Before a Certificate Authority (CA) issues an SSL certificate, it confirms that the requester has the right to use the domain or organization name on the certificate. The CA performs this check using one of three validation methods: Domain Validation (DV), Organization Validation (OV), or Extended Validation (EV). This article describes each method, what the CA verifies, and how long issuance typically takes.
How validation works
Every public SSL certificate is issued only after the CA completes a validation check. The depth of that check determines both how long issuance takes and how much trust the certificate signals to visitors. Higher trust levels require more thorough verification of the requester and the organization.
Domain Validation (DV)
Domain-validated certificates confirm that the requester controls the domain on the certificate. The CA sends an email to an approved address on the domain (or uses an alternative method such as DNS or HTTP file validation), and the requester confirms the request.
- What is verified: control of the domain.
- Typical issuance time: minutes, in most cases.
- Best for: personal sites, blogs, and any site that needs encryption without displaying organization details.
Organization Validation (OV)
Organization-validated certificates confirm both control of the domain and the legitimacy of the organization behind it. The CA checks business registration documents or other proof of identity and, in most cases, calls a phone number listed in a public business directory to confirm the request.
- What is verified: domain control plus organization identity.
- Typical issuance time: one to several business days, depending on how quickly verification documents and phone calls are completed.
- Best for: business sites that want visitors to see verified organization details in the certificate.
Extended Validation (EV)
Extended Validation certificates require the most thorough verification. The CA checks the organization's legal existence, physical address, and operational status, and confirms that the individual requesting the certificate is authorized by the organization.
- What is verified: domain control, organization identity, and the requester's authority to act for the organization.
- Typical issuance time: up to one week.
- Visual indicators: the certificate seal and the organization name in the browser's security details. The certificate is signed by the CA and lists the verified organization name.
Note: Most major browsers no longer display the green address bar that EV certificates were once known for. EV certificates still provide stronger identity assurance through the certificate's organization details, which visitors can view in the browser's security info.
Choosing a validation method
Method | What is verified | Typical issuance time | Best fit |
|---|---|---|---|
Domain Validation (DV) | Domain control only | Minutes | Personal sites, blogs, basic encryption |
Organization Validation (OV) | Domain control plus organization identity | One to several business days | Business sites that want verified organization details |
Extended Validation (EV) | Domain, organization, and requester authority | Up to one week | E-commerce, banking, and other high-trust sites |
Next steps
- Confirm contact requirements — see for the contacts and fields required by each certificate type.
- Review SSL fundamentals — see for a primer on how SSL encryption and identity verification work.
- Plan for shorter validation reuse periods — see for the reduced DV and OV reuse windows taking effect February 24, 2026.
Questions? Contact OpenSRS Support.
How helpful was this article?
Thanks for your feedback!
Do you still need help? If so please submit a request here.