissues and renewal order, instead of Step 1 and 2, you must contact Sectigo Validation Center at https://sectigo.com/support. Click on “Submit a ticket”, or choose Live Chat, select Validation Department and submit the following request (please replace [] fields with the corresponding info):

Reason for the ticket: Validation
Order number: [Your Partner Order ID]
Subject: Organization Validation 

Dear Sectigo!
Please validate order [Partner Order ID] using the company name [Your Company Name], with [Registration/ID number] and [DUNS number].

Sectigo will then contact you for Step 2 or any necessary updates to the Step 1.

Copy Link

Certain SSL Certificates allow you to secure an IP address, only if it is a public IP address. The validation process for IP addresses is similar to validating a domain name, but it has its particularities. That is why we encourage you to follow the guidelines below.

GoGetSSL

STEP 1. First of all, you have to configure your SSL Certificate by filling in the configuration form inside your SSL Dragon account.

Important! When configuring your certificate, you will be asked to generate a CSR with NO Common Name. Here is how to do it.

STEP 2. Mention your IP address / IP addresses in the SANs field.

If you have just 1 IP address, just insert it in the SANs field, with no extra spaces or characters, e.g.:

123.34.34.234

If you have 2 or more IP addresses (if you purchased additional SANs), insert your IP address list in the SANs field, with each IP address space-separated, e.g.:

123.34.34.234
124.34.24.234

Important! This step is mandatory. Since the CSR has no IP address included in its fields, it’s important to mention your IP address / IP addresses in the SANs field. Otherwise, if you leave the SANs field blank, the SSL Certificate won’t be further configured and you’ll see an error message.

NOTE: if you need to secure an IP address and a domain name, GoGetSSL PublicIP SAN allows you to do that, but it needs manual configuration. Please open a ticket with us, send us the CSR (with No Common Name), the IP address, and the domain name. We’ll configure the SSL manually and provide you the instructions for further validation.

STEP 3. Once your certificate is configured, you have to prove the ownership or right to use that IP address. To do that, you have to pass the HTTP/HTTPS validation for your SSL Certificate. Email or DNS validation are not available for IP validation. To pass the HTTP/HTTPS validation, you have to create a .TXT file that contains the validation code provided on the “Content” field on the details page of your SSL Certificate page. The “Content” that you have to add to the .TXT file looks similar to this:

38622319C755B5952FA4CD590655F05000C4951C2EF07BFFCB2BBA23623BE9D6
COMODOCA.COM
t0520161001553133275

Then you have to upload the TXT file at a location on your server that looks like this:
http://127.0.0.1/.well-known/pki-validation/B34037F1D9BFE9F5936AFEA9798174AB.txt

127.0.0.1 should be replaced by the IP address that you are trying to validate. You can read the information on how to create the .well-known folder at this link: https://www.ssldragon.com/faq/create-well-known-folder/

Make sure that you can access this file and link from any web browser. Inform us when you uploaded the attached TXT file on your server so that we could run a scan of your website and look particularly for this file at this given link.

If you follow these steps exactly, you will get your IP address validated successfully.

NOTE: If you have a router to secure instead of a server, there is no way to upload the TXT file on your router. The solution to getting the IP addresses validated is to reroute the IP address to a server, put the TXT file on that server, pass the IP validation, and then reroute the IP address back to the router.

Sectigo

STEP 1. First of all, you have to configure your SSL Certificate by filling in the configuration form inside your SSL Dragon account. When configuring your certificate, you will be asked to generate a CSR or enter an existing CSR.

Please make sure you include your IP address as a “common name” (domain/IP that you want to secure) in your CSR.

STEP 2. Once your certificate is configured, you have to prove the ownership or right to use that IP address. To do that, you have to pass the HTTP/HTTPS validation for your SSL Certificate. Email or DNS validation are not available for IP validation. To pass the HTTP/HTTPS validation, you have to create a .TXT file that contains the validation code provided on the “Content” field on the details page of your SSL Certificate page. The “Content” that you have to add to the .TXT file looks similar to this:

38622319C755B5952FA4CD590655F05000C4951C2EF07BFFCB2BBA23623BE9D6
COMODOCA.COM
t0520161001553133275

Then you have to upload the TXT file at a location on your server that looks like this:
http://127.0.0.1/.well-known/pki-validation/B34037F1D9BFE9F5936AFEA9798174AB.txt

127.0.0.1 should be replaced by the IP address that you are trying to validate. You can read the information on how to create the .well-known folder at this link: https://www.ssldragon.com/faq/create-well-known-folder/

Make sure that you can access this file and link from any web browser. Inform us when you uploaded the attached TXT file on your server so that we could run a scan of your website and look particularly for this file at this given link.

If you follow these steps exactly, you will get your IP address validated successfully.

NOTE: If you have a router to secure instead of a server, there is no way to upload the TXT file on your router. The solution to getting the IP addresses validated is to reroute the IP address to a server, put the TXT file on that server, pass the IP validation, and then reroute the IP address back to the router.

STEP 3. The last step towards getting the SSL Certificate for your IP address is to pass the Business Validation. You can find detailed instructions on how to do that at this link: https://www.ssldragon.com/faq/how-to-pass-the-business-validation-for-my-ssl-certificate/

Copy Link