There are three methods of validation performed:
- Domain-validated certificates:
Only the verified owner of the domain name can purchase an SSL certificate for the domain. Validation is in most cases done via email sent to the domain owner. Domain validated SSL certificates can be issued very quickly - often in minutes.
- Organization-validated certificates:
When corporate identity validation is important, an SSL Certificate for the organization assures customers that the website is trustworthy and secure. Only verified representatives of the organization may purchase these certificates, and business licenses or other proof is required. The Certificate Authority will verify through a phone call to ensure that the certificate request is legitimate.
- Extended Validation (EV) certificates:
With Extended Validation, as well as displaying the certificate seal, the address bar is displayed in green, providing customers with an extra level of confidence. The green address bar is a strong visual indication that the site has an Extended Validation Certificate. The Security Status bar displays the organization name and the name of the Certificate Authority (CA).
In order to be approved for an Extended Validation certificate, the certificate authority will actively check the Organization and the individual applying for the certificate. This is to verify that the Organization is positively the Organization they claim to be, and the individual requesting the certificate is someone who is authorized to request a digital certificate. Extended Validation may take as long as one week to complete.