Obtaining an OV SSL (Organization Validated SSL) certificate involves a more rigorous validation process than a DV (Domain Validated) SSL certificate. The process verifies the identity and legitimacy of the organization requesting the certificate. Here are the requirements for obtaining an OV SSL certificate:
- Domain ownership: The organization must own the domain name associated with the SSL certificate.
- Business registration: The organization must be a registered business, with a valid business license or registration documents. The registration must be verifiable through public records.
- Physical address: The organization must have a physical address that can be verified through a trusted third-party source, such as a government agency.
- Telephone verification: The organization must have a public working telephone number that can be verified by the SSL certificate issuer. This is typically done by a phone call to the organization’s listed phone number.
This telephone number needs to be freely available in public registries (i.e. Yellow Pages).
- Legal existence: The organization must be a legal entity, such as a corporation, partnership, or sole proprietorship.
- Operational existence: The organization must be actively conducting business, with a website and email address associated with the domain name.
- Identity verification: The SSL certificate issuer may request additional documentation to verify the identity of the organization’s representative, such as a government-issued ID or passport (note: personal data of the organization’s representative will NOT be included in the certificate, but will be registered only in the archives of the Certification Authority that issues the certificate).
Once the SSL certificate issuer has completed the validation process and verified that the organization meets all the requirements, the OV SSL certificate will be issued.
The certificate includes information about the organization, such as the name, address, and other details that help visitors verify the legitimacy of the website. This added level of assurance can help increase trust and confidence in the organization and its website.