Unlike DV SSL certificate applications that only require domain ownership verification, applying for an OV SSL certificate or an EV SSL certificate involves not only domain verification but also validation of the organization's information. This article provides a complete guide to the application and validation process for OV and EV SSL certificates.

Which type of certificate is most suitable for your organization?

-OV SSL certificate: If your website involves the transmission of user information or other important data, it is recommended to apply for an OV SSL certificate. This type of certificate is commonly used by small and medium-sized enterprises, social organizations, groups, and public institutions.

-EV SSL certificate: This certificate provides the highest level of security among SSL certificates and is suitable for industries such as finance, insurance, e-commerce, or any industry involving online payments. 

Preparations before applying for an OV and EV SSL certificate

Gather Required Documentation: You will need to collect and prepare specific documentation related to your organization. This may include business registration certificates, articles of incorporation, proof of domain ownership, and other relevant legal documents.

Validate Organization Information: As part of the application process, your organization's information will undergo validation. Ensure that the information provided is accurate, up-to-date, and matches the documentation you have gathered.

Verify Domain Ownership: For both OV and EV SSL certificates, domain ownership verification is necessary. Make sure you have access to the domain registrar or hosting account to complete the verification process.

Check Technical Requirements: Review the technical requirements for SSL certificate installation on your web server. Ensure that your server meets the necessary criteria and that you have the required technical knowledge or assistance to install and configure the SSL certificate correctly.

Application process for OV and EV SSL certificates

Applying for an OV SSL certificate or an EV SSL certificate involves domain ownership validation and organization. Here’s how you apply for one on NicSRS.
 
Please register and login your account on NicSRS console, and click on “SSL certificate”. If you have completed payment, you should be able to see your orders here. Click on “Submit” and continue, as shown below.

Now you will be directed to Apply for certificate page, as shown below. 

In the order listed from top to bottom, please provide the necessary certificate application information:

1. Fill in the domain name and select a verification method.
2. Provide personal contact information based on actual circumstances. You can click on “Default” button so that you don’t have to enter some information that may not be necessary, for example, the postal code.

All the above information must be completed. Once the form is filled out, click on "One-click generate CSR” button and remember to save the Key file (it will be needed during the certificate installation).

After confirming that all the information is accurate, click on "Submit" button to begin the certificate application process.

After successful submission, you can view domain verification details by refreshing the page and performing verification. There are generally three methods for domain verification: Email Verification, DNS Verification, and File Verification.

For email verification, select the domain administrator's email for validation, as other types of email addresses are not supported.
DNS verification can be done by adding a CNAME record or a TXT record.
Lastly, for file verification, you need to place the verification content in the ".well-known\pki-validation\" directory located in the website's root directory.

If you choose “DNS Verification” or “File Verification”, the verification details can be accessed directly on the certificate application page.

Validation process for OV and EV SSL certificates

After submitting your certificate application, CA will verify the legitimacy of your organization before issuing the certificate. 

Organization validation 

To ensure a smooth process, please carefully review all the information registered with your state or country and ensure it is up to date and matches information provided during checkout and in your user dashboard. CA will confirm that your organization is registered and active at the provided location.

Telephone validation

To obtain an OV certificate, you must possess a registered active telephone listing that can be verified through an online phone directory. It is crucial that your listing matches the exact business name and physical address that have been provided and verified.

Domain validation

In this step, CA will verify that the domain registered for the certificate actually belongs to your organization. To do this, CA will initially search the internet database WHOIS, which contains domain registration information.

Final verification call

The final step of verification is simple. CA will call the telephone number associated with your organization to verify ownership and order. This is a short call and all you need to do is ensure you or a designated site admin are available and pick up the phone.

The audit time for EV certificates is slightly longer than OV certificates, and some brands may perform a secondary audit internally (without requiring any additional action from the customer), such as Sectigo. 

OV and EV SSL certificates are a reliable way to enhance the security and trustworthiness of your website. By undergoing meticulous validation processes, CA ensures that only legitimate and trustworthy organizations obtain SSL certificates. Using SSL certificates to stay one step ahead in safeguarding your online presence and building customer trust in an increasingly digital world.

Note: The application process may vary slightly depending on the SSL certificate provider.