Domain-validated certificate explained

A domain validated certificate (DV) is an X.509 public key certificate typically used for Transport Layer Security (TLS) where the domain name of the applicant is validated by proving some control over a DNS domain.[1] Domain validated certificates were first distributed by GeoTrust in 2002 before becoming a widely accepted method.[2]

Issuing criteria

The sole criterion for a domain validated certificate is proof of control over whois records, DNS records file, email or web hosting account of a domain. Typically control over a domain is determined using one of the following:

A domain validated certificate is distinct from an Extended Validation Certificate in that this is the only requirement for issuing the certificate.[3] In particular, domain validated certificates do not assure that any particular legal entity is connected to the certificate, even if the domain name may imply a particular legal entity controls the domain.

User interface

As of 2020, all major browsers user interfaces display EV and OV and DV certificates identically, but provide options to query the type of certificate via multiple clicks.

Characteristics

As the low assurance requirements allow domain validated certificates to be issued quickly without requiring human intervention, domain validated certificates have a number of unique characteristics:

See also

Notes and References

  1. Web site: What Are the Different Types of SSL Certificates?. Coclin. Dean. 2013-08-13. Certificate Authority Security Council. 2019-12-20.
  2. Web site: There's certs and certs – VeriSign badmouths rivals. www.theregister.com.
  3. Web site: What's the difference between DV, OV & EV SSL certificates?. 2021-09-05. www.digicert.com. en-US.