Sep 23, 2021
The improved domain validation process will reduce the number of validations required for the same domain contained in multiple certificates and allow faster validation for OV and EV certificates. Customers will be asked to perform domain validation for all domains via this new process, for both new orders and reissues, even if they were approved just prior to 1st June, 2020. We apologize for the short term inconvenience caused by this architectural change, the long term benefits to permitting full customer control over domain validation will outweigh this. We’d like to ask affected customers to make use of the improved process and prove domain control using the domain verification page. In cases where that is not possible, please contact GlobalSign Support.
GlobalSign is making significant improvements to the domain validation process for Partner and Retail OV and EV SSL Certificates through its GlobalSign Certificate Center (GCC) to reduce the time and effort needed to verify domains.
The process enables domain validation to be done entirely by the Applicant, Reseller, or other entity that has applicable domain permissions, which enables the domains to be validated in a matter of minutes. This is a proven process that has been used in our Managed SSL (MSSL) platform, and we're excited to extend it to our remaining GlobalSign SSL products!
As an overview, upon submission of an OV or EV order, the Applicant is provided with a link to their order-specific Domain Verification Page (DVP) where the domain validations can be performed. This page lists all SANs in the order and permits the Applicant to select and/or change the domain validation method for each SAN or each domain, and then instruct GCC to perform the validation. In the event that the domain was recently verified for the same Organization (same Applicant), the domain validation of the prior order will be re-used and the domain will appear as already approved!
The DVP link is provided in several different ways so you'll always be able to find it:
If you are still unable to locate the DVP, contact GlobalSign Support and we can send you your unique DVP URL. If you have any questions about the information presented here, please contact your Account Representative.
Once you've placed your OV or EV order you will receive a link to the DVP. For OV orders, it will look similar to this:
Before you begin domain validation, be sure you understand who placed the order and that you're approving domains for a legitimate order. Once you've done that, focus your attention on the Domain Verification Code (DVC) portion of the page.
SANs that share the same Domain Name will be grouped together so you can verify them all at once with a single domain verification step; those that don't share the same Domain Name will be listed individually. For each SAN in the table, you can select one of the domain validation methods listed below. Once GlobalSign has completed the Organizational validation and all of the domains have been approved, the Certificate will be issued. Organization validation and domain validation will happen in parallel.
The Email validation method allows you to validate a SAN by responding to a challenge sent to a specified email address.
Note: To perform domain verification using email validation method, kindly check the guidelines found here.
Note: The HTTP domain validation method will no longer be permitted for issuance of subdomains and wildcards effective - Nov 28th, 2021.
The HTTP validation method allows you to validate a SAN by uploading the supplied DVC to a specific website location.
Note: To perform domain verification using HTTP validation method, kindly check the guidelines found here.
The DNS validation method is useful for domain owners that have easy access to their DNS provider and can create a DNS TXT record.
Note: To perform domain verification using DNS validation method, kindly check the guidelines found here.
GlobalSign will automatically include a non-www SAN when customers request a Certificate with a CN that begins with 'www'. For example, if you request a Certificate with the common name of 'www.example.com,' we automatically include a SAN for 'example.com.' Customers may remove this extra SAN from the list by doing the following steps:
When you access the DVC section, a message at the top of the page will display, indicating the current Domain Verification Code has expired. Click the Generate New DVC button to generate a new domain verification code. The page will re-load and display the new DVC, with the message at the top of the page: "Domain Verification Code (DVC) Has Been Renewed." Any pending domains will need to be verified using this new DVC.
When you verify your SANs, they may go into an "In security review" status, which means GlobalSign Vetting Agents are conducting security checks against the SAN. If the SAN fails the security check, the SAN status will be updated and your order will be automatically cancelled. You must re-order the Certificate and not include that SAN in the order for the order to be processed.
Since you rely on seeing accurate Organization information when approving domains, it may be necessary on occasion to reset the domain validation status if Organization information changed during our organization-level verification process. We apologize in advance if this happened, but it's a necessary security step.