Certificates with company validation (OV)

An Organization Validated (OV) certificate offers a higher level of security compared to a domain-validated certificate. In addition to the padlock symbol in the browser’s address bar, the certificate also contains information about the website operator. This assures users that the site is run by a legally registered company.

Issuance Time: Approximately 3–4 days

Verification Criteria

Before an OV certificate can be issued, the Certificate Authority (CA) verifies the following:

• The applicant has legitimate ownership of the domain.
• The company is officially registered and listed in a commercial or equivalent registry.
• The applicant is authorized to request the certificate on behalf of the company.

Validation Process

1. Domain Ownership Verification
   The CA checks whether the applicant controls the specified domain using one of the following authentication methods: email verification, DNS entry, or file-based authentication.

2. Company Registration Verification
   After confirming domain ownership, the CA verifies the company’s registration details through an official commercial register or an equivalent source.

   • The company’s registered details must be up to date.
   • The business name in the certificate request must match the official registry entry exactly. Variations or abbreviations can cause delays.
   • If there is a discrepancy between the registry entry and the certificate request, the CA may request additional documents, such as a business license.

3. Telephone Verification
   Lastly, the CA performs a phone verification using a company telephone number listed in an official public directory.

   • Since public directories typically list the company’s main office number, the reception desk should be informed in advance about the expected call.
   • Calls are usually conducted in English during business hours.
   • If the CA cannot reach the designated contact person (Corporate Contact), an email with further instructions will be sent.
   • In some cases, a voicemail with a security code may be left. The contact person must use this code to confirm the call and complete the verification.

   Note: To ensure a smooth verification process, make sure the company’s phone number is correctly listed in public directories. If discrepancies exist, the CA may require a copy of the company’s phone bill for confirmation.

Scheduling a Verification Call

If needed, the verification call can be scheduled directly with DigiCert. Important: The company validation must be completed before booking a call.

To book an appointment:

1. Visit DigiCert’s booking page.
2. Select a suitable time slot.
3. Register with your name and the email address used for the certificate request.
4. If possible, include the Order ID, which can be found in the SSL Manager or in the confirmation email from the CA.